Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753863Ab1DKKsh (ORCPT ); Mon, 11 Apr 2011 06:48:37 -0400 Received: from cam-admin0.cambridge.arm.com ([217.140.96.50]:63337 "EHLO cam-admin0.cambridge.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751487Ab1DKKsg (ORCPT ); Mon, 11 Apr 2011 06:48:36 -0400 Subject: Re: [PATCH 1/5] ptrace: Prepare to fix racy accesses on task breakpoints From: Will Deacon To: Frederic Weisbecker Cc: LKML , Ingo Molnar , Peter Zijlstra , Prasad , Paul Mundt , Benjamin Herrenschmidt , "v2.6.33.." In-Reply-To: <1302284067-7860-2-git-send-email-fweisbec@gmail.com> References: <1302284067-7860-1-git-send-email-fweisbec@gmail.com> <1302284067-7860-2-git-send-email-fweisbec@gmail.com> Content-Type: text/plain; charset="UTF-8" Date: Mon, 11 Apr 2011 11:47:57 +0100 Message-ID: <1302518877.24286.34.camel@e102144-lin.cambridge.arm.com> Mime-Version: 1.0 X-Mailer: Evolution 2.28.1 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1540 Lines: 50 Hi Frederic, On Fri, 2011-04-08 at 18:34 +0100, Frederic Weisbecker wrote: > When a task is traced and is in a stopped state, the tracer > may execute a ptrace request to examine the tracee state and > get its task struct. Right after, the tracee can be killed > and thus its breakpoints released. > This can happen concurrently when the tracer is in the middle > of reading or modifying these breakpoints, leading to dereferencing > a freed pointer. Oo, that's nasty. Would an alternative solution be to free the breakpoints only when the task_struct usage count is zero? > diff --git a/kernel/ptrace.c b/kernel/ptrace.c > index 0fc1eed..dc7ab65 100644 > --- a/kernel/ptrace.c > +++ b/kernel/ptrace.c > @@ -22,6 +22,7 @@ > #include > #include > #include > +#include > > > /* > @@ -879,3 +880,19 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, > return ret; > } > #endif /* CONFIG_COMPAT */ > + > +#ifdef CONFIG_HAVE_HW_BREAKPOINT > +int ptrace_get_breakpoints(struct task_struct *tsk) > +{ > + if (atomic_inc_not_zero(&tsk->ptrace_bp_refcnt)) > + return 0; > + > + return -1; > +} Would it be better to return -ESRCH here instead? Will -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/