From: Oleg Nesterov <oleg@redhat.com>
To: Denys Vlasenko <vda.linux@googlemail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Tejun Heo <tj@kernel.org>, Pedro Alves <palves@redhat.com>,
Jan Kratochvil <jan.kratochvil@redhat.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 3/5] ptrace: make PTRACE_SEIZE set ptrace options specified in 'data' parameter
Date: Fri, 10 Feb 2012 18:20:47 +0100 [thread overview]
Message-ID: <20120210172047.GD8908@redhat.com> (raw)
In-Reply-To: <1328891809-21245-1-git-send-email-vda.linux@googlemail.com>
On 02/10, Denys Vlasenko wrote:
>
> This can be used to close a few corner cases in strace where we get
> unwanted racy behavior after attach, but before we have a chance
> to set options (the notorious post-execve SIGTRAP comes to mind),
> and removes the need to track "did we set opts for this task" state
> in strace internals.
>
> While we are at it:
>
> Make it possible to extend SEIZE in the future with more functionality
> by passing non-zero 'addr' parameter.
> To that end, error out if 'addr' is non-zero.
> PTRACE_ATTACH did not (and still does not) have such check,
> and users (strace) do pass garbage there... let's avoid repeating
> this mistake with SEIZE.
>
> Set all task->ptrace bits in one operation - before this change,
> we were adding PT_SEIZED and PT_PTRACE_CAP with task->ptrace |= BIT ops.
> This was probably ok (not a bug), but let's be on a safer side.
>
> Changes in v2: update ptrace_attach() call in compat_sys_ptrace() too.
>
> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
> Acked-by: Tejun Heo <tj@kernel.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
> ---
> kernel/ptrace.c | 31 +++++++++++++++++++++----------
> 1 files changed, 21 insertions(+), 10 deletions(-)
>
> diff --git a/kernel/ptrace.c b/kernel/ptrace.c
> index 9acd07a..4661c5b 100644
> --- a/kernel/ptrace.c
> +++ b/kernel/ptrace.c
> @@ -231,6 +231,7 @@ bool ptrace_may_access(struct task_struct *task, unsigned int mode)
> }
>
> static int ptrace_attach(struct task_struct *task, long request,
> + unsigned long addr,
> unsigned long flags)
> {
> bool seize = (request == PTRACE_SEIZE);
> @@ -238,19 +239,29 @@ static int ptrace_attach(struct task_struct *task, long request,
>
> /*
> * SEIZE will enable new ptrace behaviors which will be implemented
> - * gradually. SEIZE_DEVEL is used to prevent applications
> + * gradually. SEIZE_DEVEL bit is used to prevent applications
> * expecting full SEIZE behaviors trapping on kernel commits which
> * are still in the process of implementing them.
> *
> * Only test programs for new ptrace behaviors being implemented
> * should set SEIZE_DEVEL. If unset, SEIZE will fail with -EIO.
> *
> - * Once SEIZE behaviors are completely implemented, this flag and
> - * the following test will be removed.
> + * Once SEIZE behaviors are completely implemented, this flag
> + * will be removed.
> */
> retval = -EIO;
> - if (seize && !(flags & PTRACE_SEIZE_DEVEL))
> - goto out;
> + if (seize) {
> + if (addr != 0)
> + goto out;
> + if (!(flags & PTRACE_SEIZE_DEVEL))
> + goto out;
> + flags &= ~(unsigned long)PTRACE_SEIZE_DEVEL;
> + if (flags & ~(unsigned long)PTRACE_O_MASK)
> + goto out;
> + flags = PT_PTRACED | PT_SEIZED | (flags << PT_OPT_FLAG_SHIFT);
> + } else {
> + flags = PT_PTRACED;
> + }
>
> audit_ptrace(task);
>
> @@ -282,11 +293,11 @@ static int ptrace_attach(struct task_struct *task, long request,
> if (task->ptrace)
> goto unlock_tasklist;
>
> - task->ptrace = PT_PTRACED;
> if (seize)
> - task->ptrace |= PT_SEIZED;
> + flags |= PT_SEIZED;
> if (ns_capable(task_user_ns(task), CAP_SYS_PTRACE))
> - task->ptrace |= PT_PTRACE_CAP;
> + flags |= PT_PTRACE_CAP;
> + task->ptrace = flags;
>
> __ptrace_link(task, current);
>
> @@ -879,7 +890,7 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr,
> }
>
> if (request == PTRACE_ATTACH || request == PTRACE_SEIZE) {
> - ret = ptrace_attach(child, request, data);
> + ret = ptrace_attach(child, request, addr, data);
> /*
> * Some architectures need to do book-keeping after
> * a ptrace attach.
