ptrace: SIGTRAP and EXIT race
Konstantin Belousov
kostikbel at gmail.com
Sat Feb 23 11:32:55 UTC 2019
On Fri, Feb 22, 2019 at 03:57:49PM -0800, Robert Ayrapetyan wrote:
> Hi, thanks for a prompt reply. Here are the instructions of how to
> reproduce (sorry for inconvenient way of specifying BP address when running
> app):
>
> uname -a
> FreeBSD XXX 12.0-RELEASE-p3 FreeBSD 12.0-RELEASE-p3 GENERIC amd64
>
> cd /tmp
> git clone https://github.com/rayrapetyan/ptrace_bug_poc.git
> cd ptrace_bug_poc
> mkdir build
> cd build
> cmake ..
> make
>
> Run ~20 times:
>
> /tmp/ptrace_bug_poc/build/src/ptrace_test/ptrace_test
> /tmp/ptrace_bug_poc/build/src/mt_example/mt_example 0x201385
>
> -------
> Note: make sure 0x201385 is a call to <printf at plt> in
> "/tmp/ptrace_bug_poc/build/src/mt_example/mt_example":
> gdb /tmp/ptrace_bug_poc/build/src/mt_example/mt_example
> disassemble foo
> -------
>
> Wait fo appearance of:
> "BOOM! Invalid BP hits counter (hits: 1, tid: XXXX)"
> at the end of the output (most of the times it will be "SUCCESS")
>
~700 lines of C++ code definitely do not fall under the 'minimal repro'
spec. I do not to read all of it.
>From looking at Debugger::Launch(), it seems that you missed the
required debugger/child synchronization for PT_TRACE_ME. Typically child
does
raise(SIGSTOP);
immediately after PT_TRACE_ME, and the tracer must consume this signal.
Otherwise the child continues the execution and might just execute the
place where you intend to set a breakpoint. I may missed the sync (or it
might be done by other means in your code), because as I said, I do not
want to read 700 lines of C++.
More information about the freebsd-hackers
mailing list