lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Feb 2010 14:35:56 +0100 From: Oleg Nesterov <oleg@...hat.com> To: Salman Qazi <sqazi@...gle.com> Cc: Roland Dreier <rolandd@...co.com>, Andrew Morton <akpm@...ux-foundation.org>, Roland McGrath <roland@...hat.com>, linux-kernel@...r.kernel.org Subject: Re: Race in ptrace. On 02/09, Oleg Nesterov wrote: > > Salman Qazi wrote: > > > > A race in ptrace was pointed to us by a fellow Google engineer, Tavis > > Ormandy. The race involves interaction between a tracer, a tracee and > > an antagonist. The tracer is tracing the tracee with PTRACE_SYSCALL and > > waits on the tracee. In the mean time, an antagonist blasts the tracee > > with SIGCONTs. > > Could you please explain how did observe this race? Do you have a > test-case, or could you explain how we can reproduce it? > > Because, > > > It turns out that a SIGCONT wakes up the > > tracee in kernel mode, > > SIGCONT must not wake up a TASK_TRACED task. In case I wasn't clear... --- a/kernel/signal.c +++ b/kernel/signal.c @@ -697,6 +697,10 @@ static int prepare_signal(int sig, struct task_struct *p, int from_ancestor_ns) * and wake all threads. */ rm_from_queue(SIG_KERNEL_STOP_MASK, &signal->shared_pending); + if (p->ptrace & PT_PTRACED) { + p->ptrace |= PT_WAKING; + mb(); + } Please note that we are going to do wake_up_state(state), and this state can never have __TASK_TRACED bit set. And we can't change ->ptrace here, we can race with the tracer. There are other problems with this patch, but the main problem is that I can't understand what this patch tries to fix. IOW, please provide more info ;) Oleg. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists