Bug 133590

Summary: PTRACE_ATTACH race with real parent's wait calls can produced bogus wait returns
Product: [Fedora] Fedora Reporter: Roland McGrath <roland>
Component: kernelAssignee: Roland McGrath <roland>
Status: CLOSED ERRATA QA Contact: Brian Brock <bbrock>
Severity: low Docs Contact:
Priority: medium    
Version: rawhideCC: wtogami
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-01-03 08:32:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
test program to reproduce the bug
none
upstream 2.6 patch to avoid this race none

Description Roland McGrath 2004-09-24 23:02:15 UTC 
Description of problem:
There is a race between PTRACE_ATTACH and the real parent calling
wait.  For a moment, the task is put in PT_PTRACED but with its parent
still pointing to its real_parent.  In this circumstance, if the real
parent calls wait without the WUNTRACED flag, he can see a stopped
child status, which wait should never return without WUNTRACED when
the caller is not using ptrace.  Here it is not the caller that is
using ptrace, but some third party.

 

Version-Release number of selected component (if applicable):
2.6.9-rc2

How reproducible:
Requires SMP or preemption, hits pretty quickly on my 2-CPU test box.

Steps to Reproduce:
1. See attached test program.
2. compile it
3. run it
  
Actual results:
Eventually prints "wait => PID status 137f ..." and then gets
confused.  This happens when wait returns for the stopped child, which
should not be possible.

Expected results:
That should not happen.

Additional info:
Fix on the way
Comment 1 Roland McGrath 2004-09-24 23:03:00 UTC 
Created attachment 104297 [details]
test program to reproduce the bug

Just compile and run it.
Comment 2 Roland McGrath 2004-09-24 23:10:11 UTC 
Created attachment 104298 [details]
upstream 2.6 patch to avoid this race

I've submitted this patch upstream, waiting for feedback.
Comment 3 Roland McGrath 2004-10-29 19:44:21 UTC 
This patch has gone in upstream, should be in 2.6.10.
Comment 4 Roland McGrath 2005-01-03 08:32:36 UTC 
2.6.10 has this fixed.
Comment 5 Tim Powers 2005-06-08 15:12:36 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-420.html