Victor Zandy <zandy@cs.wisc.edu> writes:
> On x86 Linux 2.2.12, I can't figure out a reliable way to keep a
> process stopped after ptrace operations.
>
> For example, after this sequence
>
> ptrace(PTRACE_ATTACH, pid, 0, 0);
> waitpid(pid, NULL, 0);
> ptrace(PTRACE_DETACH, pid, 0, SIGSTOP);
>
> the process (pid) is not stopped. So this does not help me.
I can't see an easy way to keep the child stopped after a detach, either.
Here's my guess as to what's happening:
The PTRACE_DETACH is doing a sort of fake SIGCONT (wake_up_process), which
apparently wins out (most of the time, anyway) over the SIGSTOP you're sending
in the fourth argument. (Maybe the kernel should be patched to not do the
SIGCONT in this case.)
I believe the behavior you're seeing basically comes down to a race between
the SIGCONT and the SIGSTOP. For case 3 in your program, for example, I
usually see the child left stopped, but occasionally it will be left running
(on 2.3.39).
(There might be an excessively clever way to get the stop to happen. For
example, write a 'kill(self, SIGSTOP)' system call at the current PC, do a
PTRACE_SYSCALL, then at the first stop undo the write and back the PC up to
the original code, then do the DETACH. I haven't tried this. Even if it
worked, it seems way too dodgy to actually use.)
--Mike
-- Any sufficiently adverse technology is indistinguishable from Microsoft.- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Mar 23 2000 - 21:00:25 EST