From: ebiederm@xmission.com (Eric W. Biederman)
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Waiman Long <longman@redhat.com>, Ingo Molnar <mingo@kernel.org>,
Will Deacon <will@kernel.org>,
Bernd Edlinger <bernd.edlinger@hotmail.de>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Alexey Gladkov <gladkov.alexey@gmail.com>,
Oleg Nesterov <oleg@redhat.com>
Subject: Re: [GIT PULL] Please pull proc and exec work for 5.7-rc1
Date: Thu, 09 Apr 2020 15:34:26 -0500 [thread overview]
Message-ID: <871rowpfe5.fsf@x220.int.ebiederm.org> (raw)
In-Reply-To: <CAHk-=wiB762bDtiNZJ8KcRSkapOv3VUZbzyCvAt-8tSMWhR1DA@mail.gmail.com> (Linus Torvalds's message of "Thu, 9 Apr 2020 10:36:07 -0700")
Linus Torvalds <torvalds@linux-foundation.org> writes:
> On Thu, Apr 9, 2020 at 10:06 AM Eric W. Biederman <ebiederm@xmission.com> wrote:
>>
>> a) We must stop in PTRACE_EVENT_EXIT during exec or userspace *breaks*.
>>
>> Those are the defined semantics and I believe it is something
>> as common as strace that depends on them.
>
> Don't be silly.
>
> Of course we must stop IF THE TRACER IS ACTUALLY TRACING US.
>
> But that's simply not the case. The deadlock case is where the tracer
> is going through an execve, and the tracing thread is being killed.
Linus please don't be daft.
I will agree that if one thread in a process ptracess another thread
in the same process, and the tracing thread calls execve we have
a problem. A different problem but one worth addressing.
The deadlock case I am talking about. The deadlock case that trivially
exists in real code is:
A single threaded process (the tracer) ptrace attaches to every thread of a
multi-threaded process (the tracee).
If one of these attaches succeeds, and another thread of the tracee
processes calls execve before the tracer attachs to it, then the tracer
blocks in ptrace_attach waitiing for the traccee's exeve to succeed
while the tracee blocks in de_thread waiting for it's other threads to
exit. The threads of the tracee attempt to exit but one or more of them
are in PTRACE_EVENT_EXIT waiting for the tracer to let them continue.
The tracer of course is stalled waiting for the exec to succeed.
Let me see if I can draw a picture.
Tracer TraceeThreadA TraceeThreadB
ptrace_attach(TraceeThreadA)
execve
acquires cred_guard_mutex
ptrace_attach(TraceeThreadB)
Blocks on cred_guard_mutex
de_thread
waits for other threads to exit
Receives SIGKILL
do_exit()
PTRACE_EVENT_EXIT
Waits for tracer
So we have a loop.
TraceeThreadB is waiting for TraceeThreadA to reach exit_noitfy.
TraceeThreadA is waiting for the tracer to allow it to continue.
The Tracer is waiting for TraceeThreadB to finish it's call to exec.
Since they are all waiting for each other that loop is a deadlock.
All it takes is a tracer that uses PTRACE_EVENT_EXIT.
Does that make the deadlock that I see clear?
In your proposed lock revision you were talking about ptrace_attach
taking your new the lock for write so I don't see your proposed lock
being any different in this scenario from cred_guard_mutex. Perhaps I
missed something?
I know Oleg's test case was a little more involved but that was to
guarantee the timing perhaps that introduced confusion.
