[Bug gdb/31528] New: [gdb, kernel.yama.ptrace_scope=1] FAIL: gdb.base/attach-deleted-exec.exp: attach to process with deleted executable

[Bug gdb/31528] New: [gdb, kernel.yama.ptrace_scope=1] FAIL: gdb.base/attach-deleted-exec.exp: attach to process with deleted executable

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31528

            Bug ID: 31528
           Summary: [gdb, kernel.yama.ptrace_scope=1] FAIL:
                    gdb.base/attach-deleted-exec.exp: attach to process
                    with deleted executable
           Product: gdb
           Version: HEAD
            Status: NEW
          Severity: normal
          Priority: P2
         Component: gdb
          Assignee: unassigned at sourceware dot org
          Reporter: vries at gcc dot gnu.org
  Target Milestone: ---

When kernel.yama.ptrace_scope is set to 1, we have limited ptrace attach
capability, and run into:
...
(gdb) attach 27383^M
Attaching to process 27383^M
ptrace: Operation not permitted.^M
(gdb) FAIL: gdb.base/attach-deleted-exec.exp: attach to process with deleted
executable
...

We need to be either root or use some special commands to acquire ptrace
capability (see PR31520).

With root, we have:
...
(gdb) attach 28678^M
Attaching to process 28678^M
Reading symbols from /proc/28678/exe...^M
Reading symbols from /lib64/libm.so.6...^M
(No debugging symbols found in /lib64/libm.so.6)^M
Reading symbols from /lib64/libc.so.6...^M
(No debugging symbols found in /lib64/libc.so.6)^M
Reading symbols from /lib64/ld-linux-x86-64.so.2...^M
(No debugging symbols found in /lib64/ld-linux-x86-64.so.2)^M
0x00007fc13de420ca in clock_nanosleep@GLIBC_2.2.5 () from /lib64/libc.so.6^M
(gdb) PASS: gdb.base/attach-deleted-exec.exp: attach to process with deleted
executable
...

But with the script from PR31520, we run into:
...
(gdb) attach 29113^M
Attaching to process 29113^M
No executable file now.^M
warning: Could not load vsyscall page because no executable was specified^M
0x00007f92f00ae0ca in ?? ()^M
(gdb) FAIL: gdb.base/attach-deleted-exec.exp: attach to process with deleted
executable
...
because:
...
access("/proc/29113/exe", R_OK)         = -1 EACCES (Permission denied)
...

If we modify the code to skip the access check:
...
diff --git a/gdb/nat/linux-procfs.c b/gdb/nat/linux-procfs.c
index b17e3120792..2b890ce1387 100644
--- a/gdb/nat/linux-procfs.c
+++ b/gdb/nat/linux-procfs.c
@@ -352,9 +352,8 @@ linux_proc_pid_to_exec_file (int pid)
   else
     buf[len] = '\0';

-  /* Use /proc/PID/exe if the actual file can't be read, but /proc/PID/exe
-     can be.  */
-  if (access (buf, R_OK) != 0 && access (name, R_OK) == 0)
+  /* Use /proc/PID/exe if the actual file can't be read.  */
+  if (access (buf, R_OK) != 0)
     strcpy (buf, name);

   return buf;
...
the test passes:
...
(gdb) attach 29927^M
Attaching to process 29927^M
Reading symbols from /proc/29927/exe...^M
Reading symbols from /lib64/libm.so.6...^M
(No debugging symbols found in /lib64/libm.so.6)^M
Reading symbols from /lib64/libc.so.6...^M
(No debugging symbols found in /lib64/libc.so.6)^M
Reading symbols from /lib64/ld-linux-x86-64.so.2...^M
(No debugging symbols found in /lib64/ld-linux-x86-64.so.2)^M
0x00007f686bb670ca in clock_nanosleep@GLIBC_2.2.5 () from /lib64/libc.so.6^M
(gdb) PASS: gdb.base/attach-deleted-exec.exp: attach to process with deleted
executable
...

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gdb/31528] [gdb, kernel.yama.ptrace_scope=1] FAIL: gdb.base/attach-deleted-exec.exp: attach to process with deleted executable

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31528

--- Comment #1 from Tom de Vries <vries at gcc dot gnu.org> ---
I've filed a PR ( https://bugzilla.suse.com/show_bug.cgi?id=1221867 ), hoping
to get some feedback on whether the kernel behaves as expected or not.

Regardless, it seems that using readlink in linux_proc_pid_to_exec_file may be
a problem in itself, see:
- https://bugzilla.suse.com/show_bug.cgi?id=1216352 
- https://bugzilla.kernel.org/show_bug.cgi?id=211593
so maybe this needs fixing first.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gdb/31528] [gdb, kernel.yama.ptrace_scope=1] FAIL: gdb.base/attach-deleted-exec.exp: attach to process with deleted executable

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31528

--- Comment #2 from Tom de Vries <vries at gcc dot gnu.org> ---
(In reply to Tom de Vries from comment #1)
> Regardless, it seems that using readlink in linux_proc_pid_to_exec_file may
> be a problem in itself, see:
> - https://bugzilla.suse.com/show_bug.cgi?id=1216352 
> - https://bugzilla.kernel.org/show_bug.cgi?id=211593
> so maybe this needs fixing first.

