* [PATCH 3/5] powerpc, hw_breakpoints: Fix racy access to ptrace breakpoints
[not found] <1302284067-7860-4-git-send-email-fweisbec@gmail.com>
@ 2011-04-22 13:16 ` Frederic Weisbecker
2011-04-24 8:04 ` K.Prasad
0 siblings, 1 reply; 2+ messages in thread
From: Frederic Weisbecker @ 2011-04-22 13:16 UTC (permalink / raw)
To: LPPC
Cc: Peter Zijlstra, Frederic Weisbecker, Will Deacon, LKML,
Oleg Nesterov, Paul Mundt, Ingo Molnar, Prasad, v2.6.33..
(resend with ppc list in cc)
While the tracer accesses ptrace breakpoints, the child task may
concurrently exit due to a SIGKILL and thus release its breakpoints
at the same time. We can then dereference some freed pointers.
To fix this, hold a reference on the child breakpoints before
manipulating them.
Reported-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Prasad <prasad@linux.vnet.ibm.com>
Cc: Paul Mundt <lethal@linux-sh.org>
Cc: v2.6.33.. <stable@kernel.org>
---
arch/powerpc/kernel/ptrace.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c
index 55613e3..4edeeb3 100644
--- a/arch/powerpc/kernel/ptrace.c
+++ b/arch/powerpc/kernel/ptrace.c
@@ -1591,7 +1591,10 @@ long arch_ptrace(struct task_struct *child, long request,
}
case PTRACE_SET_DEBUGREG:
+ if (ptrace_get_breakpoints(child) < 0)
+ return -ESRCH;
ret = ptrace_set_debugreg(child, addr, data);
+ ptrace_put_breakpoints(child);
break;
#ifdef CONFIG_PPC64
--
1.7.3.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH 3/5] powerpc, hw_breakpoints: Fix racy access to ptrace breakpoints
2011-04-22 13:16 ` [PATCH 3/5] powerpc, hw_breakpoints: Fix racy access to ptrace breakpoints Frederic Weisbecker
@ 2011-04-24 8:04 ` K.Prasad
0 siblings, 0 replies; 2+ messages in thread
From: K.Prasad @ 2011-04-24 8:04 UTC (permalink / raw)
To: Frederic Weisbecker
Cc: Peter Zijlstra, Will Deacon, LKML, Oleg Nesterov, Paul Mundt,
Ingo Molnar, LPPC, v2.6.33..
On Fri, Apr 22, 2011 at 03:16:27PM +0200, Frederic Weisbecker wrote:
> (resend with ppc list in cc)
>
> While the tracer accesses ptrace breakpoints, the child task may
> concurrently exit due to a SIGKILL and thus release its breakpoints
> at the same time. We can then dereference some freed pointers.
>
> To fix this, hold a reference on the child breakpoints before
> manipulating them.
>
> Reported-by: Oleg Nesterov <oleg@redhat.com>
> Signed-off-by: Frederic Weisbecker <fweisbec@gmail.com>
> Cc: Ingo Molnar <mingo@elte.hu>
> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
> Cc: Will Deacon <will.deacon@arm.com>
> Cc: Prasad <prasad@linux.vnet.ibm.com>
> Cc: Paul Mundt <lethal@linux-sh.org>
> Cc: v2.6.33.. <stable@kernel.org>
> ---
> arch/powerpc/kernel/ptrace.c | 3 +++
> 1 files changed, 3 insertions(+), 0 deletions(-)
>
> diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c
> index 55613e3..4edeeb3 100644
> --- a/arch/powerpc/kernel/ptrace.c
> +++ b/arch/powerpc/kernel/ptrace.c
> @@ -1591,7 +1591,10 @@ long arch_ptrace(struct task_struct *child, long request,
> }
>
> case PTRACE_SET_DEBUGREG:
> + if (ptrace_get_breakpoints(child) < 0)
> + return -ESRCH;
> ret = ptrace_set_debugreg(child, addr, data);
> + ptrace_put_breakpoints(child);
> break;
>
> #ifdef CONFIG_PPC64
> --
> 1.7.3.2
>
Hi Frederic,
Looks fine to me.
Acked-by: K.Prasad <prasad@linux.vnet.ibm.com>
Thanks,
K.Prasad
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-04-24 8:04 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <1302284067-7860-4-git-send-email-fweisbec@gmail.com>
2011-04-22 13:16 ` [PATCH 3/5] powerpc, hw_breakpoints: Fix racy access to ptrace breakpoints Frederic Weisbecker
2011-04-24 8:04 ` K.Prasad
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).