From: Oleg Nesterov <oleg@redhat.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Jerome Marchand <jmarchan@redhat.com>,
Roland McGrath <roland@redhat.com>,
Denys Vlasenko <dvlasenk@redhat.com>,
linux-kernel@vger.kernel.org
Subject: [PATCH -mm 1/2] ptrace_detach: the wrong wakeup breaks the ERESTARTxxx logic
Date: Fri, 13 Feb 2009 11:54:37 +0100 [thread overview]
Message-ID: <20090213105437.GA24320@redhat.com> (raw)
Another ancient bug. Consider this trivial test-case,
int main(void)
{
int pid = fork();
if (pid) {
ptrace(PTRACE_ATTACH, pid, NULL, NULL);
wait(NULL);
ptrace(PTRACE_DETACH, pid, NULL, NULL);
} else {
pause();
printf("WE HAVE A KERNEL BUG!!!\n");
}
return 0;
}
the child must not "escape" for sys_pause(), but it can and this was seen
in practice.
This is because ptrace_detach does:
if (!child->exit_state)
wake_up_process(child);
this wakeup can happen after this child has already restarted sys_pause(),
because it gets another wakeup from ptrace_untrace().
With or without this patch, perhaps sys_pause() needs a fix. But this
wakeup also breaks the SIGNAL_STOP_STOPPED logic in ptrace_untrace().
Remove this wakeup. The caller saw this task in TASK_TRACED state, and
unless it was SIGKILL'ed in between __ptrace_unlink()->ptrace_untrace()
should handle this case correctly. If it was SIGKILL'ed, we don't need
to wakup the dying tracee too.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
--- 6.29-rc3/kernel/ptrace.c~1_KILL_WAKE 2009-02-13 11:06:04.000000000 +0100
+++ 6.29-rc3/kernel/ptrace.c 2009-02-13 11:06:56.000000000 +0100
@@ -301,11 +301,7 @@ int ptrace_detach(struct task_struct *ch
*/
if (child->ptrace) {
child->exit_code = data;
-
dead = __ptrace_detach(current, child);
-
- if (!child->exit_state)
- wake_up_process(child);
}
write_unlock_irq(&tasklist_lock);
next reply other threads:[~2009-02-13 10:57 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-13 10:54 Oleg Nesterov [this message]
2009-02-20 3:47 ` [PATCH -mm 1/2] ptrace_detach: the wrong wakeup breaks the ERESTARTxxx logic Roland McGrath
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090213105437.GA24320@redhat.com \
--to=oleg@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=dvlasenk@redhat.com \
--cc=jmarchan@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=roland@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.