From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754439AbbLCU4T (ORCPT <rfc822;w@1wt.eu>);
	Thu, 3 Dec 2015 15:56:19 -0500
Received: from atrey.karlin.mff.cuni.cz ([195.113.26.193]:35451 "EHLO
	atrey.karlin.mff.cuni.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1754081AbbLCU4Q (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Thu, 3 Dec 2015 15:56:16 -0500
Date: Thu, 3 Dec 2015 21:56:13 +0100
From: Pavel Machek <pavel@ucw.cz>
To: Oleg Nesterov <oleg@redhat.com>
Cc: Dmitry Vyukov <dvyukov@google.com>, LKML <linux-kernel@vger.kernel.org>,
        Roland McGrath <roland@hack.frob.com>, syzkaller@googlegroups.com,
        Kostya Serebryany <kcc@google.com>,
        Alexander Potapenko <glider@google.com>,
        Robert Swiecki <swiecki@google.com>, Kees Cook <keescook@google.com>,
        Julien Tinnes <jln@google.com>, Eric Dumazet <edumazet@google.com>
Subject: Re: Unkillable processes due to PTRACE_TRACEME
Message-ID: <20151203205613.GC14427@amd>
References: <CACT4Y+Zu9uvt5z_LRAQaPTo+nwfodwBbjkeTRHoxGKRCPqpx5Q@mail.gmail.com>
 <20151019194911.GA20063@redhat.com>
 <CACT4Y+aDeSED9pnERC+gyHAEV=+n+awJ-s-8QGBQWMzuww894A@mail.gmail.com>
 <CACT4Y+bHNEKdZpgOYc+LaKxDyt1GeD+Vf4jLnmAVWQ3Z8=LKaw@mail.gmail.com>
 <CACT4Y+YmBeTxXVpoWLybcKCy_EwX2uAA5u2b7KbACJX4k3B4FQ@mail.gmail.com>
 <20151020105539.GA27706@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20151020105539.GA27706@redhat.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi!

> > >> waitid(P_ALL, 0, {}, WNOHANG|WEXITED|WSTOPPED|WCONTINUED, NULL) = 0
> > >>
> > >> So what should be fixed here? Kernel of distro init?
> > >
> > > waitpid(__WALL) indeed joins these processes.
> 
> Thanks. And I just checked Fedora 22, it doesn't use __WALL too.
> 
> So I think we should change the kernel even if this is not a bug...
> I'll send the patch.
> 
> > > But __WALL can't be used with waitid and Ubuntu init uses waitid...
> 
> Yes, and I never understood why. Perhaps we should change this too.
> 
> > #include <pthread.h>
> > #include <unistd.h>
> > #include <sys/ptrace.h>
> > #include <stdio.h>
> > #include <errno.h>
> > #include <signal.h>
> > #include <sys/types.h>
> > #include <sys/wait.h>
> >
> > void *thr(void *arg) {
> >         ptrace(PTRACE_TRACEME, 0, 0, 0);
> >         return 0;
> > }
> >
> > int main() {
> > int pid = fork();
> >         if (pid == 0) {
> >                 pthread_t th;
> >                 pthread_create(&th, 0, thr, 0);
> >                 sleep(1);
> >                 return 0;
> >         }
> >         siginfo_t info = {};
> >         int status = 0;
> >         int res = waitpid(-1, &status, __WALL);
> >         printf("pid=%d res=%d errno=%d\n", pid, res, errno);
> >         res = waitpid(-1, &status, __WALL);
> >         printf("pid=%d res=%d errno=%d\n", pid, res, errno);
> >         return 0;
> > }
> >
> >
> > However, I need to wait for a particular child and if I change the
> > first waitpid to:
> >
> >         int res = waitpid(pid, &status, __WALL);
> >
> > then it does not terminate.
> > So how can I wait for such child process?
> 
> You can't. This is one of historical oddities. You need to reap the
> traced sub-thread first. And PTRACE_DETACH doesn't work.

If kill -9 does not take out the process, surely that sounds like a
security problem?

I know ptrace is old and tricky and ugly, but ....?

								Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html