mirrors/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-01-03 07:43:45 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
40ae717d1e78d982bd469b2013a4cbf4ec1ca434
linux/kernel
History
Tejun Heo 40ae717d1e ptrace: fix signal->wait_chldexit usage in task_clear_group_stop_trapping() 
GROUP_STOP_TRAPPING waiting mechanism piggybacks on
signal->wait_chldexit which is primarily used to implement waiting for
wait(2) and friends.  When do_wait() waits on signal->wait_chldexit,
it uses a custom wake up callback, child_wait_callback(), which
expects the child task which is waking up the parent to be passed in
as @key to filter out spurious wakeups.

task_clear_group_stop_trapping() used __wake_up_sync() which uses NULL
@key causing the following oops if the parent was doing do_wait().

  BUG: unable to handle kernel NULL pointer dereference at 00000000000002d8
  IP: [<ffffffff810499f9>] child_wait_callback+0x29/0x80
  PGD 1d899067 PUD 1e418067 PMD 0
  Oops: 0000 [#1] PREEMPT SMP
  last sysfs file: /sys/devices/pci0000:00/0000:00:03.0/local_cpus
  CPU 2
  Modules linked in:

  Pid: 4498, comm: test-continued Not tainted 2.6.39-rc6-work+ #32 Bochs Bochs
  RIP: 0010:[<ffffffff810499f9>]  [<ffffffff810499f9>] child_wait_callback+0x29/0x80
  RSP: 0000:ffff88001b889bf8  EFLAGS: 00010046
  RAX: 0000000000000000 RBX: ffff88001fab3af8 RCX: 0000000000000000
  RDX: 0000000000000001 RSI: 0000000000000002 RDI: ffff88001d91df20
  RBP: ffff88001b889c08 R08: 0000000000000000 R09: 0000000000000000
  R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
  R13: ffff88001fb70550 R14: 0000000000000000 R15: 0000000000000001
  FS:  00007f26ccae4700(0000) GS:ffff88001fd00000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
  CR2: 00000000000002d8 CR3: 000000001b8ac000 CR4: 00000000000006e0
  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
  DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
  Process test-continued (pid: 4498, threadinfo ffff88001b888000, task ffff88001fb88000)
  Stack:
   ffff88001b889c18 ffff88001fb70538 ffff88001b889c58 ffffffff810312f9
   0000000000000001 0000000200000001 ffff88001b889c58 ffff88001fb70518
   0000000000000002 0000000000000082 0000000000000001 0000000000000000
  Call Trace:
   [<ffffffff810312f9>] __wake_up_common+0x59/0x90
   [<ffffffff81035263>] __wake_up_sync_key+0x53/0x80
   [<ffffffff810352a0>] __wake_up_sync+0x10/0x20
   [<ffffffff8105a984>] task_clear_jobctl_trapping+0x44/0x50
   [<ffffffff8105bcbc>] ptrace_stop+0x7c/0x290
   [<ffffffff8105c20a>] do_signal_stop+0x28a/0x2d0
   [<ffffffff8105d27f>] get_signal_to_deliver+0x14f/0x5a0
   [<ffffffff81002175>] do_signal+0x75/0x7b0
   [<ffffffff8100292d>] do_notify_resume+0x5d/0x70
   [<ffffffff8182e36a>] retint_signal+0x46/0x8c
  Code: 00 00 55 48 89 e5 53 48 83 ec 08 0f 1f 44 00 00 8b 47 d8 83 f8 03 74 3a 85 c0 49 89 c8 75 23 89 c0 48 8b 5f e0 4c 8d 0c 40 31 c0 <4b> 39 9c c8 d8 02 00 00 74 1d 48 83 c4 08 5b c9 c3 66 0f 1f 44

Fix it by using __wake_up_sync_key() and passing in the child as @key.

I still think it's a mistake to piggyback on wait_chldexit for this.
Given the relative low frequency of ptrace use, we would be much
better off leaving already complex wait_chldexit alone and using bit
waitqueue.

Signed-off-by: Tejun Heo <tj@kernel.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
2011-05-09 14:19:54 +02:00
..