Eric
next prev parent reply other threads:[~2020-04-09 20:37 UTC|newest]
Thread overview: 128+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <87blobnq02.fsf@x220.int.ebiederm.org>
2020-04-02 19:04 ` [GIT PULL] Please pull proc and exec work for 5.7-rc1 Linus Torvalds
2020-04-02 19:31 ` Bernd Edlinger
2020-04-02 19:52 ` Linus Torvalds
2020-04-02 20:59 ` Bernd Edlinger
2020-04-02 21:46 ` Linus Torvalds
2020-04-02 23:01 ` Eric W. Biederman
2020-04-02 23:42 ` Bernd Edlinger
2020-04-02 23:45 ` Eric W. Biederman
2020-04-02 23:49 ` Bernd Edlinger
2020-04-02 23:45 ` Linus Torvalds
2020-04-02 23:44 ` Linus Torvalds
2020-04-03 0:05 ` Eric W. Biederman
2020-04-07 1:29 ` [RFC][PATCH 0/3] exec_update_mutex related cleanups Eric W. Biederman
2020-04-07 1:31 ` [PATCH 1/3] binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf Eric W. Biederman
2020-04-07 15:58 ` Kees Cook
2020-04-07 16:11 ` Christian Brauner
2020-04-08 17:25 ` Linus Torvalds
2020-04-08 19:51 ` Eric W. Biederman
2020-04-07 1:31 ` [PATCH 2/3] exec: Make unlocking exec_update_mutex explict Eric W. Biederman
2020-04-07 16:02 ` Kees Cook
2020-04-07 16:17 ` Christian Brauner
2020-04-07 16:21 ` Eric W. Biederman
2020-04-07 1:32 ` [PATCH 3/3] exec: Rename the flag called_exec_mmap point_of_no_return Eric W. Biederman
2020-04-07 16:03 ` Kees Cook
2020-04-07 16:21 ` Christian Brauner
2020-04-07 16:22 ` [RFC][PATCH 0/3] exec_update_mutex related cleanups Christian Brauner
2020-04-08 17:26 ` Linus Torvalds
2020-04-03 5:09 ` [GIT PULL] Please pull proc and exec work for 5.7-rc1 Bernd Edlinger
2020-04-03 19:26 ` Linus Torvalds
2020-04-03 20:41 ` Waiman Long
2020-04-03 20:59 ` Linus Torvalds
2020-04-03 23:16 ` Waiman Long
2020-04-03 23:23 ` Waiman Long
2020-04-04 1:30 ` Linus Torvalds
2020-04-04 2:02 ` Waiman Long
2020-04-04 2:28 ` Linus Torvalds
2020-04-04 6:34 ` Bernd Edlinger
2020-04-05 6:34 ` Bernd Edlinger
2020-04-05 19:35 ` Linus Torvalds
2020-04-05 2:42 ` Waiman Long
2020-04-05 3:35 ` Bernd Edlinger
2020-04-05 3:45 ` Waiman Long
2020-04-06 13:13 ` Will Deacon
2020-04-04 4:23 ` Bernd Edlinger
2020-04-06 22:17 ` Eric W. Biederman
2020-04-07 19:50 ` Linus Torvalds
2020-04-07 20:29 ` Bernd Edlinger
2020-04-07 20:47 ` Linus Torvalds
2020-04-08 15:14 ` Eric W. Biederman
2020-04-08 15:21 ` Bernd Edlinger
2020-04-08 16:34 ` Linus Torvalds
2020-04-09 14:58 ` Eric W. Biederman
2020-04-09 15:15 ` Bernd Edlinger
2020-04-09 16:15 ` Linus Torvalds
2020-04-09 16:24 ` Linus Torvalds
2020-04-09 17:03 ` Eric W. Biederman
2020-04-09 17:17 ` Bernd Edlinger
2020-04-09 17:37 ` Linus Torvalds
2020-04-09 17:46 ` Bernd Edlinger
2020-04-09 18:36 ` Linus Torvalds
2020-04-09 19:42 ` Linus Torvalds
2020-04-09 19:57 ` Bernd Edlinger
