[Toybox] [PATCH] killall should kill scripts too.

enh enh at google.com
Sat Dec 23 11:41:21 PST 2017


On Wed, Dec 20, 2017 at 10:34 AM, enh <enh at google.com> wrote:
> On Tue, Dec 19, 2017 at 2:35 PM, Rob Landley <rob at landley.net> wrote:
>>
>>
>> On 12/18/2017 11:15 PM, enh wrote:
>>> On Mon, Dec 18, 2017 at 5:07 PM, enh <enh at google.com> wrote:
>>>>> Having killall need to do similar grinding over a large number of
>>>>> processes seems unnecessary. That said, it looks like to match ubuntu's
>>>>> killall we would need to read two files _and_ stat /proc/$$/exe.
>>>>
>>>> that's still a lot lighter weight than all the work pgrep/pkill have
>>>> to do, and it's what everyone's already living with anyway...
>>>
>>> (and toybox lsof is still 10x faster than FSF lsof on my machines.
>>
>> $ sleep 999 > test3 &
>> $ time lsof test3
>> COMMAND   PID    USER   FD   TYPE DEVICE SIZE/OFF     NODE NAME
>> sleep   31117 landley    1w   REG    8,1        0 11944128 test3
>>
>> real    0m3.134s
>> user    0m0.988s
>> sys     0m2.084s
>> $ time ./lsof ../toy3/test3
>> COMMAND     PID       USER   FD      TYPE             DEVICE  SIZE/OFF
>>     NODE NAME
>> sleep     31117    landley    1w      REG                8,1         0
>> 11944128 /home/landley/toybox/toy3/test3
>>
>> real    0m3.279s
>> user    0m1.032s
>> sys     0m2.000s
>>
>> $ ps ax |wc
>>     376    3041   98906
>>
>> Same 3 seconds to iterate over 376 processes in the simple case. (lsof
>> -i takes 6 seconds, toybox doesn't have -i yet...)
>
> i think we have this same conversation every few months :-)
>
> we should probably work out what's different. maybe because my
> machines have lots of processes and few network connections?
> (profiling confirms that most of lsof time goes to parsing
> /proc/PID/maps for me.)
>
>>> don't think lsof is high on the list of things to worry about. even
>>> for top, i'm more worried about the fact that it crashes if you leave
>>> it running long enough, or the broken ps -AT...)
>>
>> I have a tab open for ps -AT, but I thought I'd gotten all the ps/top
>> crashes out of the way? Is that still a thing?
>
> i think the ps "directory disappeared from under me" crashes are
> fixed. i haven't seen a report for some time.
>
> i don't think the top "memory corruption if left running long enough"
> crashes are fixed, but i've only ever seen a few crashes. i've just
> built a ToT toybox with asan for my laptop and i'll leave it running
> during the day.

took a long time (wasn't paying attention, so don't know how long),
but (formatting screwed up by virtue of coming from the middle of top
output) the top crash is still there:

=================================================================hrome --type=r+

==16990==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x61d00074c178 at pc 0x0000005505c6 bp 0x7ffdfbb29190 sp
0x7ffdfbb29188
                                          READ of size 8 at
0x61d00074c178 thread T0
        #0 0x5505c5  (/home/enh/toybox-asan/toybox+0x5505c5)
                                                                #1
0x54dff2  (/home/enh/toybox-asan/toybox+0x54dff2)
                                        #2 0x4f96bb
(/home/enh/toybox-asan/toybox+0x4f96bb)
                #3 0x4f8aff  (/home/enh/toybox-asan/toybox+0x4f8aff)

 #4 0x4f96bb  (/home/enh/toybox-asan/toybox+0x4f96bb)
                                                #5 0x4f8aff
(/home/enh/toybox-asan/toybox+0x4f8aff)
                        #6 0x4f9892  (/home/enh/toybox-asan/toybox+0x4f9892)

         #7 0x7fc5fda712b0  (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
                                                                #8
0x41b0d9  (/home/enh/toybox-asan/toybox+0x41b0d9)

                                    0x61d00074c178 is located 0 bytes
to the right of 2296-byte region [0x61d00074b880,0x61d00074c178)
                                                      allocated by
thread T0 here:
      #0 0x4b9518  (/home/enh/toybox-asan/toybox+0x4b9518)
                                                              #1
0x4f5fa4  (/home/enh/toybox-asan/toybox+0x4f5fa4)
                                      #2 0x54ebcd
(/home/enh/toybox-asan/toybox+0x54ebcd)
              #3 0x54dff2  (/home/enh/toybox-asan/toybox+0x54dff2)

#4 0x4f96bb  (/home/enh/toybox-asan/toybox+0x4f96bb)
                                              #5 0x4f8aff
(/home/enh/toybox-asan/toybox+0x4f8aff)
                      #6 0x4f96bb  (/home/enh/toybox-asan/toybox+0x4f96bb)

       #7 0x4f8aff  (/home/enh/toybox-asan/toybox+0x4f8aff)
                                                      #8 0x4f9892
(/home/enh/toybox-asan/toybox+0x4f9892)
                              #9 0x7fc5fda712b0
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)

