* [PATCH 3/5] powerpc, hw_breakpoints: Fix racy access to ptrace breakpoints [not found] <1302284067-7860-4-git-send-email-fweisbec@gmail.com> @ 2011-04-22 13:16 ` Frederic Weisbecker 2011-04-24 8:04 ` K.Prasad 0 siblings, 1 reply; 2+ messages in thread From: Frederic Weisbecker @ 2011-04-22 13:16 UTC (permalink / raw) To: LPPC Cc: Peter Zijlstra, Frederic Weisbecker, Will Deacon, LKML, Oleg Nesterov, Paul Mundt, Ingo Molnar, Prasad, v2.6.33.. (resend with ppc list in cc) While the tracer accesses ptrace breakpoints, the child task may concurrently exit due to a SIGKILL and thus release its breakpoints at the same time. We can then dereference some freed pointers. To fix this, hold a reference on the child breakpoints before manipulating them. Reported-by: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Frederic Weisbecker <fweisbec@gmail.com> Cc: Ingo Molnar <mingo@elte.hu> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Will Deacon <will.deacon@arm.com> Cc: Prasad <prasad@linux.vnet.ibm.com> Cc: Paul Mundt <lethal@linux-sh.org> Cc: v2.6.33.. <stable@kernel.org> --- arch/powerpc/kernel/ptrace.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c index 55613e3..4edeeb3 100644 --- a/arch/powerpc/kernel/ptrace.c +++ b/arch/powerpc/kernel/ptrace.c @@ -1591,7 +1591,10 @@ long arch_ptrace(struct task_struct *child, long request, } case PTRACE_SET_DEBUGREG: + if (ptrace_get_breakpoints(child) < 0) + return -ESRCH; ret = ptrace_set_debugreg(child, addr, data); + ptrace_put_breakpoints(child); break; #ifdef CONFIG_PPC64 -- 1.7.3.2 ^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH 3/5] powerpc, hw_breakpoints: Fix racy access to ptrace breakpoints 2011-04-22 13:16 ` [PATCH 3/5] powerpc, hw_breakpoints: Fix racy access to ptrace breakpoints Frederic Weisbecker @ 2011-04-24 8:04 ` K.Prasad 0 siblings, 0 replies; 2+ messages in thread From: K.Prasad @ 2011-04-24 8:04 UTC (permalink / raw) To: Frederic Weisbecker Cc: Peter Zijlstra, Will Deacon, LKML, Oleg Nesterov, Paul Mundt, Ingo Molnar, LPPC, v2.6.33.. On Fri, Apr 22, 2011 at 03:16:27PM +0200, Frederic Weisbecker wrote: > (resend with ppc list in cc) > > While the tracer accesses ptrace breakpoints, the child task may > concurrently exit due to a SIGKILL and thus release its breakpoints > at the same time. We can then dereference some freed pointers. > > To fix this, hold a reference on the child breakpoints before > manipulating them. > > Reported-by: Oleg Nesterov <oleg@redhat.com> > Signed-off-by: Frederic Weisbecker <fweisbec@gmail.com> > Cc: Ingo Molnar <mingo@elte.hu> > Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> > Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> > Cc: Will Deacon <will.deacon@arm.com> > Cc: Prasad <prasad@linux.vnet.ibm.com> > Cc: Paul Mundt <lethal@linux-sh.org> > Cc: v2.6.33.. <stable@kernel.org> > --- > arch/powerpc/kernel/ptrace.c | 3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) > > diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c > index 55613e3..4edeeb3 100644 > --- a/arch/powerpc/kernel/ptrace.c > +++ b/arch/powerpc/kernel/ptrace.c > @@ -1591,7 +1591,10 @@ long arch_ptrace(struct task_struct *child, long request, > } > > case PTRACE_SET_DEBUGREG: > + if (ptrace_get_breakpoints(child) < 0) > + return -ESRCH; > ret = ptrace_set_debugreg(child, addr, data); > + ptrace_put_breakpoints(child); > break; > > #ifdef CONFIG_PPC64 > -- > 1.7.3.2 > Hi Frederic, Looks fine to me. Acked-by: K.Prasad <prasad@linux.vnet.ibm.com> Thanks, K.Prasad ^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-04-24 8:04 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <1302284067-7860-4-git-send-email-fweisbec@gmail.com>
2011-04-22 13:16 ` [PATCH 3/5] powerpc, hw_breakpoints: Fix racy access to ptrace breakpoints Frederic Weisbecker
2011-04-24 8:04 ` K.Prasad
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).