From nobody Sun Apr 27 21:52:47 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Zm0gN1VT2z5vNfv; Sun, 27 Apr 2025 21:52:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Zm0gN00XVz3RLD; Sun, 27 Apr 2025 21:52:48 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1745790768; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=LhIeOFfhyW7DvPv2wTN5hK1S7NXJzR5ksUEtoItKMKI=; b=rvlefjDo8KZEbjtjLy1RmPb8eot68GwLWMjbWGe9/ZLHPwyuK5R2nXNM28ZGc/ShQEw9P1 9cpWXdZk9KQNYoOwnGFJdMdG2CEfVO4I1eI2HnDfqomtZwqSTGUPWEy1K9AMQzg9EpWqXW JaOb9yDs1dKqZthrjTu+iNu4zDhP+bYi1MBRCL1D01sbecgu0qpSUNTRj4kpWiOb9zpepo k1T2fzbd3hb6fFmKlltq67PxGN3ETYrylBdt0enG4MRv+cn+saYnIgCZvh8LDC/BfQMSNa 0+ZKK0gYLcU2M8J5cPqCfylDUBBuDbd0Rrcuq3JWlYzN/gwKncAtyBOX1+BBJQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1745790768; a=rsa-sha256; cv=none; b=t9KNsW5RVH+syGvRQnp6u+deWrEjPx0O/py+tr50SOzLQHpVbKE6bAQp5lvDFcZ0vOZ5ML lYkfRruoWtkSWECKuYROsS8AK2KgnMV9RgSL57D4kpj94Ei/EoF4lydSonvSmOWTk+x/nw tdWRD8yxQzXHCv+OtlYUpahKocB9QHE39Qu/uJF3ZRymMmfnmYeGGFbpMEIGY/gNVrs9Ec /QzphnslGK0iRb5sioYKCRhBQwp54ma6WQ5Yt0tGsFptE7npINKHBAgp4PQ6O0IvDzehNT RfH/TFDyti9xZcRZuJJAcPsPC3buj2djDVI7p1ENicE/idWe8/o9BHxejJCT8A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1745790768; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=LhIeOFfhyW7DvPv2wTN5hK1S7NXJzR5ksUEtoItKMKI=; b=cnOMgmskoetmJ7MvS1WeSuzZ44trsEtN56vfVsr8LXwJeRpofvSK/oyCTDugQNV9ckmAI+ e2ckl9YGA9a3T+iknnwkhhcLUnscv+8tIBkFpememknqQnVwyNbmi3rLC8YZ+RxG+8ehiG EtlPkmBEJ4JgHLxpdHn1cg9iuXSyEdZlacC/COiOtmTxbd+C08ukeV31QzQe6RXSPk2M8T 0m6ZSgW9fiEkGkdsvkp417mXJsIFWQDOi83zrSaQY+EBrLQs0F4Ry8XIIyyIAGdg6JELo1 LSe9ydPwfeIqDm5crNlrclgx1aH2e6eqvTaxpUFMzQw4XH/AE1IfjnkFooRfLg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Zm0gM5kkKz1McB; Sun, 27 Apr 2025 21:52:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 53RLqlEh093894; Sun, 27 Apr 2025 21:52:47 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 53RLqlAt093891; Sun, 27 Apr 2025 21:52:47 GMT (envelope-from git) Date: Sun, 27 Apr 2025 21:52:47 GMT Message-Id: <202504272152.53RLqlAt093891@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Konstantin Belousov Subject: git: b63281884e0e - main - ptrace(): p_xthread could be NULL for P_STOPPED_TRACE List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: b63281884e0e1530de999723532f2d536cb32477 Auto-Submitted: auto-generated The branch main has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=b63281884e0e1530de999723532f2d536cb32477 commit b63281884e0e1530de999723532f2d536cb32477 Author: Konstantin Belousov AuthorDate: 2025-04-20 23:19:35 +0000 Commit: Konstantin Belousov CommitDate: 2025-04-27 21:52:04 +0000 ptrace(): p_xthread could be NULL for P_STOPPED_TRACE Suppose that ptrace(PT_ATTACH) is called on mt process, and the thread arbitrary selected as leader (p_xthread) by the attach code, is already in kernel preparing to exit as the process lock becomes available. Then the thread_exit() function clears p->p_xthread, and we end up with the traced signal-stopped process with NULL p_xthread. This state is legitimate, and really p_xthread must point to a thread that is inside ptracestop(). If p_xthread is NULL, but ptrace code requires some leader thread, arbitrarly designate it as needed. Reported and tested by: pho Reviewed by: markj Sponsored by: The FreeBSD Foundation MFC after: 2 weeks Differential revision: https://reviews.freebsd.org/D49961 --- sys/kern/sys_process.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/sys/kern/sys_process.c b/sys/kern/sys_process.c index 5126f34e3dc3..69ea3d97d505 100644 --- a/sys/kern/sys_process.c +++ b/sys/kern/sys_process.c @@ -930,12 +930,10 @@ kern_ptrace(struct thread *td, int req, pid_t pid, void *addr, int data) } if (tid == 0) { - if ((p->p_flag & P_STOPPED_TRACE) != 0) { - KASSERT(p->p_xthread != NULL, ("NULL p_xthread")); + if ((p->p_flag & P_STOPPED_TRACE) != 0) td2 = p->p_xthread; - } else { + if (td2 == NULL) td2 = FIRST_THREAD_IN_PROC(p); - } tid = td2->td_tid; } @@ -1322,16 +1320,19 @@ kern_ptrace(struct thread *td, int req, pid_t pid, void *addr, int data) /* * Clear the pending event for the thread that just - * reported its event (p_xthread). This may not be - * the thread passed to PT_CONTINUE, PT_STEP, etc. if - * the debugger is resuming a different thread. + * reported its event (p_xthread), if any. This may + * not be the thread passed to PT_CONTINUE, PT_STEP, + * etc. if the debugger is resuming a different + * thread. There might be no reporting thread if + * the process was just attached. * * Deliver any pending signal via the reporting thread. */ - MPASS(p->p_xthread != NULL); - p->p_xthread->td_dbgflags &= ~TDB_XSIG; - p->p_xthread->td_xsig = data; - p->p_xthread = NULL; + if (p->p_xthread != NULL) { + p->p_xthread->td_dbgflags &= ~TDB_XSIG; + p->p_xthread->td_xsig = data; + p->p_xthread = NULL; + } p->p_xsig = data; /*