ptrace: do_wait(traced_leader_killed_by_mt_exec) can block forever
Test-case: void *tfunc(void *arg) { execvp("true", NULL); return NULL; } int main(void) { int pid; if (fork()) { pthread_t t; kill(getpid(), SIGSTOP); pthread_create(&t, NULL, tfunc, NULL); for (;;) pause(); } pid = getppid(); assert(ptrace(PTRACE_ATTACH, pid, 0,0) == 0); while (wait(NULL) > 0) ptrace(PTRACE_CONT, pid, 0,0); return 0; } It is racy, exit_notify() does __wake_up_parent() too. But in the likely case it triggers the problem: de_thread() does release_task() and the old leader goes away without the notification, the tracer sleeps in do_wait() without children/tracees. Change de_thread() to do __wake_up_parent(traced_leader->parent). Since it is already EXIT_DEAD we can do this without ptrace_unlink(), EXIT_DEAD threads do not exist from do_wait's pov. Signed-off-by: Oleg Nesterov <oleg@redhat.com> Acked-by: Tejun Heo <tj@kernel.org>
This commit is contained in:
parent
8a35241803
commit
eac1b5e57d
|
@ -967,6 +967,14 @@ static int de_thread(struct task_struct *tsk)
|
|||
|
||||
BUG_ON(leader->exit_state != EXIT_ZOMBIE);
|
||||
leader->exit_state = EXIT_DEAD;
|
||||
|
||||
/*
|
||||
* We are going to release_task()->ptrace_unlink() silently,
|
||||
* the tracer can sleep in do_wait(). EXIT_DEAD guarantees
|
||||
* the tracer wont't block again waiting for this thread.
|
||||
*/
|
||||
if (unlikely(leader->ptrace))
|
||||
__wake_up_parent(leader, leader->parent);
|
||||
write_unlock_irq(&tasklist_lock);
|
||||
|
||||
release_task(leader);
|
||||
|
|
Loading…
Reference in New Issue