Re: Detecting the death of the last LWP of a tracee process.

From: Konstantin Belousov <kostikbel_at_gmail.com>
Date: Tue, 27 Aug 2024 21:52:09 UTC
On Tue, Aug 27, 2024 at 09:38:30PM +0000, fvalasiad wrote:
> Hello everyone!
> 
> I am porting my so far linux-only FOSS project [build recorder](https://github.com/fvalasiad/build-recorder) to FreeBSD "unofficially", as if, in my own personal fork and not the parent organization's upstream repository.
> All for fun in my personal time, uncertain if and when it's gonna be merged upstream.
> 
> As you can probably guess it utilizes ptrace(2), and I am facing some issues with it.
> 
> manpage states this about the PTRACE_LWP flag:
> 
> > Note that new processes do not report an event for
> > the creation of their	initial	thread,  and  exiting
> > processes do not report an event for the termination
> > of the last thread.
> 
> This is kind of a bummer for my tool's needs. In case anyone is unfamiliar with threads in linux, they are essentially processes and there is no distinction between them. Trying to minimize the conditional compilation of my project to make maintaining it easier, I took
> advantage of the fact that LWPs have unique system-wide IDs, almost completely
> ignoring the distinction amongst processes and LWPs in my tool....
> 
> This though ruins everything, as I cannot properly clean the process' last LWP state
> without knowing its ID upon exit. Manpage states that you should do that through normal
> process signals, but once the process sends the WEXITED signal, the process and all info
> with it(namely, its last LWP's ID) is gone. Curious if there is a workaround besides adding
> extra state.
When waitpid(2) reports the process exit, you should have only one LWP left
in your registry of the process' threads.  Clean it.

> 
> Additionally, if anyone could help explain what PT_GET_SC_RET's double return value is all about. How can a traditional system call like open(2) have two return values?

Some syscalls return two values, e.q. pipe(2), which needs to return fds
for in and out pipes.  Less visible, fork(2) returns zero for child process,
but also the parent pid as an additional value, not exposed by C wrapper.

On 32bit arches, lseek(2) needs to return 64bit result, which requires
two registers.  Same for read(2)/write(2).