From owner-dev-commits-src-main@freebsd.org Mon May 3 16:20:44 2021 Return-Path: Delivered-To: dev-commits-src-main@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C019963684E; Mon, 3 May 2021 16:20:44 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4FYp9m3Cgyz3DX0; Mon, 3 May 2021 16:20:44 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4244421405; Mon, 3 May 2021 16:20:44 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 143GKiUT022328; Mon, 3 May 2021 16:20:44 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 143GKib3022327; Mon, 3 May 2021 16:20:44 GMT (envelope-from git) Date: Mon, 3 May 2021 16:20:44 GMT Message-Id: <202105031620.143GKib3022327@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Konstantin Belousov Subject: git: 9ebf9100bad1 - main - ptrace: do not allow for parallel ptrace requests MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 9ebf9100bad129a92961572ac862781d6c5681c7 Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-main@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for the main branch of the src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 May 2021 16:20:45 -0000 The branch main has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=9ebf9100bad129a92961572ac862781d6c5681c7 commit 9ebf9100bad129a92961572ac862781d6c5681c7 Author: Konstantin Belousov AuthorDate: 2021-04-24 11:57:40 +0000 Commit: Konstantin Belousov CommitDate: 2021-05-03 16:16:30 +0000 ptrace: do not allow for parallel ptrace requests Set a new P2_PTRACEREQ flag around the request Wait for the target . process P2_PTRACEREQ flag to clear before setting ours . Otherwise, we rely on the moment that the process lock is not dropped until the stopped target state is important. This is going to be no longer true after some future change. Reviewed by: markj Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D29955 --- sys/kern/sys_process.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++-- sys/sys/proc.h | 1 + 2 files changed, 48 insertions(+), 2 deletions(-) diff --git a/sys/kern/sys_process.c b/sys/kern/sys_process.c index 4eb7383ca8f0..27849de47fde 100644 --- a/sys/kern/sys_process.c +++ b/sys/kern/sys_process.c @@ -604,11 +604,18 @@ proc_set_traced(struct proc *p, bool stop) static int proc_can_ptrace(struct thread *td, struct proc *p) { + int error; + PROC_LOCK_ASSERT(p, MA_OWNED); if ((p->p_flag & P_WEXIT) != 0) return (ESRCH); + if ((error = p_cansee(td, p)) != 0) + return (error); + if ((error = p_candebug(td, p)) != 0) + return (error); + /* not being traced... */ if ((p->p_flag & P_TRACED) == 0) return (EPERM); @@ -640,10 +647,11 @@ kern_ptrace(struct thread *td, int req, pid_t pid, void *addr, int data) #ifdef COMPAT_FREEBSD32 int wrap32 = 0, safe = 0; #endif - bool proctree_locked; + bool proctree_locked, p2_req_set; curp = td->td_proc; proctree_locked = false; + p2_req_set = false; /* Lock proctree before locking the process. */ switch (req) { @@ -782,15 +790,47 @@ kern_ptrace(struct thread *td, int req, pid_t pid, void *addr, int data) /* FALLTHROUGH */ default: + /* + * Check for ptrace eligibility before waiting for + * holds to drain. + */ error = proc_can_ptrace(td, p); if (error != 0) goto fail; + /* + * Block parallel ptrace requests. Most important, do + * not allow other thread in debugger to continue the + * debuggee until coredump finished. + */ + while ((p->p_flag2 & P2_PTRACEREQ) != 0) { + if (proctree_locked) + sx_xunlock(&proctree_lock); + error = msleep(&p->p_flag2, &p->p_mtx, PPAUSE | PCATCH | + (proctree_locked ? PDROP : 0), "pptrace", 0); + if (proctree_locked) { + sx_xlock(&proctree_lock); + PROC_LOCK(p); + } + if (error == 0 && td2->td_proc != p) + error = ESRCH; + if (error == 0) + error = proc_can_ptrace(td, p); + if (error != 0) + goto fail; + } + /* Ok */ break; } - /* Keep this process around until we finish this request. */ + /* + * Keep this process around and request parallel ptrace() + * request to wait until we finish this request. + */ + MPASS((p->p_flag2 & P2_PTRACEREQ) == 0); + p->p_flag2 |= P2_PTRACEREQ; + p2_req_set = true; _PHOLD(p); /* @@ -1325,6 +1365,11 @@ out: /* Drop our hold on this process now that the request has completed. */ _PRELE(p); fail: + if (p2_req_set) { + if ((p->p_flag2 & P2_PTRACEREQ) != 0) + wakeup(&p->p_flag2); + p->p_flag2 &= ~P2_PTRACEREQ; + } PROC_UNLOCK(p); if (proctree_locked) sx_xunlock(&proctree_lock); diff --git a/sys/sys/proc.h b/sys/sys/proc.h index a078b859ddc1..e02e97d74229 100644 --- a/sys/sys/proc.h +++ b/sys/sys/proc.h @@ -829,6 +829,7 @@ struct proc { #define P2_STKGAP_DISABLE_EXEC 0x00001000 /* Stack gap disabled after exec */ #define P2_ITSTOPPED 0x00002000 +#define P2_PTRACEREQ 0x00004000 /* Active ptrace req */ /* Flags protected by proctree_lock, kept in p_treeflags. */ #define P_TREE_ORPHANED 0x00000001 /* Reparented, on orphan list */