| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220524114250.GB14347@redhat.com>
Date: Tue, 24 May 2022 13:42:51 +0200
From: Oleg Nesterov <oleg@...hat.com>
To: "Eric W. Biederman" <ebiederm@...ssion.com>
Cc: linux-kernel@...r.kernel.org, rjw@...ysocki.net, mingo@...nel.org,
vincent.guittot@...aro.org, dietmar.eggemann@....com,
rostedt@...dmis.org, mgorman@...e.de, bigeasy@...utronix.de,
Will Deacon <will@...nel.org>, tj@...nel.org,
linux-pm@...r.kernel.org, Peter Zijlstra <peterz@...radead.org>,
Richard Weinberger <richard@....at>,
Anton Ivanov <anton.ivanov@...bridgegreys.com>,
Johannes Berg <johannes@...solutions.net>,
linux-um@...ts.infradead.org, Chris Zankel <chris@...kel.net>,
Max Filippov <jcmvbkbc@...il.com>,
linux-xtensa@...ux-xtensa.org, Kees Cook <keescook@...omium.org>,
Jann Horn <jannh@...gle.com>, linux-ia64@...r.kernel.org,
Robert OCallahan <roc@...nos.co>, Kyle Huey <khuey@...nos.co>,
Richard Henderson <rth@...ddle.net>,
Ivan Kokshaysky <ink@...assic.park.msu.ru>,
Matt Turner <mattst88@...il.com>,
Jason Wessel <jason.wessel@...driver.com>,
Daniel Thompson <daniel.thompson@...aro.org>,
Douglas Anderson <dianders@...omium.org>,
Douglas Miller <dougmill@...ux.vnet.ibm.com>,
Michael Ellerman <mpe@...erman.id.au>,
Benjamin Herrenschmidt <benh@...nel.crashing.org>,
Paul Mackerras <paulus@...ba.org>
Subject: Re: [PATCH 05/16] ptrace: Remove dead code from __ptrace_detach
Sorry for delay.
On 05/18, Eric W. Biederman wrote:
>
> Ever since commit 28d838cc4dfe ("Fix ptrace self-attach rule") it has
> been impossible to attach another thread in the same thread group.
>
> Remove the code from __ptrace_detach that was trying to support
> detaching from a thread in the same thread group.
may be I am totally confused, but I think you misunderstood this code
and thus this patch is very wrong.
The same_thread_group() check does NOT try to check if debugger and
tracee is in the same thread group, this is indeed impossible.
We need this check to know if the tracee was ptrace_reparented() before
__ptrace_unlink() or not.
> -static int ignoring_children(struct sighand_struct *sigh)
> -{
> - int ret;
> - spin_lock(&sigh->siglock);
> - ret = (sigh->action[SIGCHLD-1].sa.sa_handler == SIG_IGN) ||
> - (sigh->action[SIGCHLD-1].sa.sa_flags & SA_NOCLDWAIT);
> - spin_unlock(&sigh->siglock);
> - return ret;
> -}
...
> @@ -565,14 +552,9 @@ static bool __ptrace_detach(struct task_struct *tracer, struct task_struct *p)
>
> dead = !thread_group_leader(p);
>
> - if (!dead && thread_group_empty(p)) {
> - if (!same_thread_group(p->real_parent, tracer))
> - dead = do_notify_parent(p, p->exit_signal);
> - else if (ignoring_children(tracer->sighand)) {
> - __wake_up_parent(p, tracer);
> - dead = true;
> - }
> - }
So the code above does:
- if !same_thread_group(p->real_parent, tracer), then the tracee was
ptrace_reparented(), and now we need to notify its natural parent
to let it know it has a zombie child.
- otherwise, the tracee is our natural child, and it is actually dead.
however, since we are going to reap this task, we need to wake up our
sub-threads possibly sleeping on ->wait_chldexit wait_queue_head_t.
See?
> + if (!dead && thread_group_empty(p))
> + dead = do_notify_parent(p, p->exit_signal);
No, this looks wrong. Or I missed something?
Oleg.
Powered by blists - more mailing lists