Bug 228397 - PTRACE_PEEKUSR regression for i386/x86_64 unused words of struct user
PTRACE_PEEKUSR regression for i386/x86_64 unused words of struct user
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel (Show other bugs)
5.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Roland McGrath
Brian Brock
: Regression
Depends On:
Blocks: 243319 222082
  Show dependency treegraph
 
Reported: 2007-02-12 16:21 EST by Roland McGrath
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version: RHBA-2007-0959
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-07 14:40:04 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Roland McGrath 2007-02-12 16:21:31 EST
Description of problem:

ptrace_peekusr fails with EIO for some calls that would just return a zero
result before.

Version-Release number of selected component (if applicable):


How reproducible:
100%

Steps to Reproduce:
1.echo 'main(){syscall(9999,1,2,3,4,5,6);}' > badsys.c
2.gcc -m32 -o badsys badsys.c
3.strace ./badsys
  
Actual results:

ends with an error that ptrace failed with I/O error (EIO).

Expected results:

end of output should show:
syscall_9999(0x1, 0x2, 0x3, 0x4, 0x5, 0x6, ...
exit_group(0) ...


Additional info:

Fixed in upstream utrace.
Comment 1 Roland McGrath 2007-02-12 16:22:29 EST
This is a regression from RHEL4 and all prior kernels (except some FC6 kernels
with the same utrace bug).
Comment 2 Roland McGrath 2007-02-12 16:24:24 EST
I didn't actually test on x86_64, but the problem is the same there both for a
native -m64 compile of badsys, and for either 64-bit or 32-bit strace tracing
the -m32 compile.
Comment 3 RHEL Product and Program Management 2007-02-12 16:25:19 EST
This bugzilla has Keywords: Regression.  

Since no regressions are allowed between releases, 
it is also being proposed as a blocker for this release.  

Please resolve ASAP.
Comment 6 RHEL Product and Program Management 2007-06-20 08:31:47 EDT
This request was evaluated by Red Hat Kernel Team for inclusion in a Red
Hat Enterprise Linux maintenance release, and has moved to bugzilla 
status POST.
Comment 7 Don Zickus 2007-06-27 11:51:54 EDT
in 2.6.18-32.el5
You can download this test kernel from http://people.redhat.com/dzickus/el5
Comment 10 Mike Gahagan 2007-08-28 14:20:18 EDT
I can confirm the -EIO error on exit with the GA kernel, however with -43 kernel
I get slightly different output (I get an exit_group with a -1 rather than 0) 

[root@test183 ~]# echo 'main(){syscall(9999,1,2,3,4,5,6);}' > badsys.c
[root@test183 ~]# gcc -m32 -o badsys badsys.c
[root@test183 ~]# strace ./badsys
execve("./badsys", ["./badsys"], [/* 24 vars */]) = 0
brk(0)                                  = 0x81c5000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=56206, ...}) = 0
mmap2(NULL, 56206, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f78000
close(3)                                = 0
open("/lib/libc.so.6", O_RDONLY)        = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000\177:\0004\0\0\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1585788, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7f77000
mmap2(0x392000, 1308068, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x392000
mmap2(0x4cc000, 12288, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x139) = 0x4cc000
mmap2(0x4cf000, 9636, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS,
-1, 0) = 0x4cf000
close(3)                                = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7f76000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7f766c0, limit:1048575,
seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0,
useable:1}) = 0
mprotect(0x4cc000, 8192, PROT_READ)     = 0
mprotect(0x38e000, 4096, PROT_READ)     = 0
munmap(0xb7f78000, 56206)               = 0
syscall_9999(0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0xffffffda, 0x7b, 0x7b, 0, 0x33,
0x270f, 0xd34402, 0x73, 0x246, 0xbff71118, 0x7b, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0) = -1 (errno 38)
exit_group(-1)                          = ?

Can someone confirm this is correct behavior or do we have another bug here?
Comment 11 Roland McGrath 2007-08-29 03:04:27 EDT
The test case lets main return a random stack value, so the exit_group argument
you see could be anything.  It doesn't matter.  You are testing that strace
itself gets no errors and prints the "syscall_9999" line.
Comment 13 errata-xmlrpc 2007-11-07 14:40:04 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0959.html

Note You need to log in before you can comment on or make changes to this bug.