From: Oleg Nesterov <oleg@redhat.com>
To: Matthew Dempsky <mdempsky@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Kees Cook <keescook@chromium.org>,
Julien Tinnes <jln@chromium.org>,
Roland McGrath <mcgrathr@chromium.org>,
Jan Kratochvil <jan.kratochvil@redhat.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v4] ptrace: Fix fork event messages across pid namespaces
Date: Thu, 3 Apr 2014 17:44:13 +0200 [thread overview]
Message-ID: <20140403154413.GA16684@redhat.com> (raw)
In-Reply-To: <1396492005-23811-1-git-send-email-mdempsky@chromium.org>
On 04/02, Matthew Dempsky wrote:
>
> When tracing a process in another pid namespace, it's important for
> fork event messages to contain the child's pid as seen from the
> tracer's pid namespace, not the parent's. Otherwise, the tracer won't
> be able to correlate the fork event with later SIGTRAP signals it
> receives from the child.
>
> We still risk a race condition if a ptracer from a different pid
> namespace attaches after we compute the pid_t value. However, sending
> a bogus fork event message in this unlikely scenario is still a vast
> improvement over the status quo where we always send bogus fork event
> messages to debuggers in a different pid namespace than the forking
> process.
>
> Signed-off-by: Matthew Dempsky <mdempsky@chromium.org>
Thanks,
Acked-by: Oleg Nesterov <oleg@redhat.com>
Some notes for potential future changes...
- I do not not see any potential user of ptrace_event_pid() outside
of fork.c, so perhaps this helper should not be exported.
In fact I wouldn't mind if you send v5 which moves it into fork.c ;)
- The usage of "trace" doesn't look very consistent after this patch...
OK, probably I'll try to cleanup this later.
- OTOH, calculating pid_nr in the namespace of ->parent can probably
go into another simple (exported) helper. do_notify_parent_*() and
exec_binprm() could use it, even they do not have the problem with
task_active_pid_ns(parent) == NULL. Not sure.
- I am thinking about another approach... Suppose that we change
ptrace_attach() to nullify ->ptrace_message, as we already discussed
this probably makes sense anyway.
Now (ignoring CLONE_VFORK to simplify the discussion), do_fork() can
do something like the following:
...
if (trace)
current->ptrace_message = calc_its_pid_in_parent_ns();
wake_up_new_task(p);
if (trace && current->ptrace_message && ptrace_event_enabled(trace))
ptrace_notify(...);
so that if we race with detach + attach we should likely see
->ptrace_message == 0 and report nothing as if the new debugger
attached after do_fork().
Not sure this is really possible (without additional complications),
and of course we still can't close the race completely.
But even if this can work and will not look too ugly, it would be
better to do this on top of your simple patch.
Matthew, I see other emails from you, will try to reply tomorrow.
Oleg.
next prev parent reply other threads:[~2014-04-03 15:44 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1396288478-1314-1-git-send-email-mdempsky@chromium.org>
[not found] ` <20140331181651.GA27686@redhat.com>
[not found] ` <CAF52+S5i7oqJnJ1NN0bk5Vg=CiYrussw0AunteE72kMMcWkeJA@mail.gmail.com>
2014-04-01 18:52 ` [PATCH v2] Fix ptrace events across pid namespaces Oleg Nesterov
2014-04-01 20:44 ` Matthew Dempsky
2014-04-01 22:29 ` [PATCH v3] ptrace: Fix fork event messages " Matthew Dempsky
2014-04-02 0:39 ` Matthew Dempsky
2014-04-02 14:58 ` Oleg Nesterov
2014-04-02 15:44 ` [PATCH 0/1] pid_namespace: pidns_get() should check task_active_pid_ns() != NULL Oleg Nesterov
2014-04-02 15:45 ` [PATCH 1/1] " Oleg Nesterov
2014-04-02 16:53 ` Eric W. Biederman
2014-04-02 15:58 ` Oleg Nesterov
2014-04-02 22:01 ` Eric W. Biederman
2014-04-02 21:58 ` [PATCH v3] ptrace: Fix fork event messages across pid namespaces Matthew Dempsky
2014-04-02 22:37 ` Matthew Dempsky
2014-04-07 19:24 ` Oleg Nesterov
2014-04-03 2:26 ` [PATCH v4] " Matthew Dempsky
2014-04-03 15:44 ` Oleg Nesterov [this message]
2014-04-03 16:13 ` Oleg Nesterov
2014-04-03 18:07 ` Matthew Dempsky
2014-04-07 19:06 ` Oleg Nesterov
2014-04-29 20:20 ` [RESEND PATCH " Matthew Dempsky
2014-04-29 22:11 ` Andrew Morton
2014-04-30 0:34 ` [PATCH v5] " Matthew Dempsky
2014-04-30 11:51 ` Oleg Nesterov
2014-04-30 20:16 ` Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140403154413.GA16684@redhat.com \
--to=oleg@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=jan.kratochvil@redhat.com \
--cc=jln@chromium.org \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mcgrathr@chromium.org \
--cc=mdempsky@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).