- thread1 goes into uninterruptible sleep
- thread2 unmaps everything and segfaults
- segv can’t kill the process because of thread1’s D state
- /proc/pid/maps is now empty
This code gets a list of all memory maps from
/proc/self/maps, then creates a
new executable map where it jits some code that calls
munmap() on each of the
maps it just got, and finally on the map it’s on. This is just a quick example
with no portability in mind, so the source code contains the actual bytes that
would be emitted by a x64 compiler. After unmapping the final map, where the
jit code lies, there’s no new instruction to execute and a segfault is raised.
This segfault can’t kill the entire process if one thread is stuck in
uninterruptible sleep. To reliably send a thread in such state, we create a
simple FUSE filesystem in python, in which doing anything on a particular file
will block until a key is pressed.
This code also does its own “linking” to make sure that the list of maps
doesn’t get unmapped too early.
- a c compiler
- python2 + fuse
- a modern Linux with no vsyscall page (this page is too high up and munmap
would return EINVAL)
I don’t know. I thought it was funny.