[PATCH v5] ptrace: Fix fork event messages across pid namespaces

We still risk a race condition if a ptracer from a different pid namespace attaches after we compute the pid_t value. However, sending a bogus fork event message in this unlikely scenario is still a vast improvement over the status quo where we always send bogus fork event messages to debu

[RESEND PATCH v4] ptrace: Fix fork event messages across pid namespaces

r we compute the pid_t value. However, sending a bogus fork event message in this unlikely scenario is still a vast improvement over the status quo where we always send bogus fork event messages to debuggers in a different pid namespace than the forking process. Signed-off-by:

Re: [PATCH v4] ptrace: Fix fork event messages across pid namespaces

On Thu, Apr 3, 2014 at 8:44 AM, Oleg Nesterov wrote: > On 04/02, Matthew Dempsky wrote: >> >> When tracing a process in another pid namespace, it's important for >> fork event messages to contain the child's pid as seen from the >> tracer's pid namespace

[PATCH v4] ptrace: Fix fork event messages across pid namespaces

this unlikely scenario is still a vast improvement over the status quo where we always send bogus fork event messages to debuggers in a different pid namespace than the forking process. Signed-off-by: Matthew Dempsky --- include/linux/ptrace.h | 31 +++ kernel/fork.c

Re: [PATCH v3] ptrace: Fix fork event messages across pid namespaces

On Wed, Apr 2, 2014 at 2:58 PM, Matthew Dempsky wrote: > Otherwise, it looks like (e.g.) the attempts to get the parent's pid > in fill_prstatus() and tomoyo_sys_getppid() are also theoretical races > of the same kind? Doh, nevermind, those functions would potentially be use nu

Re: [PATCH v3] ptrace: Fix fork event messages across pid namespaces

On Wed, Apr 2, 2014 at 7:58 AM, Oleg Nesterov wrote: > On 04/01, Matthew Dempsky wrote: >> >> @@ -1605,10 +1605,12 @@ long do_fork(unsigned long clone_flags, >>*/ >> if (!IS_ERR(p)) { >> struct completion vfork;

Re: [PATCH v3] ptrace: Fix fork event messages across pid namespaces

On Tue, Apr 1, 2014 at 3:29 PM, Matthew Dempsky wrote: > Revised patch below. Unfortunately, I just realized I don't have my > test machine handy, so I won't be able to test it until tomorrow. Quick update: Julien helped me setup a VM to test this, and the patch still pas

[PATCH v3] ptrace: Fix fork event messages across pid namespaces

pid namespace than the parent. Signed-off-by: Matthew Dempsky --- kernel/fork.c | 34 +- 1 file changed, 29 insertions(+), 5 deletions(-) diff --git a/kernel/fork.c b/kernel/fork.c index 332688e..d928761 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -1605,10 +160

Re: [PATCH v2] Fix ptrace events across pid namespaces

On Tue, Apr 1, 2014 at 11:52 AM, Oleg Nesterov wrote: > Sorry for slow response, No worries! >> But how can I guard against current->parent disappearing? Do I need >> to grab a read lock on the tasklist and rcu? > > rcu_read_lock() should be enough. Noted. > The main question is how we can en