Received: by 2002:ac0:8c9a:0:0:0:0:0 with SMTP id r26csp3666811ima;
        Mon, 4 Feb 2019 03:06:56 -0800 (PST)
X-Google-Smtp-Source: ALg8bN7cFyIMV3kaaKr+0RL2D9BxALKRtNLGSwpim4fJYcL6ySI+asR+WxmWGnB3wwpXC1jwqZaX
X-Received: by 2002:a63:b94c:: with SMTP id v12mr45765551pgo.221.1549278416689;
        Mon, 04 Feb 2019 03:06:56 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1549278416; cv=none;
        d=google.com; s=arc-20160816;
        b=Rr9qvunx6TUNKz4Cv8asDKrf7pmKVpg3X0uE+rqFylNtTkYOJE+f0tULWXSWHOjvkZ
         40EaKKQhNKyeJhOkejcTqvJLQR+t5gKNCt4S7U/2leYUtio0BBSd6PkpWGVWrzq3vbWw
         uYApfKhqONzoZ+VW+z+uVoQ7vFMrVp37NQekcefsFG062hbuQaY7pZf+v8vhK/w7X1xP
         RyzolHLf8/QdkKZD2tpnDTUrue+cnQXVNeKKixzOfN1vOzpHRs0RV1Nr4csi4ll0Z9ow
         9ez6CA2iQQb4auZmJO5rc5babRIDseoJ9UFsQROa0guZqNLM4pPIg+S9d/jap9a7EmO9
         R4kA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=6lEFlupbvPimrxS8SY8QaI0YCp0dWj+lOMC5nZPVtLs=;
        b=xEIpq5jsyQD67+DhwgoImQolunMKKa/5/b+w6FqIjhvKtGrpEWurlsz2Jbtuw1q4g2
         SgoBe33cHLbFGobsxCZt9goKQ9WufYWwBHPZaOjDVoVBeTTeostN5bhRoXUR45kj2WJq
         gldrw7PGhffqjKEylHYNwNnaGjqFQA/XcCyq/xVeXFqW41yytAXpeZDE0jaLP+RyDlA9
         5hvP8z7WCTUdmc9KH3g2QUbJ2S381W0GyMz0h+qhAZt2CwWEpnd2l6kX28ZpZJMOCmbV
         1l65lQwRQ1QP/tqymaE5bEdSeDVwtdzmMNdc/f+tCjL8yTbctXpqOiZzadWE/n0BucdW
         4SNA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=Q4FYssm6;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id q20si3211057pgl.268.2019.02.04.03.06.39;
        Mon, 04 Feb 2019 03:06:56 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=Q4FYssm6;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729695AbfBDLFj (ORCPT <rfc822;utfcpqpk@gmail.com> + 99 others);
        Mon, 4 Feb 2019 06:05:39 -0500
Received: from mail.kernel.org ([198.145.29.99]:42082 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1729882AbfBDKoS (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 4 Feb 2019 05:44:18 -0500
Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id A4EC52070C;
        Mon,  4 Feb 2019 10:44:17 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1549277058;
        bh=ZXtU7mXG8DfIjp2EJRQ3+6CoCwIL9Z16YZ2Nc1qb1rY=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=Q4FYssm6WXYUUvd5iRW6DtSpEKQC9Jst3jOfy0ayrP6P4CyJjW1FRMVJTF6ipRBtD
         BxF6EFxcCpP+g/S8BZbTBJjmK8d2kEcyhW4Kc8zFxhP67241T63kRkBVv7jBN5IwDx
         C/iFWFnOACJBGgXICwuQE9ZRLJTzYftjxpGbuDE8=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Andrei Vagin <avagin@gmail.com>,
        Oleg Nesterov <oleg@redhat.com>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH 4.9 23/30] kernel/exit.c: release ptraced tasks before zap_pid_ns_processes
Date:   Mon,  4 Feb 2019 11:37:01 +0100
Message-Id: <20190204103609.531912848@linuxfoundation.org>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20190204103605.271746870@linuxfoundation.org>
References: <20190204103605.271746870@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
X-Patchwork-Hint: ignore
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.9-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Andrei Vagin <avagin@gmail.com>

commit 8fb335e078378c8426fabeed1ebee1fbf915690c upstream.

Currently, exit_ptrace() adds all ptraced tasks in a dead list, then
zap_pid_ns_processes() waits on all tasks in a current pidns, and only
then are tasks from the dead list released.

zap_pid_ns_processes() can get stuck on waiting tasks from the dead
list.  In this case, we will have one unkillable process with one or
more dead children.

Thanks to Oleg for the advice to release tasks in find_child_reaper().

Link: http://lkml.kernel.org/r/20190110175200.12442-1-avagin@gmail.com
Fixes: 7c8bd2322c7f ("exit: ptrace: shift "reap dead" code from exit_ptrace() to forget_original_parent()")
Signed-off-by: Andrei Vagin <avagin@gmail.com>
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 kernel/exit.c |   12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -525,12 +525,14 @@ static struct task_struct *find_alive_th
 	return NULL;
 }
 
-static struct task_struct *find_child_reaper(struct task_struct *father)
+static struct task_struct *find_child_reaper(struct task_struct *father,
+						struct list_head *dead)
 	__releases(&tasklist_lock)
 	__acquires(&tasklist_lock)
 {
 	struct pid_namespace *pid_ns = task_active_pid_ns(father);
 	struct task_struct *reaper = pid_ns->child_reaper;
+	struct task_struct *p, *n;
 
 	if (likely(reaper != father))
 		return reaper;
@@ -546,6 +548,12 @@ static struct task_struct *find_child_re
 		panic("Attempted to kill init! exitcode=0x%08x\n",
 			father->signal->group_exit_code ?: father->exit_code);
 	}
+
+	list_for_each_entry_safe(p, n, dead, ptrace_entry) {
+		list_del_init(&p->ptrace_entry);
+		release_task(p);
+	}
+
 	zap_pid_ns_processes(pid_ns);
 	write_lock_irq(&tasklist_lock);
 
@@ -632,7 +640,7 @@ static void forget_original_parent(struc
 		exit_ptrace(father, dead);
 
 	/* Can drop and reacquire tasklist_lock */
-	reaper = find_child_reaper(father);
+	reaper = find_child_reaper(father, dead);
 	if (list_empty(&father->children))
 		return;