lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 6 Jul 2022 10:59:00 +0200 From: Peter Zijlstra <peterz@...radead.org> To: Sven Schnelle <svens@...ux.ibm.com> Cc: Steven Rostedt <rostedt@...dmis.org>, Alexander Gordeev <agordeev@...ux.ibm.com>, "Eric W. Biederman" <ebiederm@...ssion.com>, linux-kernel@...r.kernel.org, rjw@...ysocki.net, Oleg Nesterov <oleg@...hat.com>, mingo@...nel.org, vincent.guittot@...aro.org, dietmar.eggemann@....com, mgorman@...e.de, bigeasy@...utronix.de, Will Deacon <will@...nel.org>, tj@...nel.org, linux-pm@...r.kernel.org, Richard Weinberger <richard@....at>, Anton Ivanov <anton.ivanov@...bridgegreys.com>, Johannes Berg <johannes@...solutions.net>, linux-um@...ts.infradead.org, Chris Zankel <chris@...kel.net>, Max Filippov <jcmvbkbc@...il.com>, linux-xtensa@...ux-xtensa.org, Kees Cook <keescook@...omium.org>, Jann Horn <jannh@...gle.com>, linux-ia64@...r.kernel.org Subject: Re: [PATCH v4 12/12] sched,signal,ptrace: Rework TASK_TRACED, TASK_STOPPED state On Wed, Jul 06, 2022 at 09:58:55AM +0200, Sven Schnelle wrote: > >> [ 86.218551] kill_chi-343805 6d.... 79990141us : ptrace_stop: JOBCTL_TRACED already set, state=0 <------ valid combination of flags? > > > > Yeah, that's not supposed to be so. JOBCTL_TRACED is supposed to follow > > __TASK_TRACED for now. Set when __TASK_TRACED, cleared when > > TASK_RUNNING. > > > > Specifically {ptrace_,}signal_wake_up() in signal.h clear JOBCTL_TRACED > > when they would wake a __TASK_TRACED task. > > try_to_wake_up() clears TASK_TRACED in this case because a signal > (SIGKILL) has to be delivered. As a test I put the following change > on top, and it "fixes" the problem: > > diff --git a/kernel/sched/core.c b/kernel/sched/core.c > index da0bf6fe9ecd..f2e0f5e70e77 100644 > --- a/kernel/sched/core.c > +++ b/kernel/sched/core.c > @@ -4141,6 +4149,9 @@ try_to_wake_up(struct task_struct *p, unsigned int state, int wake_flags) > * TASK_WAKING such that we can unlock p->pi_lock before doing the > * enqueue, such as ttwu_queue_wakelist(). > */ > + if (p->__state & TASK_TRACED) > + trace_printk("clearing TASK_TRACED 2\n"); > + p->jobctl &= ~JOBCTL_TRACED; > WRITE_ONCE(p->__state, TASK_WAKING); > > /* > > There are several places where the state is changed from TASK_TRACED to > something else without clearing JOBCTL_TRACED. I'm having difficulty spotting them; I find: TASK_WAKEKILL: signal_wake_up() __TASK_TRACED: ptrace_signal_wake_up(), ptrace_unfreeze_traced(), ptrace_resume() And all those sites dutifully clear JOBCTL_TRACED. I'd be most interested in the calstack for the 'clearing TASK_TRACED 2' events to see where we miss a spot.
Powered by blists - more mailing lists