diff options
Diffstat (limited to 'kernel/ptrace.c')
| -rw-r--r-- | kernel/ptrace.c | 39 |
1 files changed, 29 insertions, 10 deletions
diff --git a/kernel/ptrace.c b/kernel/ptrace.c index 227fec36b12a..c8e0e050a36a 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c | |||
| @@ -456,8 +456,6 @@ static bool __ptrace_detach(struct task_struct *tracer, struct task_struct *p) | |||
| 456 | 456 | ||
| 457 | static int ptrace_detach(struct task_struct *child, unsigned int data) | 457 | static int ptrace_detach(struct task_struct *child, unsigned int data) |
| 458 | { | 458 | { |
| 459 | bool dead = false; | ||
| 460 | |||
| 461 | if (!valid_signal(data)) | 459 | if (!valid_signal(data)) |
| 462 | return -EIO; | 460 | return -EIO; |
| 463 | 461 | ||
| @@ -467,18 +465,19 @@ static int ptrace_detach(struct task_struct *child, unsigned int data) | |||
| 467 | 465 | ||
| 468 | write_lock_irq(&tasklist_lock); | 466 | write_lock_irq(&tasklist_lock); |
| 469 | /* | 467 | /* |
| 470 | * This child can be already killed. Make sure de_thread() or | 468 | * We rely on ptrace_freeze_traced(). It can't be killed and |
| 471 | * our sub-thread doing do_wait() didn't do release_task() yet. | 469 | * untraced by another thread, it can't be a zombie. |
| 472 | */ | 470 | */ |
| 473 | if (child->ptrace) { | 471 | WARN_ON(!child->ptrace || child->exit_state); |
| 474 | child->exit_code = data; | 472 | /* |
| 475 | dead = __ptrace_detach(current, child); | 473 | * tasklist_lock avoids the race with wait_task_stopped(), see |
| 476 | } | 474 | * the comment in ptrace_resume(). |
| 475 | */ | ||
| 476 | child->exit_code = data; | ||
| 477 | __ptrace_detach(current, child); | ||
| 477 | write_unlock_irq(&tasklist_lock); | 478 | write_unlock_irq(&tasklist_lock); |
| 478 | 479 | ||
| 479 | proc_ptrace_connector(child, PTRACE_DETACH); | 480 | proc_ptrace_connector(child, PTRACE_DETACH); |
| 480 | if (unlikely(dead)) | ||
| 481 | release_task(child); | ||
| 482 | 481 | ||
| 483 | return 0; | 482 | return 0; |
| 484 | } | 483 | } |
| @@ -697,6 +696,8 @@ static int ptrace_peek_siginfo(struct task_struct *child, | |||
| 697 | static int ptrace_resume(struct task_struct *child, long request, | 696 | static int ptrace_resume(struct task_struct *child, long request, |
| 698 | unsigned long data) | 697 | unsigned long data) |
| 699 | { | 698 | { |
| 699 | bool need_siglock; | ||
| 700 | |||
| 700 | if (!valid_signal(data)) | 701 | if (!valid_signal(data)) |
| 701 | return -EIO; | 702 | return -EIO; |
| 702 | 703 | ||
| @@ -724,8 +725,26 @@ static int ptrace_resume(struct task_struct *child, long request, | |||
| 724 | user_disable_single_step(child); | 725 | user_disable_single_step(child); |
| 725 | } | 726 | } |
| 726 | 727 | ||
| 728 | /* | ||
| 729 | * Change ->exit_code and ->state under siglock to avoid the race | ||
| 730 | * with wait_task_stopped() in between; a non-zero ->exit_code will | ||
| 731 | * wrongly look like another report from tracee. | ||
| 732 | * | ||
| 733 | * Note that we need siglock even if ->exit_code == data and/or this | ||
| 734 | * status was not reported yet, the new status must not be cleared by | ||
| 735 | * wait_task_stopped() after resume. | ||
| 736 | * | ||
| 737 | * If data == 0 we do not care if wait_task_stopped() reports the old | ||
| 738 | * status and clears the code too; this can't race with the tracee, it | ||
| 739 | * takes siglock after resume. | ||
| 740 | */ | ||
| 741 | need_siglock = data && !thread_group_empty(current); | ||
| 742 | if (need_siglock) | ||
| 743 | spin_lock_irq(&child->sighand->siglock); | ||
| 727 | child->exit_code = data; | 744 | child->exit_code = data; |
| 728 | wake_up_state(child, __TASK_TRACED); | 745 | wake_up_state(child, __TASK_TRACED); |
| 746 | if (need_siglock) | ||
| 747 | spin_unlock_irq(&child->sighand->siglock); | ||
| 729 | 748 | ||
| 730 | return 0; | 749 | return 0; |
| 731 | } | 750 | } |