From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C66F3C3F2D9 for ; Tue, 3 Mar 2020 17:01:53 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 846EA20836 for ; Tue, 3 Mar 2020 17:01:53 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 846EA20836 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=ubuntu.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 1BDA36B0005; Tue, 3 Mar 2020 12:01:53 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 16D886B0006; Tue, 3 Mar 2020 12:01:53 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 05DE76B0007; Tue, 3 Mar 2020 12:01:53 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0029.hostedemail.com [216.40.44.29]) by kanga.kvack.org (Postfix) with ESMTP id E42CB6B0005 for ; Tue, 3 Mar 2020 12:01:52 -0500 (EST) Received: from smtpin20.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id 79220181AEF00 for ; Tue, 3 Mar 2020 17:01:52 +0000 (UTC) X-FDA: 76554668064.20.sail82_84a28e2706a16 X-HE-Tag: sail82_84a28e2706a16 X-Filterd-Recvd-Size: 6572 Received: from youngberry.canonical.com (youngberry.canonical.com [91.189.89.112]) by imf24.hostedemail.com (Postfix) with ESMTP for ; Tue, 3 Mar 2020 17:01:51 +0000 (UTC) Received: from ip5f5bf7ec.dynamic.kabel-deutschland.de ([95.91.247.236] helo=wittgenstein) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1j9Aus-0005Fy-RG; Tue, 03 Mar 2020 17:01:10 +0000 Date: Tue, 3 Mar 2020 18:01:09 +0100 From: Christian Brauner To: Bernd Edlinger Cc: "Eric W. Biederman" , Kees Cook , Jann Horn , Jonathan Corbet , Alexander Viro , Andrew Morton , Alexey Dobriyan , Thomas Gleixner , Oleg Nesterov , Frederic Weisbecker , Andrei Vagin , Ingo Molnar , "Peter Zijlstra (Intel)" , Yuyang Du , David Hildenbrand , Sebastian Andrzej Siewior , Anshuman Khandual , David Howells , James Morris , Greg Kroah-Hartman , Shakeel Butt , Jason Gunthorpe , Christian Kellner , Andrea Arcangeli , Aleksa Sarai , "Dmitry V. Levin" , "linux-doc@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "linux-fsdevel@vger.kernel.org" , "linux-mm@kvack.org" , "stable@vger.kernel.org" , "linux-api@vger.kernel.org" Subject: Re: [PATCHv5] exec: Fix a deadlock in ptrace Message-ID: <20200303170109.y6q2acgydyzuh3mp@wittgenstein> References: <875zfmloir.fsf@x220.int.ebiederm.org> <87v9nmjulm.fsf@x220.int.ebiederm.org> <202003021531.C77EF10@keescook> <20200303085802.eqn6jbhwxtmz4j2x@wittgenstein> <87v9nlii0b.fsf@x220.int.ebiederm.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Tue, Mar 03, 2020 at 04:48:01PM +0000, Bernd Edlinger wrote: > On 3/3/20 4:18 PM, Eric W. Biederman wrote: > > Bernd Edlinger writes: > > > >> This fixes a deadlock in the tracer when tracing a multi-threaded > >> application that calls execve while more than one thread are running. > >> > >> I observed that when running strace on the gcc test suite, it always > >> blocks after a while, when expect calls execve, because other threads > >> have to be terminated. They send ptrace events, but the strace is no > >> longer able to respond, since it is blocked in vm_access. > >> > >> The deadlock is always happening when strace needs to access the > >> tracees process mmap, while another thread in the tracee starts to > >> execve a child process, but that cannot continue until the > >> PTRACE_EVENT_EXIT is handled and the WIFEXITED event is received: > > > > A couple of things. > > > > Why do we think it is safe to change the behavior exposed to userspace? > > Not the deadlock but all of the times the current code would not > > deadlock? > > > > Especially given that this is a small window it might be hard for people > > to track down and report so we need a strong argument that this won't > > break existing userspace before we just change things. > > > > Hmm, I tend to agree. > > > Usually surveying all of the users of a system call that we can find > > and checking to see if they might be affected by the change in behavior > > is difficult enough that we usually opt for not being lazy and > > preserving the behavior. > > > > This patch is up to two changes in behavior now, that could potentially > > affect a whole array of programs. Adding linux-api so that this change > > in behavior can be documented if/when this change goes through. > > > > One is PTRACE_ACCESS possibly returning EAGAIN, yes. > > We could try to restrict that behavior change to when any > thread is ptraced when execve starts, can't be too complicated. > > > But the other is only SYS_seccomp returning EAGAIN, when a different > thread of the current process is calling execve at the same time. > > I would consider it completely impossible to have any user-visual effect, > since de_thread is just terminating all threads, including the thread > where the -EAGAIN was returned, so we will never know what happened. I think if we risk a user-space facing change we should try the simple thing first before making the fix more convoluted? But it's a tough call... > > > > If you can split the documentation and test fixes out into separate > > patches that would help reviewing this code, or please make it explicit > > that the your are changing documentation about behavior that is changing > > with this patch. > > > > I am not sure if I have touched the right user documentation. > > I only saw a document referring to a non-existent "current->cred_replace_mutex" > I haven't digged the git history, but that must be pre-historic IMHO. > It appears to me that is some developer documentation, but it's nevertheless > worth to keep up to date when the code changes. > > So where would I add the possibility for PTRACE_ATTACH to return -EAGAIN ? Since that would be a potentially user-visible change it would make the most sense to add it to man ptrace(2) if/when we land this change. For developers, placing a comment in kernel/ptrace.c:ptrace_attach() would make the most sense? We already have something about exec protection in there. Christian