> @@ -1022,7 +1033,7 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid,
> }
>
> if (request == PTRACE_ATTACH || request == PTRACE_SEIZE) {
> - ret = ptrace_attach(child, request, data);
> + ret = ptrace_attach(child, request, addr, data);
> /*
> * Some architectures need to do book-keeping after
> * a ptrace attach.
> --
> 1.7.7.6
>
next prev parent reply other threads:[~2012-02-10 17:27 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-10 14:43 [PATCH 0/5] ptrace tweaks Denys Vlasenko
2012-02-10 14:43 ` [PATCH 1/5] ptrace: don't modify flags on PTRACE_SETOPTIONS failure Denys Vlasenko
2012-02-10 14:43 ` [PATCH 2/5] ptrace: simplify PTRACE_foo constants and PTRACE_SETOPTIONS code Denys Vlasenko
2012-02-10 14:43 ` [PATCH 3/5] ptrace: make PTRACE_SEIZE set ptrace options specified in 'data' parameter Denys Vlasenko
2012-02-10 14:43 ` [PATCH 4/5] ptrace: renumber PTRACE_EVENT_STOP so that future new options and events can match Denys Vlasenko
2012-02-10 14:43 ` [PATCH 5/5] ptrace: remove PTRACE_SEIZE_DEVEL bit Denys Vlasenko
2012-02-10 17:24 ` Oleg Nesterov
2012-02-10 17:46 ` Pedro Alves
2012-02-10 17:42 ` Oleg Nesterov
2012-02-10 17:49 ` Pedro Alves
2012-02-10 19:21 ` Tejun Heo
2012-02-10 17:19 ` [PATCH 4/5] ptrace: renumber PTRACE_EVENT_STOP so that future new options and events can match Oleg Nesterov
2012-02-10 15:57 ` [PATCH 3/5] ptrace: make PTRACE_SEIZE set ptrace options specified in 'data' parameter Oleg Nesterov
2012-02-10 16:34 ` Denys Vlasenko
2012-02-10 16:36 ` [PATCH v2 " Denys Vlasenko
2012-02-10 17:20 ` Oleg Nesterov [this message]
2012-02-10 17:17 ` [PATCH 2/5] ptrace: simplify PTRACE_foo constants and PTRACE_SETOPTIONS code Oleg Nesterov
2012-02-10 17:17 ` [PATCH 1/5] ptrace: don't modify flags on PTRACE_SETOPTIONS failure Oleg Nesterov
2012-02-10 17:32 ` [PATCH 0/2] more tweaks (Was: ptrace tweaks) Oleg Nesterov
2012-02-10 17:32 ` [PATCH 1/2] ptrace: the killed tracee should not enter the syscall Oleg Nesterov
2012-02-10 17:33 ` [PATCH 2/2] ptrace: don't send SIGTRAP on exec if SEIZED Oleg Nesterov
2012-02-10 17:48 ` [PATCH 0/2] more tweaks (Was: ptrace tweaks) Pedro Alves
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120210172047.GD8908@redhat.com \
--to=oleg@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=jan.kratochvil@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=palves@redhat.com \
--cc=tj@kernel.org \
--cc=vda.linux@googlemail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.