Which would be fixed by:
...
diff --git a/gdb/nat/linux-procfs.c b/gdb/nat/linux-procfs.c
index b17e3120792..2f8a3b961f7 100644
--- a/gdb/nat/linux-procfs.c
+++ b/gdb/nat/linux-procfs.c
@@ -342,20 +342,7 @@ const char *
 linux_proc_pid_to_exec_file (int pid)
 {
   static char buf[PATH_MAX];
-  char name[PATH_MAX];
-  ssize_t len;
-
-  xsnprintf (name, PATH_MAX, "/proc/%d/exe", pid);
-  len = readlink (name, buf, PATH_MAX - 1);
-  if (len <= 0)
-    strcpy (buf, name);
-  else
-    buf[len] = '\0';
-
-  /* Use /proc/PID/exe if the actual file can't be read, but /proc/PID/exe
-     can be.  */
-  if (access (buf, R_OK) != 0 && access (name, R_OK) == 0)
-    strcpy (buf, name);
+  xsnprintf (buf, PATH_MAX, "/proc/%d/exe", pid);

   return buf;
 }
...

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gdb/31528] [gdb, kernel.yama.ptrace_scope=1] FAIL: gdb.base/attach-deleted-exec.exp: attach to process with deleted executable

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31528

Tom de Vries <vries at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |aburgess at redhat dot com

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gdb/31528] [gdb, kernel.yama.ptrace_scope=1] FAIL: gdb.base/attach-deleted-exec.exp: attach to process with deleted executable

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31528

--- Comment #3 from Tom de Vries <vries at gcc dot gnu.org> ---
(In reply to Tom de Vries from comment #0)
> If we modify the code to skip the access check:
> ...
> diff --git a/gdb/nat/linux-procfs.c b/gdb/nat/linux-procfs.c
> index b17e3120792..2b890ce1387 100644
> --- a/gdb/nat/linux-procfs.c
> +++ b/gdb/nat/linux-procfs.c
> @@ -352,9 +352,8 @@ linux_proc_pid_to_exec_file (int pid)
>    else
>      buf[len] = '\0';
>  
> -  /* Use /proc/PID/exe if the actual file can't be read, but /proc/PID/exe
> -     can be.  */
> -  if (access (buf, R_OK) != 0 && access (name, R_OK) == 0)
> +  /* Use /proc/PID/exe if the actual file can't be read.  */
> +  if (access (buf, R_OK) != 0)
>      strcpy (buf, name);
>  
>    return buf;
> ...
> the test passes:

Fix submitted:
https://sourceware.org/pipermail/gdb-patches/2024-March/207532.html

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug gdb/31528] [gdb, kernel.yama.ptrace_scope=1] FAIL: gdb.base/attach-deleted-exec.exp: attach to process with deleted executable

[vries at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=31528

--- Comment #4 from Tom de Vries <vries at gcc dot gnu.org> ---
(In reply to Tom de Vries from comment #2)
> (In reply to Tom de Vries from comment #1)
> > Regardless, it seems that using readlink in linux_proc_pid_to_exec_file may
> > be a problem in itself, see:
> > - https://bugzilla.suse.com/show_bug.cgi?id=1216352 
> > - https://bugzilla.kernel.org/show_bug.cgi?id=211593
> > so maybe this needs fixing first.
> 
> Which would be fixed by:
> ...
> diff --git a/gdb/nat/linux-procfs.c b/gdb/nat/linux-procfs.c
> index b17e3120792..2f8a3b961f7 100644
> --- a/gdb/nat/linux-procfs.c
> +++ b/gdb/nat/linux-procfs.c
> @@ -342,20 +342,7 @@ const char *
>  linux_proc_pid_to_exec_file (int pid)
>  {
>    static char buf[PATH_MAX];
> -  char name[PATH_MAX];
> -  ssize_t len;
> -
> -  xsnprintf (name, PATH_MAX, "/proc/%d/exe", pid);
> -  len = readlink (name, buf, PATH_MAX - 1);
> -  if (len <= 0)
> -    strcpy (buf, name);
> -  else
> -    buf[len] = '\0';
> -
> -  /* Use /proc/PID/exe if the actual file can't be read, but /proc/PID/exe
> -     can be.  */
> -  if (access (buf, R_OK) != 0 && access (name, R_OK) == 0)
> -    strcpy (buf, name);
> +  xsnprintf (buf, PATH_MAX, "/proc/%d/exe", pid);
>  
>    return buf;
>  }
> ...

This turned out to be more complicated that I thought, so I've recorded this as
a fixme in the submitted patch.

-- 
You are receiving this mail because:
You are on the CC list for the bug.