Re: [PATCH 3/3] ptrace: do not use task_lock() for attach

[Chris Wright]

* Oleg Nesterov (oleg@xxxxxxxxxx) wrote:
> +	write_lock_irq(&tasklist_lock);
>  	retval = -EPERM;
>  	if (unlikely(task->exit_state))
> -		goto bad;
> +		goto unlock_tasklist;
>  	if (task->ptrace)
> -		goto bad;
> +		goto unlock_tasklist;

So, task->ptrace now protected by tasklist_lock to keep concurrent tracers
from both attaching to same task?  What does this do for setprocattr()?

                task_lock(p);
                tracer = tracehook_tracer_task(p);
                if (tracer)
                        ptsid = task_sid(tracer);
                task_unlock(p);

Looks like it is racy.

cpu1 (tracer)				cpu2 (tracee, changing sid)
-------------				---------------------------
task_lock(tracee);
__ptrace_may_access(tracee, ATTACH);
task_unlock(tracee);
					task_lock(tracee)
<security check passes>			tracer = tracehook_tracer_task(tracee);
					if (tracer) <-- NULL, !tracee->ptrace
					...
					update sid w/out checking against tracer
write_lock_irq(&tasklist_lock);
...
tracee->ptrace = PT_PTRACED;
...
now we are tracing task w/ a sid
that we didn't authorize to trace

What do you think?

thanks,
-chris
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/