rpms/kernel/F-11 linux-2.6-ptrace-fix-possible-zombie-leak.patch, NONE, 1.1 kernel.spec, 1.1634, 1.1635

Chuck Ebbert cebbert at fedoraproject.org
Tue Jun 9 03:27:34 UTC 2009 

Author: cebbert

Update of /cvs/pkgs/rpms/kernel/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv26700

Modified Files:
	kernel.spec 
Added Files:
	linux-2.6-ptrace-fix-possible-zombie-leak.patch 
Log Message:
Add linux-2.6-ptrace-fix-possible-zombie-leak.patch
  Fixes bug #481753, ptraced processes fail to deliver exit notification to parent

linux-2.6-ptrace-fix-possible-zombie-leak.patch:

--- NEW FILE linux-2.6-ptrace-fix-possible-zombie-leak.patch ---
ptrace: fix possible zombie leak on PTRACE_DETACH

Rollup of:

http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=95c3eb76dc07fd81289888ffc42948196b34b444
ptrace: kill __ptrace_detach(), fix ->exit_state check

http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=6d69cb87f05eef3b02370b2f7bae608ad2301a00
ptrace: simplify ptrace_exit()->ignoring_children() path

http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=b1b4c6799fb59e710454bfe0ab477cb8523a8667
ptrace: reintroduce __ptrace_detach() as a callee of ptrace_exit()

http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=4576145c1ecdaaea9ef8976a48335206aa1ebf91
ptrace: fix possible zombie leak on PTRACE_DETACH

--- work-2.6.29.4.orig/kernel/ptrace.c
+++ work-2.6.29.4/kernel/ptrace.c
@@ -235,18 +235,10 @@ out:
 	return retval;
 }
 
-static inline void __ptrace_detach(struct task_struct *child, unsigned int data)
-{
-	child->exit_code = data;
-	/* .. re-parent .. */
-	__ptrace_unlink(child);
-	/* .. and wake it up. */
-	if (child->exit_state != EXIT_ZOMBIE)
-		wake_up_process(child);
-}
-
 int ptrace_detach(struct task_struct *child, unsigned int data)
 {
+	int dead = 0;
+
 	if (!valid_signal(data))
 		return -EIO;
 
@@ -256,10 +248,19 @@ int ptrace_detach(struct task_struct *ch
 
 	write_lock_irq(&tasklist_lock);
 	/* protect against de_thread()->release_task() */
-	if (child->ptrace)
-		__ptrace_detach(child, data);
+	if (child->ptrace) {
+		child->exit_code = data;
+
+		dead = __ptrace_detach(current, child);
+
+		if (!child->exit_state)
+			wake_up_process(child);
+	}
 	write_unlock_irq(&tasklist_lock);
 
+	if (unlikely(dead))
+		release_task(child);
+
 	return 0;
 }
 
--- work-2.6.29.4.orig/kernel/exit.c
+++ work-2.6.29.4/kernel/exit.c
@@ -703,22 +703,50 @@ static void exit_mm(struct task_struct *
 }
 
 /*
- * Return nonzero if @parent's children should reap themselves.
- *
- * Called with write_lock_irq(&tasklist_lock) held.
+ * Called with irqs disabled, returns true if childs should reap themselves.
  */
-static int ignoring_children(struct task_struct *parent)
+static int ignoring_children(struct sighand_struct *sigh)
 {
 	int ret;
-	struct sighand_struct *psig = parent->sighand;
-	unsigned long flags;
-	spin_lock_irqsave(&psig->siglock, flags);
-	ret = (psig->action[SIGCHLD-1].sa.sa_handler == SIG_IGN ||
-	       (psig->action[SIGCHLD-1].sa.sa_flags & SA_NOCLDWAIT));
-	spin_unlock_irqrestore(&psig->siglock, flags);
+	spin_lock(&sigh->siglock);
+	ret = (sigh->action[SIGCHLD-1].sa.sa_handler == SIG_IGN) ||
+	      (sigh->action[SIGCHLD-1].sa.sa_flags & SA_NOCLDWAIT);
+	spin_unlock(&sigh->siglock);
 	return ret;
 }
 
