path: root/include/linux
diff options
authorFrederic Weisbecker <fweisbec@gmail.com>2011-04-07 16:53:20 +0200
committerGreg Kroah-Hartman <gregkh@suse.de>2011-05-21 15:13:05 -0700
commitf372134eed7fd6ab754cbb1e671fc39fd5dd16b6 (patch)
tree32ab570a1b8ad0156940714e2da34c7f8c3af6c4 /include/linux
parentecff5f1a67ee54409b65a7621ba0c5709f2b79b7 (diff)
ptrace: Prepare to fix racy accesses on task breakpoints
commit bf26c018490c2fce7fe9b629083b96ce0e6ad019 upstream. When a task is traced and is in a stopped state, the tracer may execute a ptrace request to examine the tracee state and get its task struct. Right after, the tracee can be killed and thus its breakpoints released. This can happen concurrently when the tracer is in the middle of reading or modifying these breakpoints, leading to dereferencing a freed pointer. Hence, to prepare the fix, create a generic breakpoint reference holding API. When a reference on the breakpoints of a task is held, the breakpoints won't be released until the last reference is dropped. After that, no more ptrace request on the task's breakpoints can be serviced for the tracer. Reported-by: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Frederic Weisbecker <fweisbec@gmail.com> Cc: Ingo Molnar <mingo@elte.hu> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Will Deacon <will.deacon@arm.com> Cc: Prasad <prasad@linux.vnet.ibm.com> Cc: Paul Mundt <lethal@linux-sh.org> Link: http://lkml.kernel.org/r/1302284067-7860-2-git-send-email-fweisbec@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'include/linux')
2 files changed, 15 insertions, 1 deletions
diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h
index a1147e5dd24..9178d5cc0b0 100644
--- a/include/linux/ptrace.h
+++ b/include/linux/ptrace.h
@@ -189,6 +189,10 @@ static inline void ptrace_init_task(struct task_struct *child, bool ptrace)
child->ptrace = current->ptrace;
__ptrace_link(child, current->parent);
+ atomic_set(&child->ptrace_bp_refcnt, 1);
@@ -350,6 +354,13 @@ extern int task_current_syscall(struct task_struct *target, long *callno,
unsigned long args[6], unsigned int maxargs,
unsigned long *sp, unsigned long *pc);
+extern int ptrace_get_breakpoints(struct task_struct *tsk);
+extern void ptrace_put_breakpoints(struct task_struct *tsk);
+static inline void ptrace_put_breakpoints(struct task_struct *tsk) { }
+#endif /* __KERNEL */
diff --git a/include/linux/sched.h b/include/linux/sched.h
index ed6c384ba6c..d2a5da917ed 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -1531,6 +1531,9 @@ struct task_struct {
unsigned long memsw_bytes; /* uncharged mem+swap usage */
} memcg_batch;
+ atomic_t ptrace_bp_refcnt;
/* Future-safe accessor for struct task_struct's cpus_allowed. */