Re: [PATCH 1/1] ptrace: Get tracer PID without reliance on the proc FS

From: Roman Kisel
Date: Fri Sep 06 2024 - 17:15:39 EST

Next message: Sean Christopherson: "Re: [PATCH] KVM: x86: Only advertise KVM_CAP_READONLY_MEM when supported by VM"
Previous message: Joshua Pius: "[PATCH] ALSA: usb-audio: Add logitech Audio profile quirk"
In reply to: Linus Torvalds: "Re: [PATCH 1/1] ptrace: Get tracer PID without reliance on the proc FS"
Next in thread: Oleg Nesterov: "Re: [PATCH 1/1] ptrace: Get tracer PID without reliance on the proc FS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 9/6/2024 1:26 PM, Linus Torvalds wrote:

On Fri, 6 Sept 2024 at 13:08, Roman Kisel <romank@xxxxxxxxxxxxxxxxxxx> wrote:

When the process has run into a fatal error and is about to exit, having
a way to break into the debugger at this exact moment wouldn't change
anything about the logic of the data processing happening in the process.
What's so horrible in that to have a way to land in the debugger to see
what exactly is going on?

I don't buy it.

If you want to debug some fatal behavior, and a debugger *isn't*
attached, you want it to create a core-dump.

And if a debugger *is* attached, it will catch that.

This is basically how abort() has always worked, and it very much is
*not* doing some "let's check if we're being debugged" stuff. Exactly
because that would be a bad idea and an anti-pattern.

The other very traditional model - for example if you do *not* want to
do core-dumps for some reason, and just exit with an error message -
is to just put a breakpoint on the "fatal()" function (or whatever
your "fatal error happened" situation is) using the debugger.

Then the target will behave differently depending on whether it is
being debugged or not BECAUSE THE DEBUGGER ASKED FOR IT, not because
the program decided to act differently when debugged.

In other words, this is a long-solved problem with solid solutions
from before Linux even existed.

Writing a core-dump might not be an option as you have pointed out
hence the "fatal()" function might not be permitted to fault.

Breaking into the debugger if it is attached saves a step of setting
a breakpoint and doesn't require the knowledge of the guts of the
standard library and/or the journey of the trap exception from the
CPU to the debugger. The very name of the "fatal()" function is a
tight contract, and something akin to the onion in the varnish for
the uninitiated.

Libraries like Google Breakpad, Boost.Test, C++ std, AWS C SDK,
Unreal Engine have that "breakpoint_if_debugging" facility, folks
find that useful. They all read and parse the "/proc/self/status" file,
where as it may seem, just the ptrace syscall one liner could save
the trouble of that. The kernel helps the user space do work as I
understand, why police it? There is "fork()", and threads can deadlock.
Quite horrible, still the user space has access to that. Here,
there is evidence folks do want to detect if a debugger is present,
there is evidence how the kernel can help the user space compute that
with so much less effort, the patch is trivial. Why don't let the
userspace burn less electricity?

Linus

--
Thank you,
Roman

Next message: Sean Christopherson: "Re: [PATCH] KVM: x86: Only advertise KVM_CAP_READONLY_MEM when supported by VM"
Previous message: Joshua Pius: "[PATCH] ALSA: usb-audio: Add logitech Audio profile quirk"
In reply to: Linus Torvalds: "Re: [PATCH 1/1] ptrace: Get tracer PID without reliance on the proc FS"
Next in thread: Oleg Nesterov: "Re: [PATCH 1/1] ptrace: Get tracer PID without reliance on the proc FS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]