2020-04-09 20:04 ` Linus Torvalds
2020-04-09 20:36 ` Bernd Edlinger
2020-04-09 21:00 ` Eric W. Biederman
2020-04-09 21:17 ` Linus Torvalds
2020-04-09 23:52 ` Bernd Edlinger
2020-04-10 0:30 ` Linus Torvalds
2020-04-10 0:32 ` Linus Torvalds
2020-04-11 4:07 ` Bernd Edlinger
2020-04-11 18:20 ` Oleg Nesterov
2020-04-11 18:29 ` Linus Torvalds
2020-04-11 18:31 ` Linus Torvalds
2020-04-11 19:15 ` Bernd Edlinger
2020-04-11 20:07 ` Linus Torvalds
2020-04-11 21:16 ` Bernd Edlinger
[not found] ` <CAHk-=wgWHkBzFazWJj57emHPd3Dg9SZHaZqoO7-AD+UbBTJgig@mail.gmail.com>
2020-04-11 21:57 ` Linus Torvalds
2020-04-12 6:01 ` Bernd Edlinger
2020-04-12 19:50 ` Oleg Nesterov
2020-04-12 20:14 ` Linus Torvalds
2020-04-28 2:56 ` Bernd Edlinger
2020-04-28 17:07 ` Linus Torvalds
2020-04-28 19:08 ` Oleg Nesterov
2020-04-28 20:35 ` Linus Torvalds
2020-04-28 21:06 ` Jann Horn
2020-04-28 21:36 ` Linus Torvalds
2020-04-28 21:53 ` Jann Horn
2020-04-28 22:14 ` Linus Torvalds
2020-04-28 23:36 ` Jann Horn
2020-04-29 17:58 ` Linus Torvalds
2020-04-29 18:33 ` Jann Horn
2020-04-29 18:57 ` Linus Torvalds
2020-04-29 19:23 ` Bernd Edlinger
2020-04-29 19:26 ` Jann Horn
2020-04-29 20:19 ` Bernd Edlinger
2020-04-29 21:06 ` Jann Horn
2020-04-29 22:38 ` Linus Torvalds
2020-04-29 23:22 ` Linus Torvalds
2020-04-29 23:59 ` Jann Horn
2020-04-30 1:08 ` Bernd Edlinger
2020-04-30 2:20 ` Linus Torvalds
2020-04-30 3:00 ` Jann Horn
2020-04-30 3:25 ` Linus Torvalds
2020-04-30 3:41 ` Jann Horn
2020-04-30 3:50 ` Linus Torvalds
2020-04-30 13:37 ` Linus Torvalds
2020-04-30 2:16 ` Linus Torvalds
2020-04-30 13:39 ` Bernd Edlinger
2020-04-30 13:47 ` Linus Torvalds
2020-04-30 14:29 ` Bernd Edlinger
2020-04-30 16:40 ` Linus Torvalds
2020-05-02 4:11 ` Bernd Edlinger
2025-08-24 22:28 ` Bernd Edlinger
2020-04-09 17:36 ` Linus Torvalds
2020-04-09 20:34 ` Eric W. Biederman [this message]
2020-04-09 20:56 ` Linus Torvalds
2020-04-02 23:02 ` Bernd Edlinger
2020-04-02 23:22 ` Bernd Edlinger
2020-04-03 7:38 ` Bernd Edlinger
2020-04-03 16:00 ` Bernd Edlinger
2020-04-03 15:09 ` Bernd Edlinger
2020-04-03 16:23 ` Linus Torvalds
2020-04-03 16:36 ` Bernd Edlinger
2020-04-04 5:43 ` Bernd Edlinger
2020-04-04 5:48 ` Bernd Edlinger
2020-04-06 6:41 ` Bernd Edlinger
2020-04-10 13:03 ` [GIT PULL] proc fix " Eric W. Biederman
2020-04-10 20:40 ` pr-tracker-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=871rowpfe5.fsf@x220.int.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=bernd.edlinger@hotmail.de \
--cc=gladkov.alexey@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=longman@redhat.com \
--cc=mingo@kernel.org \
--cc=oleg@redhat.com \
--cc=torvalds@linux-foundation.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox