Commit 7f2a52555998c699a7e89f24636c909d6fc08a60
Committed by
Linus Torvalds
Linus Torvalds
1 parent
396dc44bca
Exists in
master
and in
20 other branches
[PATCH] wait4 PTRACE_ATTACH race fix
Back about a year ago when I last fiddled heavily with the do_wait code, I was thinking too hard about the wrong thing and I now think I introduced a bug whose inverse thought I was fixing. Apparently noone was looking too hard over much shoulder, so as to cite my bogus reasoning at the time. In the race condition when PTRACE_ATTACH is about to steal a child and then the child hits a tracing event (what my_ptrace_child checks for), the real parent does need to set its flag noting it has some eligible live children. Otherwise a spurious ECHILD error is possible, since the child in question is not yet on the ptrace_children list. Signed-off-by: Roland McGrath <roland@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Showing 1 changed file with 9 additions and 0 deletions Side-by-side Diff
kernel/exit.c
| ... | ... | @@ -1383,6 +1383,15 @@ |
| 1383 | 1383 | |
| 1384 | 1384 | switch (p->state) { |
| 1385 | 1385 | case TASK_TRACED: |
| 1386 | + /* | |
| 1387 | + * When we hit the race with PTRACE_ATTACH, | |
| 1388 | + * we will not report this child. But the | |
| 1389 | + * race means it has not yet been moved to | |
| 1390 | + * our ptrace_children list, so we need to | |
| 1391 | + * set the flag here to avoid a spurious ECHILD | |
| 1392 | + * when the race happens with the only child. | |
| 1393 | + */ | |
| 1394 | + flag = 1; | |
| 1386 | 1395 | if (!my_ptrace_child(p)) |
| 1387 | 1396 | continue; |
| 1388 | 1397 | /*FALLTHROUGH*/ |