[PATCH] fix zap_thread's ptrace related problems

1. The tracee can go from ptrace_stop() to do_signal_stop()
   after __ptrace_unlink(p).

2. It is unsafe to __ptrace_unlink(p) while p->parent may wait
   for tasklist_lock in ptrace_detach().

Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Roland McGrath <roland@redhat.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

1 files changed, 15 insertions, 10 deletions

diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index d2cf144d0af5..d95a72c9279d 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -72,8 +72,8 @@ void ptrace_untrace(task_t *child)
  */
 void __ptrace_unlink(task_t *child)
 {
-        if (!child->ptrace)
-                BUG();
+        BUG_ON(!child->ptrace);
+
         child->ptrace = 0;
         if (!list_empty(&child->ptrace_list)) {
                 list_del_init(&child->ptrace_list);
@@ -184,22 +184,27 @@ bad:
         return retval;
 }
 
+void __ptrace_detach(struct task_struct *child, unsigned int data)
+{
+        child->exit_code = data;
+        /* .. re-parent .. */
+        __ptrace_unlink(child);
+        /* .. and wake it up. */
+        if (child->exit_state != EXIT_ZOMBIE)
+                wake_up_process(child);
+}
+
 int ptrace_detach(struct task_struct *child, unsigned int data)
 {
         if (!valid_signal(data))
-                return  -EIO;
+                return -EIO;
 
         /* Architecture-specific hardware disable .. */
         ptrace_disable(child);
 
-        /* .. re-parent .. */
-        child->exit_code = data;
-
         write_lock_irq(&tasklist_lock);
-        __ptrace_unlink(child);
-        /* .. and wake it up. */
-        if (child->exit_state != EXIT_ZOMBIE)
-                wake_up_process(child);
+        if (child->ptrace)
+                __ptrace_detach(child, data);
         write_unlock_irq(&tasklist_lock);
 
         return 0;