Re: [PATCH] ptrace: fix ptrace vs tasklist_lock race on PREEMPT_RT.

[Oleg Nesterov <oleg@redhat.com>]

On 03/15, Sebastian Andrzej Siewior wrote:
>
> On 2022-03-14 19:54:30 [+0100], Oleg Nesterov wrote:
> > I never really understood ->saved_state logic. Will read this patch
> > tomorrow, but at first glance this patch doesn't solve all problems.
>
> Let me explain the ->saved_state logic:

Ah, thanks, but this is clear.

> > > --- a/kernel/sched/core.c
> > > +++ b/kernel/sched/core.c
> > > @@ -3239,7 +3239,8 @@ unsigned long wait_task_inactive(struct task_struct *p, unsigned int match_state
> > >  		 * is actually now running somewhere else!
> > >  		 */
> > >  		while (task_running(rq, p)) {
> > > -			if (match_state && unlikely(READ_ONCE(p->__state) != match_state))
> > > +			if (match_state &&
> > > +			    unlikely(!task_state_match_eq(p, match_state)))
> > >  				return 0;
> >
> > So wait_task_inactive() can return 0 but the task can run after that, right?
> > This is not what we want...
>
> Without checking both states you may never observe the requested state
> because it is set to TASK_RTLOCK_WAIT while waiting for a lock. Other
> than that, it may run briefly because it tries to acquire a lock or just
> acquired and this shouldn't be different from a task spinning on a lock.

I don't understand. wait_task_inactive() is used to ensure that this task
doesn't and can't run again, until debugger resumes these tracee.

Now. Unless I missed something, the tracee can leave CPU with saved_state
= TRACED (so task_state_match_eq() returns T) and wait_task_inactive() will
return. Then later the tracee will park in schedule again, yes.

But, for example, what if debugger clears TIF_BLOCKSTEP in between, while
the tracee is running? Can't this race with __switch_to_xtra() ?

Oleg.