On 7/31/06, Daniel Jacobowitz <[email protected]> wrote:
> On Mon, Jul 31, 2006 at 08:08:35PM -0400, Albert Cahalan wrote:
> > The execve event is unreliable anyway.
> > Thus, it is necessary to use syscall tracing.
>
> You keep saying this "unreliable" thing, and I don't think it means
> what you think it means. It should always be delivered. When it
> isn't, there's a bug. I don't know of any, unless you're talking about
> the thread group issue you just reported.
Yeah, I figure there is a bug.
It'd be great if you could reproduce the bug.
My setup:
2-core CPU
64-bit kernel (2.6.17 FC5, next-to-latest revision)
32-bit target app (assembly - no C library)
32-bit debugger
The target app does CLONE_THREAD. The child does
that again, then execve. The first and last threads spin
in a loop, either burning CPU time or doing the pause
system call. (the middle thread does the execve)
I see the messages just fine on many 32-bit non-SMP
systems that I tested with: Gentoo 2.6.16, Gentoo 2.6.13,
plain 2.6.16, maybe 2.6.17.7... mostly in VMWare.
Perhaps it is the SMP, the 64-bit, or Fedora being broken.
I can not say, and most likely can not investigate more.
I hope that helps.