diff options
author | Oleg Nesterov <oleg@redhat.com> | 2011-07-21 20:00:43 +0200 |
---|---|---|
committer | Oleg Nesterov <oleg@redhat.com> | 2011-07-22 15:10:49 +0200 |
commit | eac1b5e57d7abc836e78fd3fbcf77dbeed01edc9 (patch) | |
tree | 50d267e7a4edd645543abfeb33d12eb18d84d00e /fs/exec.c | |
parent | ptrace: fix ptrace_signal() && STOP_DEQUEUED interaction (diff) | |
download | linux-eac1b5e57d7abc836e78fd3fbcf77dbeed01edc9.tar.xz linux-eac1b5e57d7abc836e78fd3fbcf77dbeed01edc9.zip |
ptrace: do_wait(traced_leader_killed_by_mt_exec) can block forever
Test-case:
void *tfunc(void *arg)
{
execvp("true", NULL);
return NULL;
}
int main(void)
{
int pid;
if (fork()) {
pthread_t t;
kill(getpid(), SIGSTOP);
pthread_create(&t, NULL, tfunc, NULL);
for (;;)
pause();
}
pid = getppid();
assert(ptrace(PTRACE_ATTACH, pid, 0,0) == 0);
while (wait(NULL) > 0)
ptrace(PTRACE_CONT, pid, 0,0);
return 0;
}
It is racy, exit_notify() does __wake_up_parent() too. But in the
likely case it triggers the problem: de_thread() does release_task()
and the old leader goes away without the notification, the tracer
sleeps in do_wait() without children/tracees.
Change de_thread() to do __wake_up_parent(traced_leader->parent).
Since it is already EXIT_DEAD we can do this without ptrace_unlink(),
EXIT_DEAD threads do not exist from do_wait's pov.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Tejun Heo <tj@kernel.org>
Diffstat (limited to 'fs/exec.c')
-rw-r--r-- | fs/exec.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/fs/exec.c b/fs/exec.c index b08367abf30e..d219541db06c 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -967,6 +967,14 @@ static int de_thread(struct task_struct *tsk) BUG_ON(leader->exit_state != EXIT_ZOMBIE); leader->exit_state = EXIT_DEAD; + + /* + * We are going to release_task()->ptrace_unlink() silently, + * the tracer can sleep in do_wait(). EXIT_DEAD guarantees + * the tracer wont't block again waiting for this thread. + */ + if (unlikely(leader->ptrace)) + __wake_up_parent(leader, leader->parent); write_unlock_irq(&tasklist_lock); release_task(leader); |