Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp8187027rwi; Tue, 25 Oct 2022 03:43:30 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4578SLZRYmYzQrDDwe1xJLIi89PaLEnV4LNxNHmLoW3GH8WVJiU2R6UueJ6lpi9FON9kIR X-Received: by 2002:a05:6402:114a:b0:454:85e4:2295 with SMTP id g10-20020a056402114a00b0045485e42295mr36014845edw.348.1666694609968; Tue, 25 Oct 2022 03:43:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666694609; cv=none; d=google.com; s=arc-20160816; b=E0Lz8IzVdXG7a+btWWWrs37jMaXS9vHeflqkZD09qq9skc2zmmvMtRArHsamn8CVlk ml/1cQn6jYiJtUiZtWk12LRyeOQ4JWj31w73nGxOWESRvCGEo6c5+5RXVoJ3tjgdBnIG /eqfyNI4/I20tpntAKuZe4KFJvPl/wkTXw+PfXysaMbUSgXyDLZV/TeMhoh4BOmGVtic v/L7b0JUZiOKIjSBIONYW/i4/JhpFZSLQmuMLQ3a9nEJDwy7l0ClK6moux9hM92LJns6 uhrSIdYKtLOAER32XIMR60o60VdfFWLZ1ddODUvegBOSPv3OFnQIgy+WO+J7MHDTnuiT p2Xg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=2HG73spb/6yEKDnuiniZI5mjP3/NK2ZeRipm0BSN9WA=; b=zCN4Wobi0tNTwgsfTrBUBw5btRUWcBJNmJAf+9LpKv7F+pRtZLpxLayTT9vIzM7ZY5 naxKeqxHFf4JowN2fWa1VQM0R6qKPZRqSNLAf94gBzhygDDSfSYULlm+KOGAUSrTiVRs ecbKb5cOjrAVPB4D98aq3a3ZcPdqcgbL0mmT0vKXm24X8uksBOcqoxZI1QtzPPeRNyP6 y/BxAqrvzaLXUv9qTVUShr5LP8y9GRnlSYcuNU2M6QJlCAitL6YBDORsymULJ6K2YC9H hPQpmaE00kgRSvFAHwrDK9CI+ZDziRCrI5L+PDKVoHoMwCT0VqsxPfHIREvcdvK6N4U3 IU6A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Yyt4GX+n; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id dz8-20020a0564021d4800b0046151310d6dsi2854542edb.498.2022.10.25.03.43.02; Tue, 25 Oct 2022 03:43:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Yyt4GX+n; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232297AbiJYKW2 (ORCPT + 99 others); Tue, 25 Oct 2022 06:22:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59640 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232184AbiJYKVm (ORCPT ); Tue, 25 Oct 2022 06:21:42 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D244825F6 for ; Tue, 25 Oct 2022 03:19:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1666693155; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=2HG73spb/6yEKDnuiniZI5mjP3/NK2ZeRipm0BSN9WA=; b=Yyt4GX+ntHqXVqPO4awSVnI/SKpQholYK8gbDbUXAQqu1IBWFTYgHFTBfAPzwTaLq2V1pH 2t0Pfdld3fFLidw6yO+O9L7iJs+xPYvpii5W91NW4aKJGc+h6JKqPGaOZuTtb1LQoT0OPB fo0B48xdmF0ZgRSOmrpXhtLs5rm5nIA= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-522-Szj1dSiuM0KnjlSVicR6zQ-1; Tue, 25 Oct 2022 06:19:13 -0400 X-MC-Unique: Szj1dSiuM0KnjlSVicR6zQ-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id E86C7833A38; Tue, 25 Oct 2022 10:19:06 +0000 (UTC) Received: from dhcp-27-174.brq.redhat.com (ovpn-194-221.brq.redhat.com [10.40.194.221]) by smtp.corp.redhat.com (Postfix) with SMTP id 558BAC15BAB; Tue, 25 Oct 2022 10:19:02 +0000 (UTC) Received: by dhcp-27-174.brq.redhat.com (nbSMTP-1.00) for uid 1000 oleg@redhat.com; Tue, 25 Oct 2022 12:19:06 +0200 (CEST) Date: Tue, 25 Oct 2022 12:19:00 +0200 From: Oleg Nesterov To: chen zhang Cc: chenzhang_0901@163.com, linux-kernel@vger.kernel.org Subject: Re: [PATCH v2] ptrace: disable single step in __ptrace_unlink for protecting init task Message-ID: <20221025101858.GB17158@redhat.com> References: <20221025051032.280352-1-chenzhang@kylinos.cn> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20221025051032.280352-1-chenzhang@kylinos.cn> User-Agent: Mutt/1.5.24 (2015-08-30) X-Scanned-By: MIMEDefang 3.1 on 10.11.54.8 X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 10/25, chen zhang wrote: > > Thanks for your reply. I think kernel should not panic when the > application has a bug, or a fault operation such as ctrl+c, a) init is special. If it exits, the kernel panics. This is by design. b) debugger can always crash the tracee. In particular if it exits without ptrace(PTRACE_DETACH) which implies user_disable_single_step(). > This patch can really prevent kernel panic on > my x86 machine. Really? You ignored this part of my previous email, Not to mention I don't understand how your patch can actually help. If nothing else, - debugger does ptrace(PTRACE_SINGLESTEP), this wakes the tracee up - the tracee enters force_sig_info_to_task(SIGTRAP) after single step - debugger exits, __ptrace_unlink() clears ptrace/TIF_SINGLESTEP - force_sig_info_to_task() clears SIGNAL_UNKILLABLE, the traced init will be killed. Am I wrong? Finally, > --- a/kernel/ptrace.c > +++ b/kernel/ptrace.c > @@ -130,6 +130,8 @@ void __ptrace_unlink(struct task_struct *child) > put_cred(old_cred); > > spin_lock(&child->sighand->siglock); > + if (unlikely(child->signal->flags & SIGNAL_UNKILLABLE)) > + user_disable_single_step(child); > child->ptrace = 0; > /* I don't understnd why do you call user_disable_single_step() with ->siglock held, but this is minor. user_disable_single_step(child) assumes that child is stopped and frozen, see ptrace_freeze_traced(). This is not necessarily true if __ptrace_unlink() is called by the exiting tracer, so the patch is wrong in any case. Nack, sorry. Oleg.