debug
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jwessel/linux-2.6-kgdb
2011-03-25 21:04:56 -07:00
gcov
Merge branch 'trivial' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6
2011-03-20 18:14:55 -07:00
irq
genirq: Remove the now obsolete config options and select statements
2011-03-30 14:13:23 +02:00
power
Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block
2011-03-24 10:16:26 -07:00
time
ntp: fix non privileged system time shifting
2011-04-04 08:31:23 -07:00
trace
Merge branch 'perf-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
2011-03-25 17:53:09 -07:00
.gitignore
acct.c
pass a struct path to vfs_statfs
2010-08-09 16:48:42 -04:00
async.c
async: use workqueue for worker pool
2010-07-14 11:29:46 +02:00
audit_tree.c
in untag_chunk() we need to do alloc_chunk() a bit earlier
2010-10-30 02:18:32 -04:00
audit_watch.c
kill path_lookup()
2011-03-14 09:15:23 -04:00
audit.c
netlink: kill loginuid/sessionid/sid members from struct netlink_skb_parms
2011-03-03 10:55:40 -08:00
audit.h
audit: make functions static
2010-10-30 01:42:19 -04:00
auditfilter.c
netlink: kill loginuid/sessionid/sid members from struct netlink_skb_parms
2011-03-03 10:55:40 -08:00
auditsc.c
audit mmap
2010-10-30 08:45:43 -04:00
backtracetest.c
bounds.c
memcg: remove direct page_cgroup-to-page pointer
2011-03-23 19:46:28 -07:00
capability.c
userns: make has_capability* into real functions
2011-03-23 19:47:06 -07:00
cgroup_freezer.c
cgroup_freezer: update_freezer_state() does incorrect state transitions
2010-10-27 18:03:08 -07:00
cgroup.c
cgroups: if you list_empty() a head then don't list_del() it
2011-03-22 17:43:58 -07:00
compat.c
signal: introduce do_sigtimedwait() to factor out compat/native code
2011-04-28 13:01:38 +02:00
configs.c
llseek: automatically add .llseek fop
2010-10-15 15:53:27 +02:00
cpu.c
kernel/cpu.c: fix many errors related to style.
2011-03-22 17:44:11 -07:00
cpuset.c
cpuset: hold callback_mutex in cpuset_post_clone()
2011-03-23 19:46:35 -07:00
crash_dump.c
crash_dump: export is_kdump_kernel to modules, consolidate elfcorehdr_addr, setup_elfcorehdr and saved_max_pfn
2011-03-23 19:47:19 -07:00
cred.c
userns: security: make capabilities relative to the user namespace
2011-03-23 19:47:02 -07:00
delayacct.c
headers: taskstats_kern.h trim
2009-09-18 09:48:52 -07:00
dma.c
elfcore.c
elf coredump: add extended numbering support
2010-03-06 11:26:46 -08:00
exec_domain.c
sys_personality: remove the bogus checks in sys_personality()->__set_personality() path
2010-08-09 20:45:05 -07:00
exit.c
Merge branch 'ptrace' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/misc into ptrace
2011-04-07 20:44:11 +02:00
extable.c
fork.c
Merge branch 'for-2.6.39/core' of git://git.kernel.dk/linux-2.6-block
2011-03-24 10:16:26 -07:00
freezer.c
Freezer: Fix a race during freezing of TASK_STOPPED tasks
2010-12-24 15:02:40 +01:00
futex_compat.c
userns: user namespaces: convert several capable() calls
2011-03-23 19:47:08 -07:00
futex.c
Merge branch 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
2011-03-25 17:52:22 -07:00
groups.c
userns: user namespaces: convert several capable() calls
2011-03-23 19:47:08 -07:00
hrtimer.c
Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
2011-03-15 18:53:35 -07:00
hung_task.c
lockup detector: Fix grammar by adding a missing "to" in the comments
2010-08-17 09:11:52 +02:00
hw_breakpoint.c
perf: Dynamic pmu types
2010-12-16 11:36:43 +01:00
irq_work.c
irq_work: Use per cpu atomics instead of regular atomics
2010-12-18 15:54:48 +01:00
itimer.c
itimers: Fix racy writes to cpu_itimer fields
2009-11-18 16:32:12 +01:00
jump_label.c
jump label: Make arch_jump_label_text_poke_early() optional
2010-10-29 12:56:13 -04:00
kallsyms.c
Merge branch 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
2011-03-25 17:52:22 -07:00
Kconfig.freezer
Kconfig.hz
Kconfig.locks
mutex: Better control mutex adaptive spinning config
2009-12-03 11:50:11 +01:00
Kconfig.preempt
kexec.c
kdump: Allow shrinking of kdump region to be overridden
2011-04-01 16:14:30 +11:00
