Bug 441871 - pstree fails to show most processes
pstree fails to show most processes
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: psmisc (Show other bugs)
8
i386 Linux
low Severity high
: ---
: ---
Assigned To: Tomas Smetana
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-04-10 12:34 EDT by Emil Jerabek
Modified: 2008-04-29 16:58 EDT (History)
0 users

See Also:
Fixed In Version: 22.6-2.1.fc8
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-04-29 16:58:17 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
expected output of pstree (1.38 KB, text/plain)
2008-04-10 12:34 EDT, Emil Jerabek
no flags Details
output of "ps ax" matching the given pstree output listings (6.47 KB, text/plain)
2008-04-10 12:36 EDT, Emil Jerabek
no flags Details
pstree output with debugging info (40.14 KB, text/plain)
2008-04-13 04:51 EDT, Emil Jerabek
no flags Details
patch (422 bytes, patch)
2008-04-13 04:51 EDT, Emil Jerabek
no flags Details | Diff

  None (edit)
Description Emil Jerabek 2008-04-10 12:34:11 EDT
Description of problem:

At any given moment there are typically over 100 processes running on my system,
but pstree only shows a dozen or so. It makes no difference whether I am root or
an ordinary user, or which options I give to pstree. Trying "pstree PID" gives
no output at all if PID is one of those missed in the regular output of
"pstree". Most importantly, I checked that vanilla psmisc 22.6 from
psmisc.sourceforge.net works CORRECTLY, so the bug is Fedora specific.

Version-Release number of selected component (if applicable):
psmisc-22.6-2.fc8.i386.rpm

How reproducible:

always

Steps to Reproduce:
1. type "pstree -n" in shell (-n only sorts the output for easier comparison, it
does not affect the result otherwise)
2.
3.
  
Actual results:

init-+-udevd
     |-restorecond
     |-rpcbind
     |-rpc.statd
     |-rpc.idmapd
     |-pcscd
     |-rsyslogd---{rsyslogd}
     |-rklogd
     `-auditd---{auditd}


Expected results:

see attachment for example (obtained using vanilla psmisc)

Additional info:

I'm running kernel 2.6.24.3-50.fc8 on an Intel Core 2 Duo (T5450) machine.
Comment 1 Emil Jerabek 2008-04-10 12:34:11 EDT
Created attachment 302016 [details]
expected output of pstree
Comment 2 Emil Jerabek 2008-04-10 12:36:39 EDT
Created attachment 302018 [details]
output of "ps ax" matching the given pstree output listings
Comment 3 Tomas Smetana 2008-04-11 05:47:19 EDT
I've tried to reproduce the bug on several machines around but failed.

There are no Fedora specific patches in pstree (there is one patch in psmisc but
it just fixes an autoconf macro parameter).  Did you compile the "vanilla"
sources with --enable-selinux configure option?  Albeit unlikely, didn't you get
any AVC messages?
Comment 4 Emil Jerabek 2008-04-11 07:57:51 EDT
(In reply to comment #3)
> There are no Fedora specific patches in pstree (there is one patch in psmisc but
> it just fixes an autoconf macro parameter).

Hmm, now that's weird.

>  Did you compile the "vanilla"
> sources with --enable-selinux configure option?

I tried both, with and without --enable-selinux. It made no difference.

>  Albeit unlikely, didn't you get
> any AVC messages?

Didn't notice anything unusual, but I'll have a look on the logs when I get
home. I should mention that it runs SELinux in permissive mode.
Comment 5 Emil Jerabek 2008-04-13 04:49:40 EDT
SELinux is not directly involved.

After a bit of experimenting, I think I understand the root of the problem, it's
a sort of a buffer overflow.

The observed difference in behaviour of Fedora's and vanilla pstree is simply
due to CFLAGS, I can trigger the bug in the original package using

  ./configure --enable-selinux CFLAGS="-g -O2 -fstack-protector"

The offending code which the stack protector breaks seems to be around lines
610-620 in pstree.c:

            fread(readbuf, BUFSIZ, 1, file) ;
            if (ferror(file) == 0)
            {
              memset(comm, '\0', COMM_LEN+1);
              tmpptr = strrchr(readbuf, ')'); /* find last ) */
              /* We now have readbuf with pid and cmd, and tmpptr+2
               * with the rest */
              /*printf("readbuf: %s\n", readbuf);*/
              if (sscanf(readbuf, "%*d (%15[^)]", comm) == 1)
              {
                /*printf("tmpptr: %s\n", tmpptr+2);*/
                if (sscanf(tmpptr+2, "%*c %d", &ppid) == 1)
                {

The catch is that fread() does not null-terminate the string in readbuf. Thus in
unlucky circumstances, strrchr() may spill outside of the line just read (or
even outside of readbuf), and find the "last )" in the adjacent garbage. As such
a stray ) is not followed by the expected " status ppid", the second sscanf()
will fail to set ppid, and the process will get ignored.

In order to demonstrate the problem, I uncommented the two printf()s in the code
above, the output is attached. As you can see, everything goes fine until "2217
(audispd)", when a ) somehow gets at the end of readbuf, making tmpptr+2 the
empty string.

The bug can be easily cured by clearing readbuf before fread(), patch attached.

Should I report it upstream?
Comment 6 Emil Jerabek 2008-04-13 04:51:16 EDT
Created attachment 302258 [details]
pstree output with debugging info
Comment 7 Emil Jerabek 2008-04-13 04:51:56 EDT
Created attachment 302259 [details]
patch
Comment 8 Tomas Smetana 2008-04-14 01:57:42 EDT
This sounds reasonable and would explain the observed behaviour.  If the
attached patch solved your problem then I'd say it's beyond any dispute.  And
yes, this should be reported upstream -- please do so or let me know and I'll do
it.  I'll add your patch to the Fedora package and push to testing repository.

Thank you very much.
Comment 9 Fedora Update System 2008-04-14 08:25:20 EDT
psmisc-22.6-2.1.fc8 has been submitted as an update for Fedora 8
Comment 10 Emil Jerabek 2008-04-14 10:02:36 EDT
I've reported the problem and the patch as
http://sourceforge.net/tracker/index.php?func=detail&aid=1942031&group_id=15273&atid=315273
Comment 11 Fedora Update System 2008-04-16 23:54:22 EDT
psmisc-22.6-2.1.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update psmisc'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-3144
Comment 12 Fedora Update System 2008-04-29 16:58:15 EDT
psmisc-22.6-2.1.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.