From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 54293 invoked by alias); 26 Aug 2019 18:35:55 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Received: (qmail 54160 invoked by uid 89); 26 Aug 2019 18:35:55 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-30.5 required=5.0 tests=AWL,BAYES_00,ENV_AND_HDR_SPF_MATCH,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,RCVD_IN_DNSWL_NONE,SPF_PASS,USER_IN_DEF_SPF_WL autolearn=ham version=3.3.1 spammy= X-HELO: mail-oi1-f196.google.com Received: from mail-oi1-f196.google.com (HELO mail-oi1-f196.google.com) (209.85.167.196) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 26 Aug 2019 18:35:53 +0000 Received: by mail-oi1-f196.google.com with SMTP id b25so12926053oib.4 for ; Mon, 26 Aug 2019 11:35:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=nrwZUuqDrlDOi1cZzJ8WRasiIRvE2PDKl2LINV+UyRI=; b=sbmvt0SnKnaLL8JF/XYlIPM1JkEkiJvUEe598R2bnzh9Vv3zmHr5TgGLzFb6AX8DP8 3Zrs7ipG3AQbdWYIiWoB8jSenOdsM0GKkxTvmIesEbLmdtYOCQ1p3b7oKJkujmnoWGlx Cnl4okTtB4j6kpEM0w/1w0cT7WOorYM1dDAvbMc62vhKRjk+5luyIBxiH2d/lAgM7C1U aQQCBBOwI0TWxGL4M+4XeHShfAAIzAqU8SpRzLAYjjE51LGbZj4ejs6+1zPff4fAQSo0 NkMFNHwP24a9FGIgxD3v/j8dSDoKmaNCk65G48Dekt1aGtOueRysqyaLnHZXl4+6HakX Joag== MIME-Version: 1.0 References: <20190819032918.3536-1-sergiodj@redhat.com> <20190826183205.19008-1-sergiodj@redhat.com> In-Reply-To: <20190826183205.19008-1-sergiodj@redhat.com> From: "Christian Biesinger via gdb-patches" Reply-To: Christian Biesinger Date: Mon, 26 Aug 2019 18:35:00 -0000 Message-ID: Subject: Re: [PATCH v2] Improve ptrace-error detection on Linux targets To: Sergio Durigan Junior Cc: GDB Patches , Pedro Alves , Eli Zaretskii , Ruslan Kabatsayev Content-Type: text/plain; charset="UTF-8" X-IsSubscribed: yes X-SW-Source: 2019-08/txt/msg00602.txt.bz2 On Mon, Aug 26, 2019 at 1:32 PM Sergio Durigan Junior wrote: > @@ -30,11 +32,70 @@ > of 0 means there are no supported features. */ > static int supported_ptrace_options = -1; > > -/* Find all possible reasons we could fail to attach PID and return these > - as a string. An empty string is returned if we didn't find any reason. */ > +typedef int (*selinux_ftype) (const char *); > + > +/* Helper function which checks if ptrace is probably restricted > + (i.e., if ERR is either EACCES or EPERM), and returns a string with > + possible workarounds. */ > + > +static std::string > +linux_ptrace_restricted_fail_reason (int err) > +{ > + if (err != EACCES && err != EPERM) > + { > + /* It just makes sense to perform the checks below if errno was > + either EACCES or EPERM. */ > + return {}; > + } > + > + std::string ret; > + gdb_dlhandle_up handle = gdb_dlopen ("libselinux.so", true); I would dlopen libselinux.so.1 instead so that this works even without the -dev package. > + > + if (handle.get () != NULL) > + { > + selinux_ftype selinux_get_bool > + = (selinux_ftype) gdb_dlsym (handle, "security_get_boolean_active"); > + > + if (selinux_get_bool != NULL > + && (*selinux_get_bool) ("deny_ptrace") == 1) > + string_appendf (ret, > + _("\n\ > +The SELinux 'deny_ptrace' option is enabled and preventing GDB\n\ > +from using 'ptrace'. Please, disable it by executing (as root):\n\ > +\n\ > + setsebool deny_ptrace off\n")); > + } > + > + FILE *f = fopen ("/proc/sys/kernel/yama/ptrace_scope", "r"); > + > + if (f != NULL) > + { > + char yama_scope = fgetc (f); > + > + fclose (f); > + > + if (yama_scope != '0') > + string_appendf (ret, > + _("\n\ > +The Linux kernel's Yama ptrace scope is in effect, which can prevent\n\ > +GDB from using 'ptrace'. Please, disable it by executing (as root):\n\ > +\n\ > + echo 0 > /proc/sys/kernel/yama/ptrace_scope\n")); > + } > + > + if (ret.empty ()) > + ret = _("\n\ > +There might be restrictions preventing ptrace from working. Please see\n\ > +the appendix \"Linux kernel ptrace restrictions\" in the GDB documentation\n\ > +for more details.