Bug 228397 - PTRACE_PEEKUSR regression for i386/x86_64 unused words of struct user
PTRACE_PEEKUSR regression for i386/x86_64 unused words of struct user
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Roland McGrath
Brian Brock
: Regression
Depends On:
Blocks: 243319 222082
  Show dependency treegraph
Reported: 2007-02-12 16:21 EST by Roland McGrath
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version: RHBA-2007-0959
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-11-07 14:40:04 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Roland McGrath 2007-02-12 16:21:31 EST
Description of problem:

ptrace_peekusr fails with EIO for some calls that would just return a zero
result before.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.echo 'main(){syscall(9999,1,2,3,4,5,6);}' > badsys.c
2.gcc -m32 -o badsys badsys.c
3.strace ./badsys
Actual results:

ends with an error that ptrace failed with I/O error (EIO).

Expected results:

end of output should show:
syscall_9999(0x1, 0x2, 0x3, 0x4, 0x5, 0x6, ...
exit_group(0) ...

Additional info:

Fixed in upstream utrace.
Comment 1 Roland McGrath 2007-02-12 16:22:29 EST
This is a regression from RHEL4 and all prior kernels (except some FC6 kernels
with the same utrace bug).
Comment 2 Roland McGrath 2007-02-12 16:24:24 EST
I didn't actually test on x86_64, but the problem is the same there both for a
native -m64 compile of badsys, and for either 64-bit or 32-bit strace tracing
the -m32 compile.
Comment 3 RHEL Product and Program Management 2007-02-12 16:25:19 EST
This bugzilla has Keywords: Regression.  

Since no regressions are allowed between releases, 
it is also being proposed as a blocker for this release.  

Please resolve ASAP.
Comment 6 RHEL Product and Program Management 2007-06-20 08:31:47 EDT
This request was evaluated by Red Hat Kernel Team for inclusion in a Red
Hat Enterprise Linux maintenance release, and has moved to bugzilla 
status POST.
Comment 7 Don Zickus 2007-06-27 11:51:54 EDT
in 2.6.18-32.el5
You can download this test kernel from http://people.redhat.com/dzickus/el5
Comment 10 Mike Gahagan 2007-08-28 14:20:18 EDT
I can confirm the -EIO error on exit with the GA kernel, however with -43 kernel
I get slightly different output (I get an exit_group with a -1 rather than 0) 

[root@test183 ~]# echo 'main(){syscall(9999,1,2,3,4,5,6);}' > badsys.c
[root@test183 ~]# gcc -m32 -o badsys badsys.c
[root@test183 ~]# strace ./badsys
execve("./badsys", ["./badsys"], [/* 24 vars */]) = 0
brk(0)                                  = 0x81c5000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=56206, ...}) = 0
mmap2(NULL, 56206, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f78000
close(3)                                = 0
open("/lib/libc.so.6", O_RDONLY)        = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000\177:\0004\0\0\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1585788, ...}) = 0
mmap2(0x392000, 1308068, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
mmap2(0x4cc000, 12288, PROT_READ|PROT_WRITE,
-1, 0) = 0x4cf000
close(3)                                = 0
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7f766c0, limit:1048575,
seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0,
useable:1}) = 0
mprotect(0x4cc000, 8192, PROT_READ)     = 0
mprotect(0x38e000, 4096, PROT_READ)     = 0
munmap(0xb7f78000, 56206)               = 0
syscall_9999(0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0xffffffda, 0x7b, 0x7b, 0, 0x33,
0x270f, 0xd34402, 0x73, 0x246, 0xbff71118, 0x7b, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0) = -1 (errno 38)
exit_group(-1)                          = ?

Can someone confirm this is correct behavior or do we have another bug here?
Comment 11 Roland McGrath 2007-08-29 03:04:27 EDT
The test case lets main return a random stack value, so the exit_group argument
you see could be anything.  It doesn't matter.  You are testing that strace
itself gets no errors and prints the "syscall_9999" line.
Comment 13 errata-xmlrpc 2007-11-07 14:40:04 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.