[Devel] stat on /proc/<PID>/exe when <PID> is zombie inside a VE

Ivan Dubrov wfragg at gmail.com
Sat Jan 12 06:38:35 PST 2008


Hi,

I was investigating why stat on /proc/<PID>/exe fails with EACCES when 
<PID> is zombie. In short, this situation is quite often then starting 
services on openSUSE 10.3 VE (startproc does stat on its children for 
some reason and sometimes this children is already zombie). That results 
in multiple "startproc: cannot stat /proc/1128/exe: Permission denied" 
when starting the service.

So, I've traced down the source of this error and found that it occurs 
in kernel/ptrace.c may_attach() function. If process is zombie, it has 
empty task->mm, so vps_dumpable is 0 for such process. As a result, if 
VE is not a super VE, the check fails.

Here is the corresponding piece of code (may_attach.c, around .. line):

if (task->mm) {
    dumpable = task->mm->dumpable;
    vps_dumpable = (task->mm->vps_dumpable == 1);
}

if (!dumpable && !capable(CAP_SYS_PTRACE)) // #1
    return -EPERM;
if (!vps_dumpable && !ve_is_super(get_exec_env())) // This check fails 
if process is zombie
    return -EPERM;


The questions here is it safe to allow the "ptrace" if process is 
zombie? It seems to me that this should be perfectly safe. Anyway, the 
actual ptrace_attach will fail on task with empty mm, so this only 
affects /proc behavior.

On the other hand, maybe this is a startproc issue and not the kernel 
one? It seems that in regular environment it works only because it is 
usually executed under "root" account which has CAP_SYS_PTRACE 
capability and therefore check #1 fails for zombies.

I've attached a patch that fixes startproc. It skips the check if 
(task->exit_state&EXIT_ZOMBIE) is true.

-- 
WBR,
Ivan S. Dubrov

-------------- next part --------------
A non-text attachment was scrubbed...
Name: may_attach_vps_dumpable_zombie.patch
Type: text/x-patch
Size: 480 bytes
Desc: not available
URL: <http://lists.openvz.org/pipermail/devel/attachments/20080112/debd7cbf/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openvz.org/pipermail/devel/attachments/20080112/debd7cbf/attachment-0001.sig>


More information about the Devel mailing list