Bug 441871 - pstree fails to show most processes
Summary: pstree fails to show most processes
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: psmisc
Version: 8
Hardware: i386
OS: Linux
low
high
Target Milestone: ---
Assignee: Tomas Smetana
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-04-10 16:34 UTC by Emil Jerabek
Modified: 2008-04-29 20:58 UTC (History)
0 users

Fixed In Version: 22.6-2.1.fc8
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-04-29 20:58:17 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
expected output of pstree (1.38 KB, text/plain)
2008-04-10 16:34 UTC, Emil Jerabek
no flags Details
output of "ps ax" matching the given pstree output listings (6.47 KB, text/plain)
2008-04-10 16:36 UTC, Emil Jerabek
no flags Details
pstree output with debugging info (40.14 KB, text/plain)
2008-04-13 08:51 UTC, Emil Jerabek
no flags Details
patch (422 bytes, patch)
2008-04-13 08:51 UTC, Emil Jerabek
no flags Details | Diff

Description Emil Jerabek 2008-04-10 16:34:11 UTC
Description of problem:

At any given moment there are typically over 100 processes running on my system,
but pstree only shows a dozen or so. It makes no difference whether I am root or
an ordinary user, or which options I give to pstree. Trying "pstree PID" gives
no output at all if PID is one of those missed in the regular output of
"pstree". Most importantly, I checked that vanilla psmisc 22.6 from
psmisc.sourceforge.net works CORRECTLY, so the bug is Fedora specific.

Version-Release number of selected component (if applicable):
psmisc-22.6-2.fc8.i386.rpm

How reproducible:

always

Steps to Reproduce:
1. type "pstree -n" in shell (-n only sorts the output for easier comparison, it
does not affect the result otherwise)
2.
3.
  
Actual results:

init-+-udevd
     |-restorecond
     |-rpcbind
     |-rpc.statd
     |-rpc.idmapd
     |-pcscd
     |-rsyslogd---{rsyslogd}
     |-rklogd
     `-auditd---{auditd}


Expected results:

see attachment for example (obtained using vanilla psmisc)

Additional info:

I'm running kernel 2.6.24.3-50.fc8 on an Intel Core 2 Duo (T5450) machine.

Comment 1 Emil Jerabek 2008-04-10 16:34:11 UTC
Created attachment 302016 [details]
expected output of pstree

Comment 2 Emil Jerabek 2008-04-10 16:36:39 UTC
Created attachment 302018 [details]
output of "ps ax" matching the given pstree output listings

Comment 3 Tomas Smetana 2008-04-11 09:47:19 UTC
I've tried to reproduce the bug on several machines around but failed.

There are no Fedora specific patches in pstree (there is one patch in psmisc but
it just fixes an autoconf macro parameter).  Did you compile the "vanilla"
sources with --enable-selinux configure option?  Albeit unlikely, didn't you get
any AVC messages?

Comment 4 Emil Jerabek 2008-04-11 11:57:51 UTC
(In reply to comment #3)
> There are no Fedora specific patches in pstree (there is one patch in psmisc but
> it just fixes an autoconf macro parameter).

Hmm, now that's weird.

>  Did you compile the "vanilla"
> sources with --enable-selinux configure option?

I tried both, with and without --enable-selinux. It made no difference.

>  Albeit unlikely, didn't you get
> any AVC messages?

Didn't notice anything unusual, but I'll have a look on the logs when I get
home. I should mention that it runs SELinux in permissive mode.

Comment 5 Emil Jerabek 2008-04-13 08:49:40 UTC
SELinux is not directly involved.

After a bit of experimenting, I think I understand the root of the problem, it's
a sort of a buffer overflow.

The observed difference in behaviour of Fedora's and vanilla pstree is simply
due to CFLAGS, I can trigger the bug in the original package using

  ./configure --enable-selinux CFLAGS="-g -O2 -fstack-protector"

The offending code which the stack protector breaks seems to be around lines
610-620 in pstree.c:

            fread(readbuf, BUFSIZ, 1, file) ;
            if (ferror(file) == 0)
            {
              memset(comm, '\0', COMM_LEN+1);
              tmpptr = strrchr(readbuf, ')'); /* find last ) */
              /* We now have readbuf with pid and cmd, and tmpptr+2
               * with the rest */
              /*printf("readbuf: %s\n", readbuf);*/
              if (sscanf(readbuf, "%*d (%15[^)]", comm) == 1)
              {
                /*printf("tmpptr: %s\n", tmpptr+2);*/
                if (sscanf(tmpptr+2, "%*c %d", &ppid) == 1)
                {

The catch is that fread() does not null-terminate the string in readbuf. Thus in
unlucky circumstances, strrchr() may spill outside of the line just read (or
even outside of readbuf), and find the "last )" in the adjacent garbage. As such
a stray ) is not followed by the expected " status ppid", the second sscanf()
will fail to set ppid, and the process will get ignored.

In order to demonstrate the problem, I uncommented the two printf()s in the code
above, the output is attached. As you can see, everything goes fine until "2217
(audispd)", when a ) somehow gets at the end of readbuf, making tmpptr+2 the
empty string.

The bug can be easily cured by clearing readbuf before fread(), patch attached.

Should I report it upstream?


Comment 6 Emil Jerabek 2008-04-13 08:51:16 UTC
Created attachment 302258 [details]
pstree output with debugging info

Comment 7 Emil Jerabek 2008-04-13 08:51:56 UTC
Created attachment 302259 [details]
patch

Comment 8 Tomas Smetana 2008-04-14 05:57:42 UTC
This sounds reasonable and would explain the observed behaviour.  If the
attached patch solved your problem then I'd say it's beyond any dispute.  And
yes, this should be reported upstream -- please do so or let me know and I'll do
it.  I'll add your patch to the Fedora package and push to testing repository.

Thank you very much.

Comment 9 Fedora Update System 2008-04-14 12:25:20 UTC
psmisc-22.6-2.1.fc8 has been submitted as an update for Fedora 8

Comment 10 Emil Jerabek 2008-04-14 14:02:36 UTC
I've reported the problem and the patch as
http://sourceforge.net/tracker/index.php?func=detail&aid=1942031&group_id=15273&atid=315273

Comment 11 Fedora Update System 2008-04-17 03:54:22 UTC
psmisc-22.6-2.1.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update psmisc'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-3144

Comment 12 Fedora Update System 2008-04-29 20:58:15 UTC
psmisc-22.6-2.1.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.