[PATCH 2/2] GDB test suite: Get core files on targets with systemd-coredump

Andreas Arnez arnez@linux.vnet.ibm.com
Wed Oct 18 15:56:00 GMT 2017 

On Tue, Oct 17 2017, Pedro Alves wrote:

> On 10/17/2017 06:36 PM, Andreas Arnez wrote:

[...]

>> This might be the right trade-off if we expect test cases to be executed
>> only on systems that the user has full control over.  But I consider
>> this restriction too tight and would prefer a "best effort" approach
>> instead.  Maybe we should emit a warning *and* try our best to execute
>> the test?
>
> Not sure, really.  It seems like the "best effort" results in
> racy tests, e.g., if "coredumpctl" returns an old dump, or
> if coredumpctl decides to rate-limit core dump generation (which
> according to the docs, it does).  It very much sounds like that
> can lead to hard to diagnose problems and send GDB hackers tilting
> at windmills.

That might be.  However, the same problems may affect *any* coredumpctl
user, not just the GDB test suite.  And coredumpctl users are *our*
users, after all.  Maybe we should postpone GDB test suite support for
systemd-coredump until these problems are fixed.  But if all "informed
developers" just give up and disable systemd-coredump, I fear that they
will never be addressed.

>
>> 
>>> I mean, you already have to tweak other things in the system in
>>> order to be able to run the testsuite correctly.  For example,
>>> you have to tweak /proc/sys/kernel/yama/ptrace_scope to make
>>> attach tests work at all, for example.  systemd-coredump kind of
>>> seems like more of the same.
>> 
>> So should we document a sequence of admin commands that makes a system
>> debug-ready, or in particular ready for the GDB test suite?
>
> IMO, yes.  We already have something like that, but it's mixed with
> the instructions for setting up builders:
>
>   https://sourceware.org/gdb/wiki/BuildBot#Fedora-specific_instructions
>
> (Note we already suggest disabling ABRT and tweaking 
> kernel.core_pattern.)
>
> It'd be great to move that info to some specific page about setting
> up an environment for developing and testing GDB.  Also, some of
> the command sequences there could move to scripts under gdb/contrib/,
> IMHO.

Yeah, that would be good.

>
>> 
>> But I'm not so sure about this.  IMHO a default mainstream Linux
>> installation should be suited for development- and debugging purposes
>> *without* any tweaking.  Also, if there are good reasons for a security
>> measure, we shouldn't rely on disabling it globally.
>
> I think that battle is lost.

That surely sounds depressing...  I guess I'm late to the battlefield
then ;-)

> Mainstream Linux installations are already very much not suited for
> development OOTB.  You have to install a bunch of development packages
> that are not installed by default, before you can build anything,
> including compiler, etc.  If you can install packages, then you can
> also disable a few features that really are not meant for development
> environments.  What we're missing is a simple "one-click button" way
> to adapt an installation / user environment for development.

Let me just point out that I see a difference between installing
additional packages and disabling security measures.  Admins might be
easily convinced to do the former, but there will probably be more push
back on the latter.  A "one-click button" would not really help with
that.

And all this sounds as if developers were no longer seen as a target
group of a Fedora distribution, say.  On the other hand -- quote --:
"Fedora Workstation is a polished, easy to use operating system for
laptop and desktop computers, with a complete set of tools for
developers and makers of all kinds."

>
>> 
>> With respect to Yama's ptrace scope, the distributions seem to differ.
>> For instance, Fedora does not activate it by default
>> (https://fedoraproject.org/wiki/Security_Features_Matrix), while Ubuntu
>> does (https://wiki.ubuntu.com/Security/Features).  And I wonder whether
>> this feature couldn't be adjusted to be more debug-friendly either.
>
> The whole point of the feature is to prevent debugging, so I don't
> see how, off hand.

Well, I think the goal is to prevent visibility of sensitive data like
passwords and keys through ptrace -- which is a fair point.  But does
this really require disabling ptrace from "non-ancestor" processes
completely?  It just seems to me that the collateral damage to debug
capabilities was accepted too easily in this design.

[...]

Anyway, regarding GDB test suite support for systemd-coredump, I won't
push too hard.  While I have a slight preference towards "best effort",
I understand your concern with possible surprises.  So I'm fine with
dropping this patch.  Patch #1 in this series might still be useful, so
I'll send an updated version of it.

--
Andreas

More information about the Gdb-patches mailing list