kfifo.c
kfifo: fix scatterlist usage
2010-10-01 10:50:58 -07:00
kmod.c
Make do_execve() take a const filename pointer
2010-08-17 18:07:43 -07:00
kprobes.c
Merge branch 'for-2.6.38' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu
2011-01-07 17:02:58 -08:00
ksysfs.c
sysfs: add struct file* to bin_attr callbacks
2010-05-21 09:37:31 -07:00
kthread.c
kthread: NUMA aware kthread_create_on_node()
2011-03-22 17:44:01 -07:00
latencytop.c
fs/proc/base.c, kernel/latencytop.c: convert sprintf_symbol() to %ps
2011-01-13 08:03:16 -08:00
lockdep_internals.h
lockdep: No need to disable preemption in debug atomic ops
2010-05-04 05:38:16 +02:00
lockdep_proc.c
lockdep: Remove unused 'factor' variable from lockdep_stats_show()
2011-03-23 13:54:47 +01:00
lockdep_states.h
lockdep.c
lockdep: Move early boot local IRQ enable/disable status to init/main.c
2011-01-20 13:32:33 +01:00
Makefile
crash_dump: export is_kdump_kernel to modules, consolidate elfcorehdr_addr, setup_elfcorehdr and saved_max_pfn
2011-03-23 19:47:19 -07:00
module.c
printk: use %pK for /proc/kallsyms and /proc/modules
2011-03-22 17:44:12 -07:00
mutex-debug.c
headers: remove sched.h from interrupt.h
2009-10-11 11:20:58 -07:00
mutex-debug.h
locking: Implement new raw_spinlock
2009-12-14 23:55:32 +01:00
mutex.c
mutexes, sched: Introduce arch_mutex_cpu_relax()
2010-11-26 15:05:34 +01:00
mutex.h
notifier.c
sched: Use lockdep-based checking on rcu_dereference()
2010-02-25 10:34:26 +01:00
ns_cgroup.c
cgroup: notify ns_cgroup deprecated
2010-10-27 18:03:09 -07:00
nsproxy.c
userns: user namespaces: convert several capable() calls
2011-03-23 19:47:08 -07:00
padata.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
2010-08-04 15:23:14 -07:00
panic.c
move x86 specific oops=panic to generic code
2011-03-22 17:44:11 -07:00
params.c
module: show version information for built-in modules in sysfs
2011-01-24 14:32:51 +10:30
perf_event.c
perf: Fix task_struct reference leak
2011-03-31 13:02:56 +02:00
pid_namespace.c
pidns: call pid_ns_prepare_proc() from create_pid_namespace()
2011-03-23 19:46:58 -07:00
pid.c
export pid symbols needed for kvm_vcpu_on_spin
2011-03-17 13:08:28 -03:00
pm_qos_params.c
PM QoS: Make pm_qos settings readable
2011-03-15 00:43:18 +01:00
posix-cpu-timers.c
posix-timers: Cleanup namespace
2011-02-02 15:28:19 +01:00
posix-timers.c
timers: Export CLOCK_BOOTTIME via the posix timers interface
2011-02-21 12:53:09 -08:00
printk.c
printk: allow setting DEFAULT_MESSAGE_LEVEL via Kconfig
2011-03-22 17:44:13 -07:00
profile.c
llseek: automatically add .llseek fop
2010-10-15 15:53:27 +02:00
ptrace.c
Merge branch 'ptrace' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/misc into ptrace
2011-04-07 20:44:11 +02:00
range.c
kernel/range.c: fix clean_sort_range() for the case of full array
2010-11-12 07:55:31 -08:00
rcupdate.c
rcu: add comment saying why DEBUG_OBJECTS_RCU_HEAD depends on PREEMPT.
2011-03-04 08:05:41 -08:00
rcutiny_plugin.h
rcu: call __rcu_read_unlock() in exit_rcu for tiny RCU
2011-03-04 08:05:08 -08:00
rcutiny.c
rcu: avoid pointless blocked-task warnings
2011-01-14 04:58:08 -08:00
rcutorture.c
rcutorture: Get rid of duplicate sched.h include
2011-03-04 08:05:17 -08:00
rcutree_plugin.h
rcu: increase synchronize_sched_expedited() batching
2010-12-17 12:34:08 -08:00
rcutree_trace.c
rcu,cleanup: simplify the code when cpu is dying
2010-11-29 22:01:58 -08:00
rcutree.c
Merge branch 'for-2.6.38' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu
2011-01-07 17:02:58 -08:00
rcutree.h
rcu: limit rcu_node leaf-level fanout
2010-12-17 12:34:20 -08:00
relay.c
Clean up relay_alloc_page_array() slightly by using vzalloc rather than vmalloc and memset
2010-11-05 08:21:34 -07:00
res_counter.c
memcg: res_counter_read_u64(): fix potential races on 32-bit machines
2011-03-23 19:46:22 -07:00
resource.c
resources: add arch hook for preventing allocation in reserved areas
2010-12-17 10:01:09 -08:00
rtmutex_common.h
rtmutex: Simplify PI algorithm and make highest prio task get lock
2011-01-27 21:13:51 -05:00
