Re: [PATCHv2] ptrace: fix PTRACE_LISTEN race corrupting task->state

From: Andrew Morton
Date: Tue Apr 04 2017 - 17:53:23 EST

Next message: Joerg Roedel: "Re: [PATCH] x86/signals: Fix lower/upper bound reporting in compat siginfo"
Previous message: NeilBrown: "Re: [RFC PATCH] blk: reset 'bi_next' when bio is done inside request"
In reply to: bsegall: "[PATCHv2] ptrace: fix PTRACE_LISTEN race corrupting task->state"
Next in thread: Oleg Nesterov: "Re: [PATCHv2] ptrace: fix PTRACE_LISTEN race corrupting task->state"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 04 Apr 2017 14:47:34 -0700 bsegall@xxxxxxxxxx wrote:

> In PT_SEIZED + LISTEN mode STOP/CONT signals cause a wakeup against
> __TASK_TRACED. If this races with the ptrace_unfreeze_traced at the end
> of a PTRACE_LISTEN, this can wake the task /after/ the check against
> __TASK_TRACED, but before the reset of state to TASK_TRACED. This causes
> it to instead clobber TASK_WAKING, allowing a subsequent wakeup against
> TRACED while the task is still on the rq wake_list, corrupting it.

The changelog doesn't convey the urgency of the fix. To understand
this we'll need to know the user-visible impact of the bug and the
likelihood of someone hitting it.

Also your suggestion regarding which kernel version(s) should be fixed
(and the reasoning) is always valuable.

Next message: Joerg Roedel: "Re: [PATCH] x86/signals: Fix lower/upper bound reporting in compat siginfo"
Previous message: NeilBrown: "Re: [RFC PATCH] blk: reset 'bi_next' when bio is done inside request"
In reply to: bsegall: "[PATCHv2] ptrace: fix PTRACE_LISTEN race corrupting task->state"
Next in thread: Oleg Nesterov: "Re: [PATCHv2] ptrace: fix PTRACE_LISTEN race corrupting task->state"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]