This is a note to let you know that I've just added the patch titled
ptrace: Prepare to fix racy accesses on task breakpoints
to the 2.6.33-longterm tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/longterm/longterm-queue-2.6.33.git;a=summary
The filename of the patch is:
ptrace-prepare-to-fix-racy-accesses-on-task-breakpoints.patch
and it can be found in the queue-2.6.33 subdirectory.
If you, or anyone else, feels it should not be added to the 2.6.33 longterm
tree,
please let <[email protected]> know about it.
>From bf26c018490c2fce7fe9b629083b96ce0e6ad019 Mon Sep 17 00:00:00 2001
From: Frederic Weisbecker <[email protected]>
Date: Thu, 7 Apr 2011 16:53:20 +0200
Subject: ptrace: Prepare to fix racy accesses on task breakpoints
From: Frederic Weisbecker <[email protected]>
commit bf26c018490c2fce7fe9b629083b96ce0e6ad019 upstream.
When a task is traced and is in a stopped state, the tracer
may execute a ptrace request to examine the tracee state and
get its task struct. Right after, the tracee can be killed
and thus its breakpoints released.
This can happen concurrently when the tracer is in the middle
of reading or modifying these breakpoints, leading to dereferencing
a freed pointer.
Hence, to prepare the fix, create a generic breakpoint reference
holding API. When a reference on the breakpoints of a task is
held, the breakpoints won't be released until the last reference
is dropped. After that, no more ptrace request on the task's
breakpoints can be serviced for the tracer.
Reported-by: Oleg Nesterov <[email protected]>
Signed-off-by: Frederic Weisbecker <[email protected]>
Cc: Ingo Molnar <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Will Deacon <[email protected]>
Cc: Prasad <[email protected]>
Cc: Paul Mundt <[email protected]>
Link:
http://lkml.kernel.org/r/[email protected]
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
include/linux/ptrace.h | 13 ++++++++++++-
include/linux/sched.h | 3 +++
kernel/exit.c | 2 +-
kernel/ptrace.c | 17 +++++++++++++++++
4 files changed, 33 insertions(+), 2 deletions(-)
--- a/include/linux/ptrace.h
+++ b/include/linux/ptrace.h
@@ -168,6 +168,10 @@ static inline void ptrace_init_task(stru
child->ptrace = current->ptrace;
__ptrace_link(child, current->parent);
}
+
+#ifdef CONFIG_HAVE_HW_BREAKPOINT
+ atomic_set(&child->ptrace_bp_refcnt, 1);
+#endif
}
/**
@@ -336,6 +340,13 @@ extern int task_current_syscall(struct t
unsigned long args[6], unsigned int maxargs,
unsigned long *sp, unsigned long *pc);
-#endif
+#ifdef CONFIG_HAVE_HW_BREAKPOINT
+extern int ptrace_get_breakpoints(struct task_struct *tsk);
+extern void ptrace_put_breakpoints(struct task_struct *tsk);
+#else
+static inline void ptrace_put_breakpoints(struct task_struct *tsk) { }
+#endif /* CONFIG_HAVE_HW_BREAKPOINT */
+
+#endif /* __KERNEL */
#endif
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -1568,6 +1568,9 @@ struct task_struct {
unsigned long memsw_bytes; /* uncharged mem+swap usage */
} memcg_batch;
#endif
+#ifdef CONFIG_HAVE_HW_BREAKPOINT
+ atomic_t ptrace_bp_refcnt;
+#endif
};
/* Future-safe accessor for struct task_struct's cpus_allowed. */
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -1001,7 +1001,7 @@ NORET_TYPE void do_exit(long code)
/*
* FIXME: do that only when needed, using sched_exit tracepoint
*/
- flush_ptrace_hw_breakpoint(tsk);
+ ptrace_put_breakpoints(tsk);
/*
* Flush inherited counters to the parent - before the parent
* gets woken up by child-exit notifications.
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -22,6 +22,7 @@
#include <linux/pid_namespace.h>
#include <linux/syscalls.h>
#include <linux/uaccess.h>
+#include <linux/hw_breakpoint.h>
/*
@@ -762,3 +763,19 @@ asmlinkage long compat_sys_ptrace(compat
return ret;
}
#endif /* CONFIG_COMPAT */
+
+#ifdef CONFIG_HAVE_HW_BREAKPOINT
+int ptrace_get_breakpoints(struct task_struct *tsk)
+{
+ if (atomic_inc_not_zero(&tsk->ptrace_bp_refcnt))
+ return 0;
+
+ return -1;
+}
+
+void ptrace_put_breakpoints(struct task_struct *tsk)
+{
+ if (atomic_dec_and_test(&tsk->ptrace_bp_refcnt))
+ flush_ptrace_hw_breakpoint(tsk);
+}
+#endif /* CONFIG_HAVE_HW_BREAKPOINT */
Patches currently in longterm-queue-2.6.33 which might be from
[email protected] are
/home/gregkh/linux/longterm/longterm-queue-2.6.33/queue-2.6.33/ptrace-prepare-to-fix-racy-accesses-on-task-breakpoints.patch
/home/gregkh/linux/longterm/longterm-queue-2.6.33/queue-2.6.33/x86-hw_breakpoints-fix-racy-access-to-ptrace-breakpoints.patch
_______________________________________________
stable mailing list
[email protected]
http://linux.kernel.org/mailman/listinfo/stable
