Bug 228397 - PTRACE_PEEKUSR regression for i386/x86_64 unused words of struct user
Summary: PTRACE_PEEKUSR regression for i386/x86_64 unused words of struct user
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel   
(Show other bugs)
Version: 5.0
Hardware: i386 Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Roland McGrath
QA Contact: Brian Brock
URL:
Whiteboard:
Keywords: Regression
Depends On:
Blocks: 243319 222082
TreeView+ depends on / blocked
 
Reported: 2007-02-12 21:21 UTC by Roland McGrath
Modified: 2007-11-30 22:07 UTC (History)
1 user (show)

Fixed In Version: RHBA-2007-0959
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-07 19:40:04 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2007:0959 normal SHIPPED_LIVE Updated kernel packages for Red Hat Enterprise Linux 5 Update 1 2007-11-08 00:47:37 UTC

Description Roland McGrath 2007-02-12 21:21:31 UTC
Description of problem:

ptrace_peekusr fails with EIO for some calls that would just return a zero
result before.

Version-Release number of selected component (if applicable):


How reproducible:
100%

Steps to Reproduce:
1.echo 'main(){syscall(9999,1,2,3,4,5,6);}' > badsys.c
2.gcc -m32 -o badsys badsys.c
3.strace ./badsys
  
Actual results:

ends with an error that ptrace failed with I/O error (EIO).

Expected results:

end of output should show:
syscall_9999(0x1, 0x2, 0x3, 0x4, 0x5, 0x6, ...
exit_group(0) ...


Additional info:

Fixed in upstream utrace.

Comment 1 Roland McGrath 2007-02-12 21:22:29 UTC
This is a regression from RHEL4 and all prior kernels (except some FC6 kernels
with the same utrace bug).

Comment 2 Roland McGrath 2007-02-12 21:24:24 UTC
I didn't actually test on x86_64, but the problem is the same there both for a
native -m64 compile of badsys, and for either 64-bit or 32-bit strace tracing
the -m32 compile.

Comment 3 RHEL Product and Program Management 2007-02-12 21:25:19 UTC
This bugzilla has Keywords: Regression.  

Since no regressions are allowed between releases, 
it is also being proposed as a blocker for this release.  

Please resolve ASAP.

Comment 6 RHEL Product and Program Management 2007-06-20 12:31:47 UTC
This request was evaluated by Red Hat Kernel Team for inclusion in a Red
Hat Enterprise Linux maintenance release, and has moved to bugzilla 
status POST.

Comment 7 Don Zickus 2007-06-27 15:51:54 UTC
in 2.6.18-32.el5
You can download this test kernel from http://people.redhat.com/dzickus/el5

Comment 10 Mike Gahagan 2007-08-28 18:20:18 UTC
I can confirm the -EIO error on exit with the GA kernel, however with -43 kernel
I get slightly different output (I get an exit_group with a -1 rather than 0) 

[root@test183 ~]# echo 'main(){syscall(9999,1,2,3,4,5,6);}' > badsys.c
[root@test183 ~]# gcc -m32 -o badsys badsys.c
[root@test183 ~]# strace ./badsys
execve("./badsys", ["./badsys"], [/* 24 vars */]) = 0
brk(0)                                  = 0x81c5000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=56206, ...}) = 0
mmap2(NULL, 56206, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f78000
close(3)                                = 0
open("/lib/libc.so.6", O_RDONLY)        = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000\177:\0004\0\0\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1585788, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7f77000
mmap2(0x392000, 1308068, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x392000
mmap2(0x4cc000, 12288, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x139) = 0x4cc000
mmap2(0x4cf000, 9636, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS,
-1, 0) = 0x4cf000
close(3)                                = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7f76000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7f766c0, limit:1048575,
seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0,
useable:1}) = 0
mprotect(0x4cc000, 8192, PROT_READ)     = 0
mprotect(0x38e000, 4096, PROT_READ)     = 0
munmap(0xb7f78000, 56206)               = 0
syscall_9999(0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0xffffffda, 0x7b, 0x7b, 0, 0x33,
0x270f, 0xd34402, 0x73, 0x246, 0xbff71118, 0x7b, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0) = -1 (errno 38)
exit_group(-1)                          = ?

Can someone confirm this is correct behavior or do we have another bug here?


Comment 11 Roland McGrath 2007-08-29 07:04:27 UTC
The test case lets main return a random stack value, so the exit_group argument
you see could be anything.  It doesn't matter.  You are testing that strace
itself gets no errors and prints the "syscall_9999" line.

Comment 13 errata-xmlrpc 2007-11-07 19:40:04 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0959.html



Note You need to log in before you can comment on or make changes to this bug.