rtmutex-debug.c
rtmutex: Simplify PI algorithm and make highest prio task get lock
2011-01-27 21:13:51 -05:00
rtmutex-debug.h
rtmutex-tester.c
rtmutex: tester: Remove the remaining BKL leftovers
2011-02-22 22:07:22 +01:00
rtmutex.c
rtmutex: Simplify PI algorithm and make highest prio task get lock
2011-01-27 21:13:51 -05:00
rtmutex.h
rwsem.c
sched_autogroup.c
sched, autogroup: Stop claiming ownership of the root task group
2011-02-23 11:34:03 +01:00
sched_autogroup.h
sched, autogroup: Stop going ahead if autogroup is disabled
2011-02-23 11:33:59 +01:00
sched_clock.c
sched: Add some clock info to sched_debug
2010-11-23 10:29:08 +01:00
sched_cpupri.c
sched: No need for bootmem special cases
2010-07-17 12:06:22 +02:00
sched_cpupri.h
sched: No need for bootmem special cases
2010-07-17 12:06:22 +02:00
sched_debug.c
sched: Use a buddy to implement yield_task_fair()
2011-02-03 14:20:33 +01:00
sched_fair.c
sched: Fix rebalance interval calculation
2011-03-31 13:00:37 +02:00
sched_features.h
sched: Rewrite tg_shares_up)
2010-11-18 13:27:46 +01:00
sched_idletask.c
sched, doc: Update sched-design-CFS.txt
2011-03-23 14:09:41 +01:00
sched_rt.c
Merge branch 'sched/urgent' into sched/core
2011-03-04 11:12:26 +01:00
sched_stats.h
sched_stat: Update sched_info_queue/dequeue() code comments
2010-10-24 13:29:01 +02:00
sched_stoptask.c
sched, doc: Update sched-design-CFS.txt
2011-03-23 14:09:41 +01:00
sched.c
sched: Leave sched_setscheduler() earlier if possible, do not disturb SCHED_FIFO tasks
2011-03-31 13:00:34 +02:00
seccomp.c
semaphore.c
signal.c
ptrace: fix signal->wait_chldexit usage in task_clear_group_stop_trapping()
2011-05-09 14:19:54 +02:00
smp.c
smp: move smp setup functions to kernel/smp.c
2011-03-22 17:44:11 -07:00
softirq.c
kthread: use kthread_create_on_node()
2011-03-22 17:44:01 -07:00
spinlock.c
locking: Cleanup the name space completely
2009-12-14 23:55:33 +01:00
srcu.c
rcu: demote SRCU_SYNCHRONIZE_DELAY from kernel-parameter status
2011-01-14 04:56:49 -08:00
stacktrace.c
stop_machine.c
kthread: use kthread_create_on_node()
2011-03-22 17:44:01 -07:00
sys_ni.c
vfs: Add open by file handle support
2011-03-15 02:21:44 -04:00
sys.c
userns: user namespaces: convert all capable checks in kernel/sys.c
2011-03-23 19:47:06 -07:00
sysctl_binary.c
open-style analog of vfs_path_lookup()
2011-03-14 09:15:28 -04:00
sysctl_check.c
sysctl_check: drop dead code
2011-03-23 19:46:51 -07:00
sysctl.c
sysctl: restrict write access to dmesg_restrict
2011-03-23 19:46:54 -07:00
taskstats.c
taskstats: use appropriate printk priority level
2011-03-23 19:47:14 -07:00
test_kprobes.c
kprobes: Fix selftest to clear flags field for reusing probes
2010-10-14 08:55:27 +02:00
time.c
Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
2011-03-15 18:53:35 -07:00
timeconst.pl
timer.c
Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
2011-03-15 18:53:35 -07:00
tracepoint.c
tracepoints: Fix section alignment using pointer array
2011-02-03 09:28:46 -05:00
tsacct.c
taskstats: use real microsecond granularity for CPU times
2010-10-27 18:03:17 -07:00
uid16.c
userns: user namespaces: convert several capable() calls
2011-03-23 19:47:08 -07:00
up.c
user_namespace.c
user_ns: improve the user_ns on-the-slab packaging
2011-01-13 08:03:18 -08:00
user-return-notifier.c
core: Clean up user return notifers use of per_cpu
2009-12-02 10:22:59 +01:00
user.c
userns: add a user_namespace as creator/owner of uts_namespace
2011-03-23 19:46:59 -07:00
utsname_sysctl.c
sysctl kernel: Remove binary sysctl logic
2009-11-12 02:04:55 -08:00
utsname.c
userns: allow sethostname in a container
2011-03-23 19:47:03 -07:00
wait.c
docbook: add more wait/wake/completion to device-drivers docbook
2010-10-26 17:32:41 -07:00
watchdog.c
kernel/watchdog.c: always return NOTIFY_OK during cpu up/down events
2011-03-22 17:44:12 -07:00
workqueue_sched.h
workqueue: implement concurrency managed dynamic worker pool
2010-06-29 10:07:14 +02:00
workqueue.c
kthread: use kthread_create_on_node()
2011-03-22 17:44:01 -07:00