[bug?][timeout] infinite reading of empty pseudo-file #400
Description
During the system scan I noticed a strange behavior. When scanning (reading) kernel pseudo-files that block the stream until data arrives, a blocking occurs.
The timeout parameter (-a or --timeout ) does not help in this case.
I understand that I am publishing an error for the previous version of yara
yr -V
yara-x-cli 1.3.0
yr scan rules/index.yar /sys/kernel/tracing/ -p 30 -r -a 500
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
82 file(s) scanned in 554.2s. 0 file(s) matched.
╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶╶
/sys/kernel/tracing/per_cpu/cpu11/snapshot_raw 554.2s
/sys/kernel/tracing/per_cpu/cpu11/trace_pipe_raw 554.2s
/sys/kernel/tracing/per_cpu/cpu11/trace_pipe 554.2s
/sys/kernel/tracing/per_cpu/cpu10/snapshot_raw 554.2s
/sys/kernel/tracing/per_cpu/cpu10/trace_pipe_raw 554.2s
/sys/kernel/tracing/per_cpu/cpu10/trace_pipe 554.2s
/sys/kernel/tracing/per_cpu/cpu9/snapshot_raw 554.2s
/sys/kernel/tracing/per_cpu/cpu9/trace_pipe_raw 554.2s
/sys/kernel/tracing/per_cpu/cpu9/trace_pipe 554.2s
/sys/kernel/tracing/per_cpu/cpu8/snapshot_raw 554.2s
/sys/kernel/tracing/per_cpu/cpu8/trace_pipe_raw 554.2s
/sys/kernel/tracing/per_cpu/cpu8/trace_pipe 554.2s
/sys/kernel/tracing/per_cpu/cpu7/snapshot_raw 554.2s
/sys/kernel/tracing/per_cpu/cpu7/trace_pipe_raw 554.2s
/sys/kernel/tracing/per_cpu/cpu7/trace_pipe 554.2s
/sys/kernel/tracing/per_cpu/cpu6/snapshot_raw 554.2s
/sys/kernel/tracing/per_cpu/cpu6/trace_pipe_raw 554.0s
/sys/kernel/tracing/per_cpu/cpu6/trace_pipe 554.0s
/sys/kernel/tracing/per_cpu/cpu5/snapshot_raw 554.0s
/sys/kernel/tracing/per_cpu/cpu5/trace_pipe_raw 554.0s
/sys/kernel/tracing/per_cpu/cpu5/trace_pipe 553.9s
/sys/kernel/tracing/per_cpu/cpu4/snapshot_raw 553.9s
/sys/kernel/tracing/per_cpu/cpu4/trace_pipe_raw 553.9s
/sys/kernel/tracing/per_cpu/cpu4/trace_pipe 553.8s
/sys/kernel/tracing/per_cpu/cpu3/snapshot_raw 553.8s
/sys/kernel/tracing/per_cpu/cpu3/trace_pipe_raw 553.8s
/sys/kernel/tracing/per_cpu/cpu3/trace_pipe 553.7s
/sys/kernel/tracing/per_cpu/cpu2/snapshot_raw 553.7s
/sys/kernel/tracing/per_cpu/cpu2/trace_pipe_raw 553.4s
/sys/kernel/tracing/per_cpu/cpu2/trace_pipe 552.8s
(CTRL+C) ^C
data:
#include <fcntl.h> // open()
#include <unistd.h> // read(), write(), close()
int main() {
int fd = open("/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw", O_RDONLY);
if (fd == -1) {
const char *msg = "Error: Failed to open file\n";
write(2, msg, 25); // 2 — stderr
return 1;
}
char buffer[500];
ssize_t bytes_read = read(fd, buffer, sizeof(buffer));
if (bytes_read == -1) {
const char *msg = "Error: Failed to read file\n";
write(2, msg, 25);
close(fd);
return 1;
}
close(fd);
write(1, buffer, bytes_read); // 1 — stdout
return 0;
}clang --static code.c
strace -ffff ./a.out
execve("./a.out", ["./a.out"], 0x7ffd88648ee8 /* 34 vars */) = 0
brk(NULL) = 0x2e442000
brk(0x2e442d40) = 0x2e442d40
arch_prctl(ARCH_SET_FS, 0x2e4423c0) = 0
set_tid_address(0x2e442690) = 106543
set_robust_list(0x2e4426a0, 24) = 0
rseq(0x2e442340, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlinkat(AT_FDCWD, "/proc/self/exe", "/root/Documents/for_yara/kernel_"..., 4096) = 45
getrandom("\xad\x74\xed\x39\x49\x99\x04\xc1", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x2e442d40
brk(0x2e463d40) = 0x2e463d40
brk(0x2e464000) = 0x2e464000
mprotect(0x4a4000, 20480, PROT_READ) = 0
openat(AT_FDCWD, "/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw", O_RDONLY) = 3
read(3, ^Cstrace: Process 106543 detached
<detached ...>