Protect Task.ptraceSeized with TaskSet mutex and Signal mutex.

nlacasse · gvisor-bot · commit 8221e477b5c4 · 2025-03-31T10:51:35.000-07:00
Previously Task.ptraceSeized was protected only by TaskSet mutex, but some
pathways incorrectly modified the field without holding the lock, leading to
data races.

This CL changes the locking so that TaskSet and Signal mutexes are required to
write Task.ptraceSeized, but only one of them must be held to read
Task.ptraceSeized.

Reported-by: syzbot+b0de1abe368849ca2d00@syzkaller.appspotmail.com
PiperOrigin-RevId: 742317413
diff --git a/pkg/sentry/kernel/ptrace.go b/pkg/sentry/kernel/ptrace.go
@@ -525,8 +525,8 @@ func (t *Task) ptraceAttach(target *Task, seize bool, opts uintptr) error {
 	}
 	target.ptraceTracer.Store(t)
 	t.ptraceTracees[target] = struct{}{}
-	target.ptraceSeized = seize
 	target.tg.signalHandlers.mu.Lock()
+	target.ptraceSeized = seize
 	// "Unlike PTRACE_ATTACH, PTRACE_SEIZE does not stop the process." -
 	// ptrace(2)
 	if !seize {
@@ -601,17 +601,19 @@ func (t *Task) exitPtraceLocked() {
 //
 // Preconditions: The TaskSet mutex must be locked for writing.
 func (t *Task) forgetTracerLocked() {
-	t.ptraceSeized = false
 	t.ptraceOpts = ptraceOptions{}
 	t.ptraceSyscallMode = ptraceSyscallNone
 	t.ptraceSinglestep = false
 	t.ptraceTracer.Store(nil)
 	if t.exitTracerNotified && !t.exitTracerAcked {
 		t.exitTracerAcked = true
+		// Don't hold signalHandlers.mu while calling exitNotifyLocked,
+		// since it takes that mutex in some pathways.
 		t.exitNotifyLocked(true)
 	}
 	t.tg.signalHandlers.mu.Lock()
 	defer t.tg.signalHandlers.mu.Unlock()
+	t.ptraceSeized = false
 	// Unset t.trapStopPending, which might have been set by PTRACE_INTERRUPT. If
 	// it wasn't, it will be reset via t.groupStopPending after the following.
 	t.trapStopPending = false
@@ -803,6 +805,7 @@ func (t *Task) ptraceClone(kind ptraceCloneKind, child *Task, args *linux.CloneA
 		if tracer != nil {
 			child.ptraceTracer.Store(tracer)
 			tracer.ptraceTracees[child] = struct{}{}
+			child.tg.signalHandlers.mu.Lock()
 			// "The "seized" behavior ... is inherited by children that are
 			// automatically attached using PTRACE_O_TRACEFORK,
 			// PTRACE_O_TRACEVFORK, and PTRACE_O_TRACECLONE." - ptrace(2)
@@ -811,7 +814,6 @@ func (t *Task) ptraceClone(kind ptraceCloneKind, child *Task, args *linux.CloneA
 			// via active PTRACE_O_TRACEFORK, PTRACE_O_TRACEVFORK, or
 			// PTRACE_O_TRACECLONE options." - ptrace(2)
 			child.ptraceOpts = t.ptraceOpts
-			child.tg.signalHandlers.mu.Lock()
 			// "PTRACE_SEIZE: ... Automatically attached children stop with
 			// PTRACE_EVENT_STOP and WSTOPSIG(status) returns SIGTRAP instead
 			// of having SIGSTOP signal delivered to them." - ptrace(2)
diff --git a/pkg/sentry/kernel/task.go b/pkg/sentry/kernel/task.go
@@ -364,7 +364,10 @@ type Task struct {
 	// ptraceSeized is true if ptraceTracer attached to this task with
 	// PTRACE_SEIZE.
 	//
-	// ptraceSeized is protected by the TaskSet mutex.
+	// ptraceSeized is protected by both the TaskSet mutex and the signal
+	// mutex: Mutating ptraceSeized requires locking the TaskSet mutex for
+	// writing *and* locking the signal mutex. Reading ptraceSeized
+	// requires locking the TaskSet mutex *or* locking the signal mutex.
 	ptraceSeized bool
 
 	// ptraceOpts contains ptrace options explicitly set by the tracer. If
