diff options
| author | Arnd Bergmann <arnd@arndb.de> | 2010-02-27 13:49:37 -0500 |
|---|---|---|
| committer | Frederic Weisbecker <fweisbec@gmail.com> | 2010-04-10 09:34:21 -0400 |
| commit | 5534ecb2dda04345e8243901e0e49599228b4273 (patch) | |
| tree | 1d09ca0bcc6fcac12310300a306c233e350151c7 | |
| parent | 2eaa9cfdf33b8d7fb7aff27792192e0019ae8fc6 (diff) | |
ptrace: kill BKL in ptrace syscall
The comment suggests that this usage is stale. There is no bkl in the
exec path so if there is a race lurking there, the bkl in ptrace is
not going to help in this regard.
Overview of the possibility of "accidental" races this bkl might
protect:
- ptrace_traceme() is protected against task removal and concurrent
read/write on current->ptrace as it locks write tasklist_lock.
- arch_ptrace_attach() is serialized by ptrace_traceme() against
concurrent PTRACE_TRACEME or PTRACE_ATTACH
- ptrace_attach() is protected the same way ptrace_traceme() and
in turn serializes arch_ptrace_attach()
- ptrace_check_attach() does its own well described serializing too.
There is no obvious race here.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Frederic Weisbecker <fweisbec@gmail.com>
Acked-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Roland McGrath <roland@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Roland McGrath <roland@redhat.com>
| -rw-r--r-- | kernel/ptrace.c | 10 |
1 files changed, 0 insertions, 10 deletions
diff --git a/kernel/ptrace.c b/kernel/ptrace.c index 42ad8ae729a0..53575020f82b 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c | |||
| @@ -666,10 +666,6 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, long, addr, long, data) | |||
| 666 | struct task_struct *child; | 666 | struct task_struct *child; |
| 667 | long ret; | 667 | long ret; |
| 668 | 668 | ||
| 669 | /* | ||
| 670 | * This lock_kernel fixes a subtle race with suid exec | ||
| 671 | */ | ||
| 672 | lock_kernel(); | ||
| 673 | if (request == PTRACE_TRACEME) { | 669 | if (request == PTRACE_TRACEME) { |
| 674 | ret = ptrace_traceme(); | 670 | ret = ptrace_traceme(); |
| 675 | if (!ret) | 671 | if (!ret) |
| @@ -703,7 +699,6 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, long, addr, long, data) | |||
| 703 | out_put_task_struct: | 699 | out_put_task_struct: |
| 704 | put_task_struct(child); | 700 | put_task_struct(child); |
| 705 | out: | 701 | out: |
| 706 | unlock_kernel(); | ||
| 707 | return ret; | 702 | return ret; |
| 708 | } | 703 | } |
| 709 | 704 | ||
| @@ -813,10 +808,6 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, | |||
| 813 | struct task_struct *child; | 808 | struct task_struct *child; |
| 814 | long ret; | 809 | long ret; |
| 815 | 810 | ||
| 816 | /* | ||
| 817 | * This lock_kernel fixes a subtle race with suid exec | ||
| 818 | */ | ||
| 819 | lock_kernel(); | ||
| 820 | if (request == PTRACE_TRACEME) { | 811 | if (request == PTRACE_TRACEME) { |
| 821 | ret = ptrace_traceme(); | 812 | ret = ptrace_traceme(); |
| 822 | goto out; | 813 | goto out; |
| @@ -846,7 +837,6 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, | |||
| 846 | out_put_task_struct: | 837 | out_put_task_struct: |
| 847 | put_task_struct(child); | 838 | put_task_struct(child); |
| 848 | out: | 839 | out: |
| 849 | unlock_kernel(); | ||
| 850 | return ret; | 840 | return ret; |
| 851 | } | 841 | } |
| 852 | #endif /* CONFIG_COMPAT */ | 842 | #endif /* CONFIG_COMPAT */ |