diff options
author | Oleg Nesterov <oleg@tv-sign.ru> | 2006-02-15 14:50:10 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-02-15 14:05:43 -0500 |
commit | 5ecfbae093f0c37311e89b29bfc0c9d586eace87 (patch) | |
tree | eabd0a145af64e26c900578c95175ab313828661 | |
parent | dadac81b1b86196fcc48fb87620403c4a7174f06 (diff) |
[PATCH] fix zap_thread's ptrace related problems
1. The tracee can go from ptrace_stop() to do_signal_stop()
after __ptrace_unlink(p).
2. It is unsafe to __ptrace_unlink(p) while p->parent may wait
for tasklist_lock in ptrace_detach().
Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Roland McGrath <roland@redhat.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r-- | fs/exec.c | 2 | ||||
-rw-r--r-- | include/linux/ptrace.h | 1 | ||||
-rw-r--r-- | kernel/ptrace.c | 25 |
3 files changed, 17 insertions, 11 deletions
@@ -1403,7 +1403,7 @@ static void zap_threads (struct mm_struct *mm) | |||
1403 | do_each_thread(g,p) { | 1403 | do_each_thread(g,p) { |
1404 | if (mm == p->mm && p != tsk && | 1404 | if (mm == p->mm && p != tsk && |
1405 | p->ptrace && p->parent->mm == mm) { | 1405 | p->ptrace && p->parent->mm == mm) { |
1406 | __ptrace_unlink(p); | 1406 | __ptrace_detach(p, 0); |
1407 | } | 1407 | } |
1408 | } while_each_thread(g,p); | 1408 | } while_each_thread(g,p); |
1409 | write_unlock_irq(&tasklist_lock); | 1409 | write_unlock_irq(&tasklist_lock); |
diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h index 9d5cd106b34..0d36750fc0f 100644 --- a/include/linux/ptrace.h +++ b/include/linux/ptrace.h | |||
@@ -84,6 +84,7 @@ extern int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __us | |||
84 | extern int ptrace_writedata(struct task_struct *tsk, char __user *src, unsigned long dst, int len); | 84 | extern int ptrace_writedata(struct task_struct *tsk, char __user *src, unsigned long dst, int len); |
85 | extern int ptrace_attach(struct task_struct *tsk); | 85 | extern int ptrace_attach(struct task_struct *tsk); |
86 | extern int ptrace_detach(struct task_struct *, unsigned int); | 86 | extern int ptrace_detach(struct task_struct *, unsigned int); |
87 | extern void __ptrace_detach(struct task_struct *, unsigned int); | ||
87 | extern void ptrace_disable(struct task_struct *); | 88 | extern void ptrace_disable(struct task_struct *); |
88 | extern int ptrace_check_attach(struct task_struct *task, int kill); | 89 | extern int ptrace_check_attach(struct task_struct *task, int kill); |
89 | extern int ptrace_request(struct task_struct *child, long request, long addr, long data); | 90 | extern int ptrace_request(struct task_struct *child, long request, long addr, long data); |
diff --git a/kernel/ptrace.c b/kernel/ptrace.c index d2cf144d0af..d95a72c9279 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c | |||
@@ -72,8 +72,8 @@ void ptrace_untrace(task_t *child) | |||
72 | */ | 72 | */ |
73 | void __ptrace_unlink(task_t *child) | 73 | void __ptrace_unlink(task_t *child) |
74 | { | 74 | { |
75 | if (!child->ptrace) | 75 | BUG_ON(!child->ptrace); |
76 | BUG(); | 76 | |
77 | child->ptrace = 0; | 77 | child->ptrace = 0; |
78 | if (!list_empty(&child->ptrace_list)) { | 78 | if (!list_empty(&child->ptrace_list)) { |
79 | list_del_init(&child->ptrace_list); | 79 | list_del_init(&child->ptrace_list); |
@@ -184,22 +184,27 @@ bad: | |||
184 | return retval; | 184 | return retval; |
185 | } | 185 | } |
186 | 186 | ||
187 | void __ptrace_detach(struct task_struct *child, unsigned int data) | ||
188 | { | ||
189 | child->exit_code = data; | ||
190 | /* .. re-parent .. */ | ||
191 | __ptrace_unlink(child); | ||
192 | /* .. and wake it up. */ | ||
193 | if (child->exit_state != EXIT_ZOMBIE) | ||
194 | wake_up_process(child); | ||
195 | } | ||
196 | |||
187 | int ptrace_detach(struct task_struct *child, unsigned int data) | 197 | int ptrace_detach(struct task_struct *child, unsigned int data) |
188 | { | 198 | { |
189 | if (!valid_signal(data)) | 199 | if (!valid_signal(data)) |
190 | return -EIO; | 200 | return -EIO; |
191 | 201 | ||
192 | /* Architecture-specific hardware disable .. */ | 202 | /* Architecture-specific hardware disable .. */ |
193 | ptrace_disable(child); | 203 | ptrace_disable(child); |
194 | 204 | ||
195 | /* .. re-parent .. */ | ||
196 | child->exit_code = data; | ||
197 | |||
198 | write_lock_irq(&tasklist_lock); | 205 | write_lock_irq(&tasklist_lock); |
199 | __ptrace_unlink(child); | 206 | if (child->ptrace) |
200 | /* .. and wake it up. */ | 207 | __ptrace_detach(child, data); |
201 | if (child->exit_state != EXIT_ZOMBIE) | ||
202 | wake_up_process(child); | ||
203 | write_unlock_irq(&tasklist_lock); | 208 | write_unlock_irq(&tasklist_lock); |
204 | 209 | ||
205 | return 0; | 210 | return 0; |