If a process executes an int3 (breakpoint) instruction while
another process is attaching to it, the SIGTRAP can be lost. This bug
is present in 2.4.0-test8 and 2.2.14.
Below is a program that demonstrates this behavior. It forks a
child that repeatedly executes an int3 and handles the SIGTRAP. The
parent repeatedly attaches and detaches to the child. Eventually the
SIGTRAP generated by the int3 is lost, and the child falls through (to
the fprintf).
Vic Zandy
#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
#include <errno.h>
#include <sys/ptrace.h>
long int dptrace(enum __ptrace_request req, pid_t pid,
void *addr, void *data)
{
int rv;
rv = ptrace(req, pid, addr, data);
if (0 > rv) {
perror("ptrace");
exit(1);
}
return rv;
}
void do_trace(int pid)
{
while (1) {
dptrace(PTRACE_ATTACH, pid, 0, 0);
waitpid(pid, 0, 0);
dptrace(PTRACE_DETACH, pid, 0, 0);
}
}
void handler(int sig, struct sigcontext uap)
{
uap.eip--;
}
void do_int3()
{
struct sigaction sa;
sa.sa_handler = (void (*)(int)) handler;
sigemptyset(&sa.sa_mask);
sa.sa_flags = 0;
sigaction(SIGTRAP, &sa, NULL);
asm("int3"); /* Should loop here */
fprintf(stderr, "Bug triggered\n");
}
int main(int argc, char *argv[])
{
int pid;
pid = fork();
if (pid)
do_trace(pid);
else
do_int3();
return 0;
}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
