diff options
| author | Oleg Nesterov <oleg@redhat.com> | 2015-04-16 15:47:32 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2015-04-17 09:04:06 -0400 |
| commit | 64a4096c5cdab377b6e1f44008ee8b2636db579d (patch) | |
| tree | 5cb701ad9bd68e19f6da29b29c086215b0292b67 /kernel | |
| parent | b72c186999e689cb0b055ab1c7b3cd8fffbeb5ed (diff) | |
ptrace: ptrace_detach() can no longer race with SIGKILL
ptrace_detach() re-checks ->ptrace under tasklist lock and calls
release_task() if __ptrace_detach() returns true. This was needed because
the __TASK_TRACED tracee could be killed/untraced, and it could even pass
exit_notify() before we take tasklist_lock.
But this is no longer possible after 9899d11f6544 "ptrace: ensure
arch_ptrace/ptrace_request can never race with SIGKILL". We can turn
these checks into WARN_ON() and remove release_task().
While at it, document the setting of child->exit_code.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Cc: Pavel Labath <labath@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/ptrace.c | 19 |
1 files changed, 9 insertions, 10 deletions
diff --git a/kernel/ptrace.c b/kernel/ptrace.c index 9a34bd80a745..c8e0e050a36a 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c | |||
| @@ -456,8 +456,6 @@ static bool __ptrace_detach(struct task_struct *tracer, struct task_struct *p) | |||
| 456 | 456 | ||
| 457 | static int ptrace_detach(struct task_struct *child, unsigned int data) | 457 | static int ptrace_detach(struct task_struct *child, unsigned int data) |
| 458 | { | 458 | { |
| 459 | bool dead = false; | ||
| 460 | |||
| 461 | if (!valid_signal(data)) | 459 | if (!valid_signal(data)) |
| 462 | return -EIO; | 460 | return -EIO; |
| 463 | 461 | ||
| @@ -467,18 +465,19 @@ static int ptrace_detach(struct task_struct *child, unsigned int data) | |||
| 467 | 465 | ||
| 468 | write_lock_irq(&tasklist_lock); | 466 | write_lock_irq(&tasklist_lock); |
| 469 | /* | 467 | /* |
| 470 | * This child can be already killed. Make sure de_thread() or | 468 | * We rely on ptrace_freeze_traced(). It can't be killed and |
| 471 | * our sub-thread doing do_wait() didn't do release_task() yet. | 469 | * untraced by another thread, it can't be a zombie. |
| 472 | */ | 470 | */ |
| 473 | if (child->ptrace) { | 471 | WARN_ON(!child->ptrace || child->exit_state); |
| 474 | child->exit_code = data; | 472 | /* |
| 475 | dead = __ptrace_detach(current, child); | 473 | * tasklist_lock avoids the race with wait_task_stopped(), see |
| 476 | } | 474 | * the comment in ptrace_resume(). |
| 475 | */ | ||
| 476 | child->exit_code = data; | ||
| 477 | __ptrace_detach(current, child); | ||
| 477 | write_unlock_irq(&tasklist_lock); | 478 | write_unlock_irq(&tasklist_lock); |
| 478 | 479 | ||
| 479 | proc_ptrace_connector(child, PTRACE_DETACH); | 480 | proc_ptrace_connector(child, PTRACE_DETACH); |
| 480 | if (unlikely(dead)) | ||
| 481 | release_task(child); | ||
| 482 | 481 | ||
| 483 | return 0; | 482 | return 0; |
| 484 | } | 483 | } |