lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20110511154834.GA23688@redhat.com>
Date:	Wed, 11 May 2011 17:48:34 +0200
From:	Oleg Nesterov <oleg@...hat.com>
To:	Tejun Heo <tj@...nel.org>
Cc:	jan.kratochvil@...hat.com, vda.linux@...glemail.com,
	linux-kernel@...r.kernel.org, torvalds@...ux-foundation.org,
	akpm@...ux-foundation.org, indan@....nu
Subject: Re: [PATCH 08/11] ptrace: move fallback JOBCTL_TRAPPING clearing
	to get_signal_to_deliver()

On 05/08, Tejun Heo wrote:
>
> Move the fallback clearing to the end of get_signal_to_deliver() so
> that TRAPPING is maintained while tracee is inside signal delivery
> path.  When killed, tracee is guaranteed to leave signal delivery path
> in finite amount of time and thus TRAPPING is still guaranteed to be
> cleared on kill.

Mostly yes, but we can race with freeze_processes() and deadlock.

> @@ -1978,9 +1981,6 @@ retry:
>  		goto retry;
>  	}
>
> -	/* PTRACE_ATTACH might have raced with task killing, clear trapping */
> -	task_clear_jobctl_trapping(current);
> -
>  	spin_unlock_irq(&current->sighand->siglock);
>
>  	tracehook_finish_jctl();
> @@ -2226,6 +2226,13 @@ relock:
>  		do_group_exit(info->si_signo);
>  		/* NOTREACHED */
>  	}
> +
> +	/*
> +	 * PTRACE_ATTACH might have raced with task killing.  Make sure
> +	 * trapping is clear before leaving signal delivery path.
> +	 */
> +	task_clear_jobctl_trapping(current);

before the tracee does this, it returns from do_signal_stop(), goes to
relock:, and calls try_to_freeze(). If it becomes frozen,
try_to_freeze_tasks() can't succeed because the tracer waits for
!JOBCTL_TRAPPING.

And. The main problem is that "leave signal delivery path" is not true
at all. When the tracee dequeues SIGKILL it calls do_group_exit() inside
the main loop.

So far this all looks easily fixeable though...

Oleg.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