Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 23 Feb 2019 13:32:46 +0200
From:      Konstantin Belousov <kostikbel@gmail.com>
To:        Robert Ayrapetyan <robert.ayrapetyan@gmail.com>
Cc:        FreeBSD <freebsd-hackers@freebsd.org>
Subject:   Re: ptrace: SIGTRAP and EXIT race
Message-ID:  <20190223113246.GH2420@kib.kiev.ua>
In-Reply-To: <CAAboi9sXhagXE5RTOHiGB9Gs7G1Ruc8CN6VQq5%2BRWJ1VQfJp9Q@mail.gmail.com>
References:  <CAAboi9tT==FFXdqq9XG2v8Lxf8RBuTMx5ns4puZ-hjD5KecFsA@mail.gmail.com> <20190222101026.GX2420@kib.kiev.ua> <CAAboi9sXhagXE5RTOHiGB9Gs7G1Ruc8CN6VQq5%2BRWJ1VQfJp9Q@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, Feb 22, 2019 at 03:57:49PM -0800, Robert Ayrapetyan wrote:
> Hi, thanks for a prompt reply. Here are the instructions of how to
> reproduce (sorry for inconvenient way of specifying BP address when running
> app):
> 
> uname -a
> FreeBSD XXX 12.0-RELEASE-p3 FreeBSD 12.0-RELEASE-p3 GENERIC  amd64
> 
> cd /tmp
> git clone https://github.com/rayrapetyan/ptrace_bug_poc.git
> cd ptrace_bug_poc
> mkdir build
> cd build
> cmake ..
> make
> 
> Run ~20 times:
> 
> /tmp/ptrace_bug_poc/build/src/ptrace_test/ptrace_test
> /tmp/ptrace_bug_poc/build/src/mt_example/mt_example 0x201385
> 
> -------
> Note: make sure 0x201385 is a call to <printf@plt> in
> "/tmp/ptrace_bug_poc/build/src/mt_example/mt_example":
> gdb /tmp/ptrace_bug_poc/build/src/mt_example/mt_example
> disassemble foo
> -------
> 
> Wait fo appearance of:
> "BOOM! Invalid BP hits counter (hits: 1, tid: XXXX)"
> at the end of the output (most of the times it will be "SUCCESS")
> 

~700 lines of C++ code definitely do not fall under the 'minimal repro'
spec.  I do not to read all of it.

>From looking at Debugger::Launch(), it seems that you missed the
required debugger/child synchronization for PT_TRACE_ME. Typically child
does
	raise(SIGSTOP);
immediately after PT_TRACE_ME, and the tracer must consume this signal.
Otherwise the child continues the execution and might just execute the
place where you intend to set a breakpoint. I may missed the sync (or it
might be done by other means in your code), because as I said, I do not
want to read 700 lines of C++.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190223113246.GH2420>