Re: [PATCHv2] ptrace: fix PTRACE_LISTEN race corrupting task->state
From: Oleg Nesterov
Date: Wed Apr 05 2017 - 08:31:35 EST
On 04/04, bsegall@xxxxxxxxxx wrote:
>
> v2: slight clarification in comments, put the conditional around the
> whole wakeup area
Acked-by: Oleg Nesterov <oleg@xxxxxxxxxx>
and I think this should go to -stable.
> Oleg mentioned a preference for making LISTEN unfreeze instead; I have
> no preference there,
Yes, but I won't insist if you prefer this more simple fix,
> just wanted to make sure that this doesn't get
> forgotten entirely.
And you are right, I forgot about this bug. Thanks!
Oleg.
> kernel/ptrace.c | 14 ++++++++++----
> 1 file changed, 10 insertions(+), 4 deletions(-)
>
> diff --git a/kernel/ptrace.c b/kernel/ptrace.c
> index 0af928712174..7cc49c3e73af 100644
> --- a/kernel/ptrace.c
> +++ b/kernel/ptrace.c
> @@ -184,11 +184,17 @@ static void ptrace_unfreeze_traced(struct task_struct *task)
>
> WARN_ON(!task->ptrace || task->parent != current);
>
> + /*
> + * PTRACE_LISTEN can allow ptrace_trap_notify to wake us up
> + * remotely. Recheck state under the lock to close this race.
> + */
> spin_lock_irq(&task->sighand->siglock);
> - if (__fatal_signal_pending(task))
> - wake_up_state(task, __TASK_TRACED);
> - else
> - task->state = TASK_TRACED;
> + if (task->state == __TASK_TRACED) {
> + if (__fatal_signal_pending(task))
> + wake_up_state(task, __TASK_TRACED);
> + else
> + task->state = TASK_TRACED;
> + }
> spin_unlock_irq(&task->sighand->siglock);
> }
>
> --
> 2.12.2.715.g7642488e1d-goog
>