[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <23abb989-c20c-0dc0-019c-272beca8cee6@linux.com>
Date: Fri, 22 Oct 2021 20:30:09 +0300
From: Alexander Popov <alex.popov@...ux.com>
To: "Eric W. Biederman" <ebiederm@...ssion.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
Petr Mladek <pmladek@...e.com>,
"Paul E. McKenney" <paulmck@...nel.org>,
Jonathan Corbet <corbet@....net>,
Andrew Morton <akpm@...ux-foundation.org>,
Thomas Gleixner <tglx@...utronix.de>,
Peter Zijlstra <peterz@...radead.org>,
Joerg Roedel <jroedel@...e.de>,
Maciej Rozycki <macro@...am.me.uk>,
Muchun Song <songmuchun@...edance.com>,
Viresh Kumar <viresh.kumar@...aro.org>,
Robin Murphy <robin.murphy@....com>,
Randy Dunlap <rdunlap@...radead.org>,
Lu Baolu <baolu.lu@...ux.intel.com>,
Kees Cook <keescook@...omium.org>,
Luis Chamberlain <mcgrof@...nel.org>, Wei Liu <wl@....org>,
John Ogness <john.ogness@...utronix.de>,
Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
Alexey Kardashevskiy <aik@...abs.ru>,
Christophe Leroy <christophe.leroy@...roup.eu>,
Jann Horn <jannh@...gle.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Mark Rutland <mark.rutland@....com>,
Andy Lutomirski <luto@...nel.org>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Steven Rostedt <rostedt@...dmis.org>,
Will Deacon <will.deacon@....com>,
David S Miller <davem@...emloft.net>,
Borislav Petkov <bp@...en8.de>,
Kernel Hardening <kernel-hardening@...ts.openwall.com>,
linux-hardening@...r.kernel.org,
"open list:DOCUMENTATION" <linux-doc@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
notify@...nel.org
Subject: Re: [PATCH] Introduce the pkill_on_warn boot parameter
On 05.10.2021 22:48, Eric W. Biederman wrote:
> Especially as calling do_group_exit(SIGKILL) from a random location is
> not a clean way to kill a process. Strictly speaking it is not even
> killing the process.
>
> Partly this is just me seeing the introduction of a
> do_group_exit(SIGKILL) call and not likely the maintenance that will be
> needed. I am still sorting out the problems with other randomly placed
> calls to do_group_exit(SIGKILL) and interactions with ptrace and
> PTRACE_EVENT_EXIT in particular.
>
> Which is a long winded way of saying if I can predictably trigger a
> warning that calls do_group_exit(SIGKILL), on some architectures I can
> use ptrace and can convert that warning into a way to manipulate the
> kernel stack to have the contents of my choice.
>
> If anyone goes forward with this please use the existing oops
> infrastructure so the ptrace interactions and anything else that comes
> up only needs to be fixed once.
Hello Eric, hello everyone.
I learned the oops infrastructure and see that it's arch-specific.
The architectures have separate implementations of the die() function with
different prototypes. I don't see how to use the oops infrastructure for killing
all threads in a process that hits a kernel warning.
What do you think about doing the same as the oom_killer (and some other
subsystems)? It kills all threads in a process this way:
do_send_sig_info(SIGKILL, SEND_SIG_PRIV, current, PIDTYPE_TGID).
The oom_killer also shows a nice way to avoid killing init and kthreads:
static bool oom_unkillable_task(struct task_struct *p)
{
if (is_global_init(p))
return true;
if (p->flags & PF_KTHREAD)
return true;
return false;
}
I want to do something similar.
I would appreciate your comments.
Best regards,
Alexander
Powered by blists - more mailing lists