• Oleg Nesterov's avatar
    wait/ptrace: assume __WALL if the child is traced · 448691a7
    Oleg Nesterov authored
    [ Upstream commit bf959931 ]
    
    The following program (simplified version of generated by syzkaller)
    
    	#include <pthread.h>
    	#include <unistd.h>
    	#include <sys/ptrace.h>
    	#include <stdio.h>
    	#include <signal.h>
    
    	void *thread_func(void *arg)
    	{
    		ptrace(PTRACE_TRACEME, 0,0,0);
    		return 0;
    	}
    
    	int main(void)
    	{
    		pthread_t thread;
    
    		if (fork())
    			return 0;
    
    		while (getppid() != 1)
    			;
    
    		pthread_create(&thread, NULL, thread_func, NULL);
    		pthread_join(thread, NULL);
    		return 0;
    	}
    
    creates an unreapable zombie if /sbin/init doesn't use __WALL.
    
    This is not a kernel bug, at least in a sense that everything works as
    expected: debugger should reap a traced sub-thread before it can reap the
    leader, but without __WALL/__WCLONE do_wait() ignores sub-threads.
    
    Unfortunately, it seems that /sbin/init in most (all?) distributions
    doesn't use it and we have to change the kernel to avoid the problem.
    Note also that most init's use sys_waitid() which doesn't allow __WALL, so
    the necessary user-space fix is not that trivial.
    
    This patch just adds the "ptrace" check into eligible_child().  To some
    degree this matches the "tsk->ptrace" in exit_notify(), ->exit_signal is
    mostly ignored when the tracee reports to debugger.  Or WSTOPPED, the
    tracer doesn't need to set this flag to wait for the stopped tracee.
    
    This obviously means the user-visible change: __WCLONE and __WALL no
    longer have any meaning for debugger.  And I can only hope that this won't
    break something, but at least strace/gdb won't suffer.
    
    We could make a more conservative change.  Say, we can take __WCLONE into
    account, or !thread_group_leader().  But it would be nice to not
    complicate these historical/confusing checks.
    Signed-off-by: default avatarOleg Nesterov <oleg@redhat.com>
    Reported-by: default avatarDmitry Vyukov <dvyukov@google.com>
    Cc: Denys Vlasenko <dvlasenk@redhat.com>
    Cc: Jan Kratochvil <jan.kratochvil@redhat.com>
    Cc: "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>
    Cc: Pedro Alves <palves@redhat.com>
    Cc: Roland McGrath <roland@hack.frob.com>
    Cc: <syzkaller@googlegroups.com>
    Cc: <stable@vger.kernel.org>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
    448691a7
exit.c 41.6 KB