[PATCH] ptrace: locked accesss to ptrace last_siginfo

[PATCH] ptrace: locked accesss to ptrace last_siginfo

[pmeda]

ptrace_setsiginfo/ptrace_getsiginfo need to do locked access
to last_siginfo.  ptrace_notify()/ptrace_stop() sets the
current->last_siginfo and sleeps on schedule(). It can be waked
up by kill signal from signal_wake_up before debugger wakes it up.
On return from schedule(), the current->last_siginfo is reset.

Signed-off-by: Prasanna Meda <pmeda@akamai.com>


--- a/kernel/ptrace.c	Fri Nov 19 18:27:26 2004
+++ b/kernel/ptrace.c	Fri Nov 19 18:52:52 2004
@@ -303,18 +303,33 @@
 
 static int ptrace_getsiginfo(struct task_struct *child, siginfo_t __user * data)
 {
-	if (child->last_siginfo == NULL)
-		return -EINVAL;
-	return copy_siginfo_to_user(data, child->last_siginfo);
+	siginfo_t lastinfo;
+
+	spin_lock_irq(&child->sighand->siglock);
+	if (likely(child->last_siginfo != NULL)) {
+		memcpy(&lastinfo, child->last_siginfo, sizeof (siginfo_t));
+		spin_unlock_irq(&child->sighand->siglock);
+		return copy_siginfo_to_user(data, &lastinfo);
+	}
+	spin_unlock_irq(&child->sighand->siglock);
+	return -EINVAL;
 }
 
 static int ptrace_setsiginfo(struct task_struct *child, siginfo_t __user * data)
 {
-	if (child->last_siginfo == NULL)
-		return -EINVAL;
-	if (copy_from_user(child->last_siginfo, data, sizeof (siginfo_t)) != 0)
+	siginfo_t newinfo;
+
+	if (copy_from_user(&newinfo, data, sizeof (siginfo_t)) != 0)
 		return -EFAULT;
-	return 0;
+
+	spin_lock_irq(&child->sighand->siglock);
+	if (likely(child->last_siginfo != NULL)) {
+		memcpy(child->last_siginfo, &newinfo, sizeof (siginfo_t));
+		spin_unlock_irq(&child->sighand->siglock);
+		return 0;
+	}
+	spin_unlock_irq(&child->sighand->siglock);
+	return -EINVAL;
 }
 
 int ptrace_request(struct task_struct *child, long request,

Re: [PATCH] ptrace: locked accesss to ptrace last_siginfo

[Prasanna Meda]

pmeda@akamai.com wrote:

> ptrace_setsiginfo/ptrace_getsiginfo need to do locked access
> to last_siginfo.  ptrace_notify()/ptrace_stop() sets the
> current->last_siginfo and sleeps on schedule(). It can be waked
> up by kill signal from signal_wake_up before debugger wakes it up.
> On return from schedule(), the current->last_siginfo is reset.

Roland's  TASK_TRACED state fixes invalidates this claim.  Too
early to report.  SIGKILLs are queued, and process is not wakedup.

example:
29015: ptrace PTRACE_TRACEME returned:0
State of tracee as seen by tracer:
State:  T (tracing stop)
SigPnd: 0000000000000000
ShdPnd: 0000000000000000
Tracer:29014 ptrace(first PTRACE_CONT, 29015) returns 0
Tracer:29014 ptrace(second PTRACE_CONT, 29015) returns -1
ptrace PTRACE_CONT: No such process
Tracer:29014 got notifcation from tracee:29015, i.e. child:29015
Tracer:29014 ptrace(third PTRACE_CONT, 29015) returns 0
Tracer:29014 got notifcation from tracee:29015, i.e. child:29015

State of tracee before killing as seen by middleman:
State:  T (tracing stop)
SigPnd: 0000000000000000
ShdPnd: 0000000000000000
29019: kill(29015, SIGCONT) returns 0
State of tracee after killing as seen by middleman:
State:  T (tracing stop)
SigPnd: 0000000000000000
ShdPnd: 0000000000020000
29019: kill(29015, SIGKILL) returns 0
State of tracee after killing as seen by middleman:
State:  T (tracing stop)
SigPnd: 0000000000000000
ShdPnd: 0000000000020100

29019: kill(29015, probe) returns 0
wait for 29019 ...returns 29019


Thanks,
Prasanna.