From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 97237 invoked by alias); 23 Mar 2017 13:42:55 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Received: (qmail 97217 invoked by uid 89); 23 Mar 2017 13:42:55 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-25.0 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 spammy= X-HELO: mail-wr0-f171.google.com Received: from mail-wr0-f171.google.com (HELO mail-wr0-f171.google.com) (209.85.128.171) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 23 Mar 2017 13:42:53 +0000 Received: by mail-wr0-f171.google.com with SMTP id l37so147907901wrc.1 for ; Thu, 23 Mar 2017 06:42:54 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=iH7aKv28de+Z95oNB33vI3mIcFYHYYGgGigWCfzO+j0=; b=rAt7BDoVxzmJmHxEMQlScdx/0+cXkrAXdRLEvEmT87S5KFrqGwSCbn/yppxlIb3gnU 1TfQhcG+zkKDIP+IyR0Uebj/O5k5xuHbM9kyDA3JHY9TB00ClIyaaIYJnCfgPRitiBp+ y+6zqtY1c3UwnGHGQKyOklcPqjlYzW/J3wkgzsGFRjia5iDEjtdkwmvRt3/UR9Hg3qoG 8CT9Z/JmEKdJrjxwa7OEJVBstITN0eaRtp+cHDrpH5HzwRvVcb9pQ5AerHaqXmSfUTum 2KGiSeNCPsnNdvatjJEpAUXRE6LeJ+87q1NmLLPNWjUwCvVHJV9n3EVxKp3rgWKXyamg fCsA== X-Gm-Message-State: AFeK/H3csTdWB/shYZkHMIGxY5HqFDk5Rs18YYNEWNjotJT26xjMz9OEYspXlI9k+6JhtwBX X-Received: by 10.223.153.65 with SMTP id x59mr2683698wrb.55.1490276572779; Thu, 23 Mar 2017 06:42:52 -0700 (PDT) Received: from [192.168.0.101] ([37.189.166.198]) by smtp.gmail.com with ESMTPSA id z21sm5927269wrz.31.2017.03.23.06.42.51 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 23 Mar 2017 06:42:51 -0700 (PDT) Subject: Re: [PATCH v2] Fix read after xfree in linux_nat_detach To: Philipp Rudo References: <20170322131132.98976-1-prudo@linux.vnet.ibm.com> <20170322131132.98976-2-prudo@linux.vnet.ibm.com> <1ba8e9a2-2155-cab4-a530-ef7344a40c33@redhat.com> <20170322181652.6d145e7f@ThinkPad> <4fd5805f-7763-9548-d743-45dd2aa1b17c@redhat.com> <20170323141724.1707affa@ThinkPad> Cc: gdb-patches@sourceware.org From: Pedro Alves Message-ID: <02be13b3-1711-545a-921c-80c4fd2da2e0@redhat.com> Date: Thu, 23 Mar 2017 13:42:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <20170323141724.1707affa@ThinkPad> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-SW-Source: 2017-03/txt/msg00414.txt.bz2 OK. On 03/23/2017 01:17 PM, Philipp Rudo wrote: > On Wed, 22 Mar 2017 17:26:27 +0000 > Pedro Alves wrote: > >> On 03/22/2017 05:16 PM, Philipp Rudo wrote: >> >>> Looks like we can get simply rid of it. I'll see that I get a test >>> case running which forks to verify it, tomorrow. >> >> This forks handling is the support for the "checkpoint" & >> friends commands, covered by gdb.base/checkpoint.exp. >> Doesn't seem to exercise detach yet though, unfortunately. > > I double checked, the same bug also happens when checkpointing. The > fix now is simply to remove delete_lwp at the end of linux_nat_detach. > > Although testing detach would be good, I'm not sure if the testsuite > would have found this bug. > > --- > > From ee3dced0b22cc1edb10a82aeb79ae35d78d665bc Mon Sep 17 00:00:00 2001 > From: Philipp Rudo > Date: Wed, 22 Mar 2017 13:53:50 +0100 > Subject: [PATCH v2] Fix read after xfree in linux_nat_detach > > At the end of linux_nat_detach the main_lwp is deleted (delete_lwp). > This is problematic as during detach (detach_one_lwp and > linux_fork_detach) main_lwp already gets freed. Thus calling > delete_lwp causes a read after free. Fix it by removing the > unnecessary delete_lwp. > > gdb/ChangeLog: > * linux-nat.c (linux_nat_detach): delete_lwp causes read after > free. Remove it. > --- > gdb/linux-nat.c | 1 - > 1 file changed, 1 deletion(-) > > diff --git a/gdb/linux-nat.c b/gdb/linux-nat.c > index dff0da5..efe7daf 100644 > --- a/gdb/linux-nat.c > +++ b/gdb/linux-nat.c > @@ -1549,7 +1549,6 @@ linux_nat_detach (struct target_ops *ops, const > char *args, int from_tty) > inf_ptrace_detach_success (ops); > } > - delete_lwp (main_lwp->ptid); > } > > /* Resume execution of the inferior process. If STEP is nonzero, > -- Thanks, Pedro Alves