Commit 75c9a16d authored by Andrei Vagin's avatar Andrei Vagin Committed by Stefan Bader

kernel/exit.c: release ptraced tasks before zap_pid_ns_processes

BugLink: https://bugs.launchpad.net/bugs/1818803

commit 8fb335e0 upstream.

Currently, exit_ptrace() adds all ptraced tasks in a dead list, then
zap_pid_ns_processes() waits on all tasks in a current pidns, and only
then are tasks from the dead list released.

zap_pid_ns_processes() can get stuck on waiting tasks from the dead
list.  In this case, we will have one unkillable process with one or
more dead children.

Thanks to Oleg for the advice to release tasks in find_child_reaper().

Link: http://lkml.kernel.org/r/20190110175200.12442-1-avagin@gmail.com
Fixes: 7c8bd232 ("exit: ptrace: shift "reap dead" code from exit_ptrace() to forget_original_parent()")
Signed-off-by: default avatarAndrei Vagin <avagin@gmail.com>
Signed-off-by: default avatarOleg Nesterov <oleg@redhat.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarJuerg Haefliger <juergh@canonical.com>
Signed-off-by: default avatarKhalid Elmously <khalid.elmously@canonical.com>
parent cd9ffca1
...@@ -450,12 +450,14 @@ static struct task_struct *find_alive_thread(struct task_struct *p) ...@@ -450,12 +450,14 @@ static struct task_struct *find_alive_thread(struct task_struct *p)
return NULL; return NULL;
} }
static struct task_struct *find_child_reaper(struct task_struct *father) static struct task_struct *find_child_reaper(struct task_struct *father,
struct list_head *dead)
__releases(&tasklist_lock) __releases(&tasklist_lock)
__acquires(&tasklist_lock) __acquires(&tasklist_lock)
{ {
struct pid_namespace *pid_ns = task_active_pid_ns(father); struct pid_namespace *pid_ns = task_active_pid_ns(father);
struct task_struct *reaper = pid_ns->child_reaper; struct task_struct *reaper = pid_ns->child_reaper;
struct task_struct *p, *n;
if (likely(reaper != father)) if (likely(reaper != father))
return reaper; return reaper;
...@@ -471,6 +473,12 @@ static struct task_struct *find_child_reaper(struct task_struct *father) ...@@ -471,6 +473,12 @@ static struct task_struct *find_child_reaper(struct task_struct *father)
panic("Attempted to kill init! exitcode=0x%08x\n", panic("Attempted to kill init! exitcode=0x%08x\n",
father->signal->group_exit_code ?: father->exit_code); father->signal->group_exit_code ?: father->exit_code);
} }
list_for_each_entry_safe(p, n, dead, ptrace_entry) {
list_del_init(&p->ptrace_entry);
release_task(p);
}
zap_pid_ns_processes(pid_ns); zap_pid_ns_processes(pid_ns);
write_lock_irq(&tasklist_lock); write_lock_irq(&tasklist_lock);
...@@ -557,7 +565,7 @@ static void forget_original_parent(struct task_struct *father, ...@@ -557,7 +565,7 @@ static void forget_original_parent(struct task_struct *father,
exit_ptrace(father, dead); exit_ptrace(father, dead);
/* Can drop and reacquire tasklist_lock */ /* Can drop and reacquire tasklist_lock */
reaper = find_child_reaper(father); reaper = find_child_reaper(father, dead);
if (list_empty(&father->children)) if (list_empty(&father->children))
return; return;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment