From 7f5d0afe525af4728ed5ec75193e9e4560d9558c Mon Sep 17 00:00:00 2001 From: Adin Scannell Date: Mon, 24 Jun 2019 17:28:46 -0700 Subject: Add O_EXITKILL to ptrace options. This prevents a race before PDEATH_SIG can take effect during a sentry crash. Discovered and solution by avagin@. PiperOrigin-RevId: 254871534 --- pkg/sentry/platform/ptrace/subprocess.go | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'pkg/sentry/platform') diff --git a/pkg/sentry/platform/ptrace/subprocess.go b/pkg/sentry/platform/ptrace/subprocess.go index 3656611ed..f15b3415a 100644 --- a/pkg/sentry/platform/ptrace/subprocess.go +++ b/pkg/sentry/platform/ptrace/subprocess.go @@ -370,13 +370,16 @@ func (t *thread) destroy() { // init initializes trace options. func (t *thread) init() { - // Set our TRACESYSGOOD option to differeniate real SIGTRAP. + // Set our TRACESYSGOOD option to differeniate real SIGTRAP. We also + // set PTRACE_O_EXITKILL to ensure that the unexpected exit of the + // sentry will immediately kill the associated stubs. + const PTRACE_O_EXITKILL = 0x100000 _, _, errno := syscall.RawSyscall6( syscall.SYS_PTRACE, syscall.PTRACE_SETOPTIONS, uintptr(t.tid), 0, - syscall.PTRACE_O_TRACESYSGOOD|syscall.PTRACE_O_TRACEEXIT, + syscall.PTRACE_O_TRACESYSGOOD|syscall.PTRACE_O_TRACEEXIT|PTRACE_O_EXITKILL, 0, 0) if errno != 0 { panic(fmt.Sprintf("ptrace set options failed: %v", errno)) -- cgit v1.2.3