\n"); > + > + return ret; > +} > + > +/* See declaration in linux-ptrace.h. */ > > std::string > -linux_ptrace_attach_fail_reason (pid_t pid) > +linux_ptrace_attach_fail_reason (pid_t pid, int err) > { > pid_t tracerpid = linux_proc_get_tracerpid_nowarn (pid); > std::string result; > @@ -50,6 +111,11 @@ linux_ptrace_attach_fail_reason (pid_t pid) > "terminated"), > (int) pid); > > + std::string ptrace_restrict = linux_ptrace_restricted_fail_reason (err); > + > + if (!ptrace_restrict.empty ()) > + result += "\n" + ptrace_restrict; > + > return result; > } > > @@ -68,6 +134,14 @@ linux_ptrace_attach_fail_reason_string (ptid_t ptid, int err) > return string_printf ("%s (%d)", safe_strerror (err), err); > } > > +/* See linux-ptrace.h. */ > + > +std::string > +linux_ptrace_me_fail_reason (int err) > +{ > + return linux_ptrace_restricted_fail_reason (err); > +} > + > #if defined __i386__ || defined __x86_64__ > > /* Address of the 'ret' instruction in asm code block below. */ > @@ -321,7 +395,11 @@ linux_grandchild_function (void *child_stack) > static int > linux_child_function (void *child_stack) > { > - ptrace (PTRACE_TRACEME, 0, (PTRACE_TYPE_ARG3) 0, (PTRACE_TYPE_ARG4) 0); > + if (ptrace (PTRACE_TRACEME, 0, (PTRACE_TYPE_ARG3) 0, > + (PTRACE_TYPE_ARG4) 0) != 0) > + trace_start_error_with_name ("ptrace", > + linux_ptrace_me_fail_reason (errno).c_str ()); > + > kill (getpid (), SIGSTOP); > > /* Fork a grandchild. */ > diff --git a/gdb/nat/linux-ptrace.h b/gdb/nat/linux-ptrace.h > index fd2f12a342..04ada53bf6 100644 > --- a/gdb/nat/linux-ptrace.h > +++ b/gdb/nat/linux-ptrace.h > @@ -176,13 +176,26 @@ struct buffer; > # define TRAP_HWBKPT 4 > #endif > > -extern std::string linux_ptrace_attach_fail_reason (pid_t pid); > +/* Find all possible reasons we could fail to attach PID and return > + these as a string. An empty string is returned if we didn't find > + any reason. If ERR is EACCES or EPERM, we also add a warning about > + possible restrictions to use ptrace. */ > +extern std::string linux_ptrace_attach_fail_reason (pid_t pid, int err = -1); > > /* Find all possible reasons we could have failed to attach to PTID > and return them as a string. ERR is the error PTRACE_ATTACH failed > with (an errno). */ > extern std::string linux_ptrace_attach_fail_reason_string (ptid_t ptid, int err); > > +/* When the call to 'ptrace (PTRACE_TRACEME...' fails, and we have > + already forked, this function can be called in order to try to > + obtain the reason why ptrace failed. ERR should be the ERRNO value > + returned by ptrace. > + > + This function will return a 'std::string' containing the fail > + reason, or an empty string otherwise. */ > +extern std::string linux_ptrace_me_fail_reason (int err); > + > extern void linux_ptrace_init_warnings (void); > extern void linux_check_ptrace_features (void); > extern void linux_enable_event_reporting (pid_t pid, int attached); > -- > 2.21.0 >