On Tue, Jun 28, 2022 at 10:39:59PM -0500, Eric W. Biederman wrote: > Steven Rostedt writes: > > > On Tue, 28 Jun 2022 17:42:22 -0500 > > "Eric W. Biederman" wrote: > > > >> diff --git a/kernel/ptrace.c b/kernel/ptrace.c > >> index 156a99283b11..cb85bcf84640 100644 > >> --- a/kernel/ptrace.c > >> +++ b/kernel/ptrace.c > >> @@ -202,6 +202,7 @@ static bool ptrace_freeze_traced(struct task_struct *task) > >> spin_lock_irq(&task->sighand->siglock); > >> if (task_is_traced(task) && !looks_like_a_spurious_pid(task) && > >> !__fatal_signal_pending(task)) { > >> + smp_rmb(); > >> task->jobctl |= JOBCTL_PTRACE_FROZEN; > >> ret = true; > >> } > >> diff --git a/kernel/signal.c b/kernel/signal.c > >> index edb1dc9b00dc..bcd576e9de66 100644 > >> --- a/kernel/signal.c > >> +++ b/kernel/signal.c > >> @@ -2233,6 +2233,7 @@ static int ptrace_stop(int exit_code, int why, unsigned long message, > >> return exit_code; > >> > >> set_special_state(TASK_TRACED); > >> + smp_wmb(); > >> current->jobctl |= JOBCTL_TRACED; > >> > > > > Are not these both done under the sighand->siglock spinlock? > > > > That is, the two paths should already be synchronized, and the memory > > barriers will not help anything inside the locks. The locking should (and > > must) handle all that. > > I would presume so to. However the READ_ONCE that is going astray > does not look like it is honoring that. > > So perhaps there is a bug in the s390 spin_lock barriers? Perhaps there > is a subtle detail in the barriers that spin locks provide that we are > overlooking? > > I just know the observed behavior is: > > - reading tsk->jobctl and seeing JOBCTL_TRACED set. > - reading tsk->__state and seeing TASK_RUNNING. > > So unless PREEMPT_RT is enabled on s390. It looks like there is a > barrier problem. > > Alexander do you have PREEMPT_RT enabled on s390? I have been assuming > you don't but I figure I should ask and make certain as PREEMPT_RT can > cause this kind of failure. There is no change with the barriers added. CONFIG_PREEMPT_RT is disabled and CONFIG_LOCKDEP is enabled (in attach). FWIW, I also added a full barrier: @@ -271,6 +272,7 @@ static int ptrace_check_attach(struct task_struct *child, bool ignore_state) if (!ret && !ignore_state) { unsigned int __state; + smp_mb(); WARN_ON_ONCE(!(child->jobctl & JOBCTL_PTRACE_FROZEN)); WARN_ON_ONCE(!(child->jobctl & JOBCTL_TRACED)); __state = READ_ONCE(child->__state); I have not been able to extract the ftrace ring buffer yet - going to do that. > Eric Thanks!