• Oleg Nesterov's avatar
    ptrace: do_wait(traced_leader_killed_by_mt_exec) can block forever · eac1b5e5
    Oleg Nesterov authored
    Test-case:
    
    	void *tfunc(void *arg)
    	{
    		execvp("true", NULL);
    		return NULL;
    	}
    
    	int main(void)
    	{
    		int pid;
    
    		if (fork()) {
    			pthread_t t;
    
    			kill(getpid(), SIGSTOP);
    
    			pthread_create(&t, NULL, tfunc, NULL);
    
    			for (;;)
    				pause();
    		}
    
    		pid = getppid();
    		assert(ptrace(PTRACE_ATTACH, pid, 0,0) == 0);
    
    		while (wait(NULL) > 0)
    			ptrace(PTRACE_CONT, pid, 0,0);
    
    		return 0;
    	}
    
    It is racy, exit_notify() does __wake_up_parent() too. But in the
    likely case it triggers the problem: de_thread() does release_task()
    and the old leader goes away without the notification, the tracer
    sleeps in do_wait() without children/tracees.
    
    Change de_thread() to do __wake_up_parent(traced_leader->parent).
    Since it is already EXIT_DEAD we can do this without ptrace_unlink(),
    EXIT_DEAD threads do not exist from do_wait's pov.
    Signed-off-by: default avatarOleg Nesterov <oleg@redhat.com>
    Acked-by: default avatarTejun Heo <tj@kernel.org>
    eac1b5e5
exec.c 51.8 KB