+/* Returns nonzero if the tracee should be released. */
+int __ptrace_detach(struct task_struct *tracer, struct task_struct *p)
+{
+	__ptrace_unlink(p);
+
+	if (p->exit_state != EXIT_ZOMBIE)
+		return 0;
+	/*
+	 * If it's a zombie, our attachedness prevented normal
+	 * parent notification or self-reaping.  Do notification
+	 * now if it would have happened earlier.  If it should
+	 * reap itself we return true.
+	 *
+	 * If it's our own child, there is no notification to do.
+	 * But if our normal children self-reap, then this child
+	 * was prevented by ptrace and we must reap it now.
+	 */
+	if (!task_detached(p) && thread_group_empty(p)) {
+		if (!same_thread_group(p->real_parent, tracer))
+			do_notify_parent(p, p->exit_signal);
+		else if (ignoring_children(tracer->sighand))
+			p->exit_signal = -1;
+	}
+
+	if (!task_detached(p))
+		return 0;
+
+	/* Mark it as in the process of being reaped. */
+	p->exit_state = EXIT_DEAD;
+	return 1;
+}
+
 /*
  * Detach all tasks we were using ptrace on.
  * Any that need to be release_task'd are put on the @dead list.
@@ -728,43 +756,10 @@ static int ignoring_children(struct task
 static void ptrace_exit(struct task_struct *parent, struct list_head *dead)
 {
 	struct task_struct *p, *n;
-	int ign = -1;
 
 	list_for_each_entry_safe(p, n, &parent->ptraced, ptrace_entry) {
-		__ptrace_unlink(p);
-
-		if (p->exit_state != EXIT_ZOMBIE)
-			continue;
-
-		/*
-		 * If it's a zombie, our attachedness prevented normal
-		 * parent notification or self-reaping.  Do notification
-		 * now if it would have happened earlier.  If it should
-		 * reap itself, add it to the @dead list.  We can't call
-		 * release_task() here because we already hold tasklist_lock.
-		 *
-		 * If it's our own child, there is no notification to do.
-		 * But if our normal children self-reap, then this child
-		 * was prevented by ptrace and we must reap it now.
-		 */
-		if (!task_detached(p) && thread_group_empty(p)) {
-			if (!same_thread_group(p->real_parent, parent))
-				do_notify_parent(p, p->exit_signal);
-			else {
-				if (ign < 0)
-					ign = ignoring_children(parent);
-				if (ign)
-					p->exit_signal = -1;
-			}
-		}
-
-		if (task_detached(p)) {
-			/*
-			 * Mark it as in the process of being reaped.
-			 */
-			p->exit_state = EXIT_DEAD;
+		if (__ptrace_detach(parent, p))
 			list_add(&p->ptrace_entry, dead);
-		}
 	}
 }
 
--- work-2.6.29.4.orig/include/linux/ptrace.h
+++ work-2.6.29.4/include/linux/ptrace.h
@@ -94,6 +94,7 @@ extern void ptrace_notify(int exit_code)
 extern void __ptrace_link(struct task_struct *child,
 			  struct task_struct *new_parent);
 extern void __ptrace_unlink(struct task_struct *child);
+extern int __ptrace_detach(struct task_struct *tracer, struct task_struct *p);
 extern void ptrace_fork(struct task_struct *task, unsigned long clone_flags);
 #define PTRACE_MODE_READ   1
 #define PTRACE_MODE_ATTACH 2


Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-11/kernel.spec,v
retrieving revision 1.1634
retrieving revision 1.1635
diff -u -p -r1.1634 -r1.1635
--- kernel.spec	8 Jun 2009 22:41:29 -0000	1.1634
+++ kernel.spec	9 Jun 2009 03:27:03 -0000	1.1635
@@ -594,6 +594,7 @@ Patch20: linux-2.6-hotfixes.patch
 Patch21: linux-2.6-tracehook.patch
 Patch22: linux-2.6-utrace.patch
 Patch23: linux-2.6-utrace-ftrace.patch
+Patch24: linux-2.6-ptrace-fix-possible-zombie-leak.patch
 
 # vm patches
 Patch25: linux-2.6-mm-lru-evict-streaming-io-pages-first.patch
@@ -1171,6 +1172,7 @@ ApplyPatch linux-2.6-hotfixes.patch
 ApplyPatch linux-2.6-tracehook.patch
 ApplyPatch linux-2.6-utrace.patch
 ApplyPatch linux-2.6-utrace-ftrace.patch
+ApplyPatch linux-2.6-ptrace-fix-possible-zombie-leak.patch
 
 # vm patches
 ApplyPatch linux-2.6-mm-lru-evict-streaming-io-pages-first.patch
@@ -2027,6 +2029,10 @@ fi
 # and build.
 
 %changelog
+* Mon Jun  8 2009 Chuck Ebbert <cebbert at redhat.com> - 2.6.29.4-173
+- Add linux-2.6-ptrace-fix-possible-zombie-leak.patch
+  Fixes bug #481753, ptraced processes fail to deliver exit notification to parent
+
 * Mon Jun  8 2009 Chuck Ebbert <cebbert at redhat.com> - 2.6.29.4-172
 - Add linux-2.6-netdev-ehea-fix-circular-locking.patch (#498854)

More information about the fedora-extras-commits mailing list