From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 17180 invoked by alias); 12 Apr 2017 08:14:35 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Received: (qmail 17154 invoked by uid 89); 12 Apr 2017 08:14:34 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-26.6 required=5.0 tests=BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.2 spammy=inconvenience X-HELO: mx0a-001b2d01.pphosted.com Received: from mx0b-001b2d01.pphosted.com (HELO mx0a-001b2d01.pphosted.com) (148.163.158.5) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 12 Apr 2017 08:14:27 +0000 Received: from pps.filterd (m0098417.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id v3C88qhS047125 for ; Wed, 12 Apr 2017 04:14:27 -0400 Received: from e06smtp10.uk.ibm.com (e06smtp10.uk.ibm.com [195.75.94.106]) by mx0a-001b2d01.pphosted.com with ESMTP id 29seq8c99m-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Wed, 12 Apr 2017 04:14:27 -0400 Received: from localhost by e06smtp10.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 12 Apr 2017 09:14:25 +0100 Received: from b06cxnps3074.portsmouth.uk.ibm.com (9.149.109.194) by e06smtp10.uk.ibm.com (192.168.101.140) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Wed, 12 Apr 2017 09:14:24 +0100 Received: from d06av24.portsmouth.uk.ibm.com (d06av24.portsmouth.uk.ibm.com [9.149.105.60]) by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id v3C8ENg411206968; Wed, 12 Apr 2017 08:14:23 GMT Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DB0B142041; Wed, 12 Apr 2017 09:13:29 +0100 (BST) Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B09964203F; Wed, 12 Apr 2017 09:13:29 +0100 (BST) Received: from ThinkPad (unknown [9.152.212.148]) by d06av24.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 12 Apr 2017 09:13:29 +0100 (BST) Date: Wed, 12 Apr 2017 08:14:00 -0000 From: Philipp Rudo To: Pedro Alves Cc: gdb-patches@sourceware.org Subject: Re: [PATCH v2] Fix read after xfree in linux_nat_detach In-Reply-To: References: <20170322131132.98976-1-prudo@linux.vnet.ibm.com> <20170322131132.98976-2-prudo@linux.vnet.ibm.com> <1ba8e9a2-2155-cab4-a530-ef7344a40c33@redhat.com> <20170322181652.6d145e7f@ThinkPad> <4fd5805f-7763-9548-d743-45dd2aa1b17c@redhat.com> <20170323141724.1707affa@ThinkPad> <02be13b3-1711-545a-921c-80c4fd2da2e0@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-TM-AS-GCONF: 00 x-cbid: 17041208-0040-0000-0000-00000366C416 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17041208-0041-0000-0000-000024EDC3D3 Message-Id: <20170412101422.2f27bb18@ThinkPad> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-04-12_06:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=2 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1702020001 definitions=main-1704120070 X-IsSubscribed: yes X-SW-Source: 2017-04/txt/msg00313.txt.bz2 Hi Pedro, thanks for pushing. I think I found the reason the patch didn't apply. Instead of git send-email I just copy/pasted this patch to my mail client and it decided that it would be a good idea to wrap long lines ... > >> @@ -1549,7 +1549,6 @@ linux_nat_detach (struct target_ops *ops, const > >> char *args, int from_tty) Anyway I updated my settings so it shouldn't happen in the future. Thanks for the hint and sorry for the inconvenience. Thanks a lot Philipp On Tue, 11 Apr 2017 14:31:10 +0100 Pedro Alves wrote: > Hi, > > I ran gdb under Valgrind and noticed that this patch hadn't > been pushed yet. I've pushed it now. > > FYI, for some reason the patch was corrupt and I had to > recreate it by hand: > > $ git am prudo > Applying: Fix read after xfree in linux_nat_detach > fatal: corrupt patch at line 26 > Patch failed at 0001 Fix read after xfree in linux_nat_detach > > Thanks, > Pedro Alves > > On 03/23/2017 01:42 PM, Pedro Alves wrote: > > OK. > > > > On 03/23/2017 01:17 PM, Philipp Rudo wrote: > >> On Wed, 22 Mar 2017 17:26:27 +0000 > >> Pedro Alves wrote: > >> > >>> On 03/22/2017 05:16 PM, Philipp Rudo wrote: > >>> > >>>> Looks like we can get simply rid of it. I'll see that I get a test > >>>> case running which forks to verify it, tomorrow. > >>> > >>> This forks handling is the support for the "checkpoint" & > >>> friends commands, covered by gdb.base/checkpoint.exp. > >>> Doesn't seem to exercise detach yet though, unfortunately. > >> > >> I double checked, the same bug also happens when checkpointing. The > >> fix now is simply to remove delete_lwp at the end of linux_nat_detach. > >> > >> Although testing detach would be good, I'm not sure if the testsuite > >> would have found this bug. > >> > >> --- > >> > >> From ee3dced0b22cc1edb10a82aeb79ae35d78d665bc Mon Sep 17 00:00:00 2001 > >> From: Philipp Rudo > >> Date: Wed, 22 Mar 2017 13:53:50 +0100 > >> Subject: [PATCH v2] Fix read after xfree in linux_nat_detach > >> > >> At the end of linux_nat_detach the main_lwp is deleted (delete_lwp). > >> This is problematic as during detach (detach_one_lwp and > >> linux_fork_detach) main_lwp already gets freed. Thus calling > >> delete_lwp causes a read after free. Fix it by removing the > >> unnecessary delete_lwp. > >> > >> gdb/ChangeLog: > >> * linux-nat.c (linux_nat_detach): delete_lwp causes read after > >> free. Remove it. > >> --- > >> gdb/linux-nat.c | 1 - > >> 1 file changed, 1 deletion(-) > >> > >> diff --git a/gdb/linux-nat.c b/gdb/linux-nat.c > >> index dff0da5..efe7daf 100644 > >> --- a/gdb/linux-nat.c > >> +++ b/gdb/linux-nat.c > >> @@ -1549,7 +1549,6 @@ linux_nat_detach (struct target_ops *ops, const > >> char *args, int from_tty) > >> inf_ptrace_detach_success (ops); > >> } > >> - delete_lwp (main_lwp->ptid); > >> } > >> > >> /* Resume execution of the inferior process. If STEP is nonzero, > >> > > > > >