lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 10 Apr 2007 18:16:04 -0500
From:	"Serge E. Hallyn" <serge@...lyn.com>
To:	Oleg Nesterov <oleg@...sign.ru>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	Davide Libenzi <davidel@...ilserver.org>,
	"Eric W. Biederman" <ebiederm@...ssion.com>,
	Jan Engelhardt <jengelh@...ux01.gwdg.de>,
	Ingo Molnar <mingo@...e.hu>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Robin Holt <holt@....com>, Roland McGrath <roland@...hat.com>,
	"Serge E. Hallyn" <serge@...lyn.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/3] make kernel threads invisible to /sbin/init

Quoting Oleg Nesterov (oleg@...sign.ru):
> 1. rename reparent_to_init() to reparent_kthread() and export it
> 
> 2. use init_pid_ns.child_reaper instead of child_reaper(current)

Each of these patches looks good to me, but this part in particular
is a must-have bugfix.

Just started some tests, if any failures come back I'll report them
tonight.

thanks Oleg,
-serge

> 3. set ->exit_signal = -1, so init can't see us and we don't use
>    it to reap the task.
> 
> 4. add reparent_kthread() to kthread() and stopmachine()
> 
> See also
> 
> 	http://marc.info/?t=117580282200003&r=1
> 	http://marc.info/?t=95299284800003&r=1
> 
> Signed-off-by: Oleg Nesterov <oleg@...sign.ru>
> 
>  include/linux/sched.h |    1 +
>  kernel/exit.c         |   16 ++++++++--------
>  kernel/kthread.c      |    1 +
>  kernel/stop_machine.c |    1 +
>  4 files changed, 11 insertions(+), 8 deletions(-)
> 
> --- 2.6.21-rc5/include/linux/sched.h~2_DETACH	2007-04-05 12:18:28.000000000 +0400
> +++ 2.6.21-rc5/include/linux/sched.h	2007-04-10 21:52:27.000000000 +0400
> @@ -1401,6 +1401,7 @@ extern void exit_itimers(struct signal_s
>  
>  extern NORET_TYPE void do_group_exit(int);
>  
> +extern void reparent_kthread(void);
>  extern void daemonize(const char *, ...);
>  extern int allow_signal(int);
>  extern int disallow_signal(int);
> --- 2.6.21-rc5/kernel/exit.c~2_DETACH	2007-04-10 21:32:44.000000000 +0400
> +++ 2.6.21-rc5/kernel/exit.c	2007-04-10 21:59:41.000000000 +0400
> @@ -255,7 +255,7 @@ static int has_stopped_jobs(struct pid *
>  }
>  
>  /**
> - * reparent_to_init - Reparent the calling kernel thread to the init task of the pid space that the thread belongs to.
> + * reparent_kthread - Reparent the calling kernel thread to the init task of the pid space that the thread belongs to.
>   *
>   * If a kernel thread is launched as a result of a system call, or if
>   * it ever exits, it should generally reparent itself to init so that
> @@ -264,20 +264,20 @@ static int has_stopped_jobs(struct pid *
>   * The various task state such as scheduling policy and priority may have
>   * been inherited from a user process, so we reset them to sane values here.
>   *
> - * NOTE that reparent_to_init() gives the caller full capabilities.
> + * NOTE that reparent_kthread() gives the caller full capabilities.
>   */
> -static void reparent_to_init(void)
> +void reparent_kthread(void)
>  {
>  	write_lock_irq(&tasklist_lock);
>  
>  	ptrace_unlink(current);
>  	remove_parent(current);
> -	current->parent = child_reaper(current);
> -	current->real_parent = child_reaper(current);
> +	current->parent = init_pid_ns.child_reaper;
> +	current->real_parent = current->parent;
>  	add_parent(current);
>  
> -	/* Set the exit signal to SIGCHLD so we signal init on exit */
> -	current->exit_signal = SIGCHLD;
> +	/* make the task auto-reap */
> +	current->exit_signal = -1;
>  
>  	security_task_reparent_to_init(current);
>  	write_unlock_irq(&tasklist_lock);
> @@ -391,7 +391,7 @@ void daemonize(const char *name, ...)
>  	current->files = init_task.files;
>  	atomic_inc(&current->files->count);
>  
> -	reparent_to_init();
> +	reparent_kthread();
>  
>  	if (!has_rt_policy(current) && (task_nice(current) < 0))
>  		set_user_nice(current, 0);
> --- 2.6.21-rc5/kernel/kthread.c~2_DETACH	2007-04-05 12:18:28.000000000 +0400
> +++ 2.6.21-rc5/kernel/kthread.c	2007-04-10 22:02:31.000000000 +0400
> @@ -82,6 +82,7 @@ static int kthread(void *_create)
>  	sigset_t blocked;
>  	int ret = -EINTR;
>  
> +	reparent_kthread();
>  	kthread_exit_files();
>  
>  	/* Copy data: it's on keventd's stack */
> --- 2.6.21-rc5/kernel/stop_machine.c~2_DETACH	2006-10-22 18:24:03.000000000 +0400
> +++ 2.6.21-rc5/kernel/stop_machine.c	2007-04-10 22:04:23.000000000 +0400
> @@ -33,6 +33,7 @@ static int stopmachine(void *cpu)
>  	int irqs_disabled = 0;
>  	int prepared = 0;
>  
> +	reparent_kthread();
>  	set_cpus_allowed(current, cpumask_of_cpu((int)(long)cpu));
>  
>  	/* Ack: we are alive */
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