Page MenuHomeFreeBSD

Fix handling of p_xthread
ClosedPublic

Authored by kib on Apr 22 2025, 3:55 PM.
Tags
None
Referenced Files
F133470583: D49961.id154357.diff
Sun, Oct 26, 12:58 AM
F133461829: D49961.id154095.diff
Sat, Oct 25, 11:35 PM
F133461819: D49961.id154095.diff
Sat, Oct 25, 11:35 PM
Unknown Object (File)
Fri, Oct 24, 5:24 AM
Unknown Object (File)
Sat, Oct 18, 11:29 AM
Unknown Object (File)
Tue, Oct 7, 1:13 PM
Unknown Object (File)
Sat, Oct 4, 8:29 AM
Unknown Object (File)
Fri, Oct 3, 5:25 PM
Subscribers

Details

Summary
ptrace(): p_xthread could be NULL for P_STOPPED_TRACE

Suppose that ptrace(PT_ATTACH) is called on mt process, and the thread
arbitrary selected as leader (p_xthread) by the attach code, is already
in kernel preparing to exit as the process lock becomes available.  Then
the thread_exit() function clears p->p_xthread, and we end up with the
traced signal-stopped process with NULL p_xthread.

This state is legitimate, and really p_xthread must point to a thread
that is inside ptracestop().  If p_xthread is NULL, but ptrace code
requires some leader thread, arbitrarly designate it as needed.

Reported and tested by: pho

sig_handle_first_stop(): allow NULL leader thread

Remove the ext argument, the ext condition is indicated by NULL td.
If the td argument is NULL, p_xthread is set to NULL, for initial
attach. Previous commit prepared ptrace() code for the case.

sig_suspend_thread() only uses the td arg to avoid interrupting the
current thread as micro-optimization, so it is fine to pass NULL.

Tested by:      pho

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

kib requested review of this revision.Apr 22 2025, 3:55 PM
kib retitled this revision from Fix handling of td_xthread to Fix handling of p_xthread.Apr 22 2025, 7:57 PM

Is this a regression from the previous ptrace commits, or was it a preexisting bug? If the proc is preparing to exit, why not abort the attach?

sys/kern/sys_process.c
1323–1327

This comment should be updated to explain the case p_xthread == NULL.

kib marked an inline comment as done.Apr 26 2025, 5:40 PM

Is this a regression from the previous ptrace commits, or was it a preexisting bug?

This is a regression.

If the proc is preparing to exit, why not abort the attach?

It is not proc that exiting (in this case we do not allow attach indeed). It is the thread that was selected for p_xthread without going into ptracestop() that could be exiting, but it is not yet recorded in the thread state.

This revision is now accepted and ready to land.Apr 27 2025, 2:08 PM