Re: [patch] x86, ptrace: fix double-free on race

From: Ingo Molnar
Date: Wed Feb 11 2009 - 09:45:40 EST

Next message: Brian Gerst: "Re: [PATCH 1/3] x86: Use pt_regs pointer in do_device_not_available()"
Previous message: Tejun Heo: "Re: [PATCH 2/3] x86: Pass in pt_regs pointer for syscalls that need it"
In reply to: Markus Metzger: "[patch] x86, ptrace: fix double-free on race"
Next in thread: Oleg Nesterov: "Re: [patch] x86, ptrace: fix double-free on race"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Markus Metzger <markus.t.metzger@xxxxxxxxx> wrote:

> Ptrace_detach() races with __ptrace_unlink() if the traced task is
> reaped while detaching. This might cause a double-free of the BTS
> buffer.
>
> Change the ptrace_detach() path to only do the memory accounting in
> ptrace_bts_detach() and leave the buffer free to ptrace_bts_untrace()
> which will be called from __ptrace_unlink().
>
> The fix follows a proposal from Oleg Nesterov.
>
> Reported-by: Oleg Nesterov <oleg@xxxxxxxxxx>
> Signed-off-by: Markus Metzger <markus.t.metzger@xxxxxxxxx>

Applied to tip:x86/urgent, thanks Markus!

Note, i fixed up the comment style to match the rest of ptrace.c,
see the final commit below.

Ingo

-------------------->

Next message: Brian Gerst: "Re: [PATCH 1/3] x86: Use pt_regs pointer in do_device_not_available()"
Previous message: Tejun Heo: "Re: [PATCH 2/3] x86: Pass in pt_regs pointer for syscalls that need it"
In reply to: Markus Metzger: "[patch] x86, ptrace: fix double-free on race"
Next in thread: Oleg Nesterov: "Re: [patch] x86, ptrace: fix double-free on race"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]