From: Oleg Nesterov <oleg@redhat.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Roland McGrath <roland@redhat.com>, linux-kernel@vger.kernel.org
Subject: [PATCH] ptrace: fix exit_ptrace() vs ptrace_traceme() race
Date: Mon, 6 Apr 2009 18:52:38 +0200 [thread overview]
Message-ID: <20090406165238.GA25710@redhat.com> (raw)
Pointed out by Roland. The bug was recently introduced by me in
"forget_original_parent: split out the un-ptrace part", commit
39c626ae47c469abdfd30c6e42eff884931380d6.
Since that patch we have a window after exit_ptrace() drops tasklist
and before forget_original_parent() takes it again. In this window
the child can do ptrace(PTRACE_TRACEME) and nobody can untrace this
child after that.
Change ptrace_traceme() to not attach to the exiting ->real_parent.
We don't report the error in this case, we pretend we attach right
before ->real_parent calls exit_ptrace() which should untrace us
anyway.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
--- 6.30/kernel/ptrace.c~TRACEME 2009-04-06 00:03:42.000000000 +0200
+++ 6.30/kernel/ptrace.c 2009-04-06 18:25:53.000000000 +0200
@@ -606,10 +606,11 @@ repeat:
ret = security_ptrace_traceme(current->parent);
/*
- * Set the ptrace bit in the process ptrace flags.
- * Then link us on our parent's ptraced list.
+ * Check PF_EXITING to ensure ->real_parent has not passed
+ * exit_ptrace(). Otherwise we don't report the error but
+ * pretend ->real_parent untraces us right after return.
*/
- if (!ret) {
+ if (!ret && !(current->real_parent->flags & PF_EXITING)) {
current->ptrace |= PT_PTRACED;
__ptrace_link(current, current->real_parent);
}
next reply other threads:[~2009-04-06 16:57 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-04-06 16:52 Oleg Nesterov [this message]
2009-04-06 19:35 ` [PATCH] ptrace: fix exit_ptrace() vs ptrace_traceme() race Roland McGrath
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090406165238.GA25710@redhat.com \
--to=oleg@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=roland@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.