          SUMMARY: AddressSanitizer: heap-buffer-overflow
(/home/enh/toybox-asan/toybox+0x5505c5)
                  Shadow bytes around the buggy address:

0x0c3a800e17d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                           0x0c3a800e17e0: 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00
                            0x0c3a800e17f0: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00
             0x0c3a800e1800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

       0x0c3a800e1810: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

=>0x0c3a800e1820: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00[fa]
                                                 0x0c3a800e1830: fa fa
fa fa fa fa fa fa fa fa fa fa fa fa fa fa
                                  0x0c3a800e1840: fa fa fa fa fa fa fa
fa fa fa fa fa fa fa fa fa
                   0x0c3a800e1850: fa fa fa fa fa fa fa fa fa fa fa fa
fa fa fa fa
    0x0c3a800e1860: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

0x0c3a800e1870: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
                                                    Shadow byte legend
(one shadow byte represents 8 application bytes):
                                          Addressable:           00

Partially addressable: 01 02 03 04 05 06 07
                                   Heap left redzone:       fa
                                                                Heap
right redzone:      fb
             Freed heap region:       fd
                                          Stack left redzone:      f1

Stack mid redzone:       f2
                    Stack right redzone:     f3
                                                 Stack partial redzone:   f4

       Stack after return:      f5
                           Stack use after scope:   f8
                                                        Global
redzone:          f9
     Global init order:       f6
                                  Poisoned by user:        f7

Container overflow:      fc
            Array cookie:            ac
                                         Intra object redzone:    bb

ASan internal:           fe
                   Left alloca redzone:     ca
                                                Right alloca redzone:    cb

    ==16990==ABORTING

addr2line decodes the stacks as:

~/toybox-asan$ addr2line -C -f --exe=./generated/unstripped/toybox
0x4b9518 0x4f5fa4 0x54ebcd 0x54dff2 0x4f96bb 0x4f8aff 0x4f96bb
0x4f8aff 0x4f9892 0x7fc5fda712b0
__interceptor_malloc
??:?
xmalloc
/home/enh/toybox-asan/lib/xwrap.c:71 (discriminator 1)
collate
/home/enh/toybox-asan/toys/posix/ps.c:1138 (discriminator 1)
top_main
/home/enh/toybox-asan/toys/posix/ps.c:1645
toy_exec
/home/enh/toybox-asan/main.c:169
toybox_main
/home/enh/toybox-asan/main.c:182 (discriminator 1)
toy_exec
/home/enh/toybox-asan/main.c:169
toybox_main
/home/enh/toybox-asan/main.c:182 (discriminator 1)
main
/home/enh/toybox-asan/main.c:240
??
??:0
~/toybox-asan$ addr2line -C -f --exe=./generated/unstripped/toybox
0x5505c5 0x54dff2 0x4f96bb 0x4f8aff 0x4f96bb 0x4f8aff 0x4f9892
0x7fc5fda712b0 0x41b0d9top_common
/home/enh/toybox-asan/toys/posix/ps.c:1407
top_main
/home/enh/toybox-asan/toys/posix/ps.c:1645
toy_exec
/home/enh/toybox-asan/main.c:169
toybox_main
/home/enh/toybox-asan/main.c:182 (discriminator 1)
toy_exec
/home/enh/toybox-asan/main.c:169
toybox_main
/home/enh/toybox-asan/main.c:182 (discriminator 1)
main
/home/enh/toybox-asan/main.c:240
??
??:0
_start
??:?

patch to build for the host with asan looks like this:

diff --git a/Makefile b/Makefile
index 9933710..98befef 100644
--- a/Makefile
+++ b/Makefile
@@ -5,6 +5,11 @@
 # Note that CC defaults to "cc" so the one in configure doesn't get
 # used when scripts/make.sh and care called through "make".

+CC=clang-3.8
+HOSTCC=clang-3.8
+CFLAGS=-fsanitize=address -fno-omit-frame-pointer -g -O1
-fno-optimize-sibling-calls
+LDFLAGS=-fsanitize=address -g
+
 HOSTCC?=cc

 export CROSS_COMPILE CFLAGS OPTIMIZE LDOPTIMIZE CC HOSTCC V
diff --git a/scripts/make.sh b/scripts/make.sh
index 77e0e06..5b30c31 100755
--- a/scripts/make.sh
+++ b/scripts/make.sh
@@ -122,6 +122,7 @@ fi
 # LINK needs optlibs.dat, above

 LINK="$(echo $LDOPTIMIZE $LDFLAGS -o "$UNSTRIPPED" -Wl,--as-needed
$(cat generated/optlibs.dat))"
+LINK="$(echo $LDOPTIMIZE $LDFLAGS -o "$UNSTRIPPED") -lcrypt"
 genbuildsh > generated/build.sh && chmod +x generated/build.sh || exit 1

 #TODO: "make $SED && make" doesn't regenerate config.h because diff .config


>> Rob
>
>
>
> --
> Elliott Hughes - http://who/enh - http://jessies.org/~enh/
> Android native code/tools questions? Mail me/drop by/add me as a reviewer.


More information about the Toybox mailing list