On 6/10/21 11:36 PM, Andrew Morton wrote:
On Thu, 10 Jun 2021 09:31:42 +0200 Bernd Edlinger bernd.edlinger@hotmail.de wrote:
This introduces signal->unsafe_execve_in_progress, which is used to fix the case when at least one of the sibling threads is traced, and therefore the trace process may dead-lock in ptrace_attach, but de_thread will need to wait for the tracer to continue execution.
Deadlocks are serious. Is this exploitable by unprivileged userspace?
Yes, in theory:
You need a program doing things like the second test case in vmaccess.c and if the parent (also unprivileged) does simply not call PTRACE_ATTACH and not waitpid. This is an unprivileged process.
Now if A kernel process would try the PTRACE_ATTACH from the test case it would freeze until the parent process calls waitpid, which it would not do in this scenario.
Signed-off-by: Bernd Edlinger bernd.edlinger@hotmail.de
Was a -stable backport considered?
Yes, maybe after some time.
Thanks Bernd.