From cb31a266167c8bde3488fbdd6bf24c38b6f59977 Mon Sep 17 00:00:00 2001 From: Konstantin Belousov Date: Mon, 11 May 2026 04:12:30 +0300 Subject: [PATCH] ptrace: clear TDP_USERWR after transparent attach only on attach The flag indicates that the modifying ptrace op was issued, and clearing it after transparent attach is needed to not leak the flag to later operations, since it is cleared on the syscall enter. But clearing it there unconditionally is too strong. The clearing should be only done for attach situation. Reported by: Alex S Fixes: 99976934274de6fa19f049a0b6eac10856710f96 Reviewed by: markj Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D56928 --- sys/kern/sys_process.c | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/sys/kern/sys_process.c b/sys/kern/sys_process.c index dece6457a4b..5effc6fbe2d 100644 --- a/sys/kern/sys_process.c +++ b/sys/kern/sys_process.c @@ -1411,17 +1411,16 @@ kern_ptrace(struct thread *td, int req, pid_t pid, void *addr, int data) * register file or specifying the pc, make the thread * xstopped by waking it up. */ - if ((td2->td_dbgflags & TDB_USERWR) != 0) { - if (pt_attach_transparent) { - thread_lock(td2); - if (TD_ON_SLEEPQ(td2) && - (td2->td_flags & TDF_SINTR) != 0) { - sleepq_abort(td2, EINTR); - } else { - thread_unlock(td2); - } + if ((td2->td_dbgflags & TDB_USERWR) != 0 && + pt_attach_transparent) { + thread_lock(td2); + if (TD_ON_SLEEPQ(td2) && + (td2->td_flags & TDF_SINTR) != 0) { + td2->td_dbgflags &= ~TDB_USERWR; + sleepq_abort(td2, EINTR); + } else { + thread_unlock(td2); } - td2->td_dbgflags &= ~TDB_USERWR; } /*