lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <50c23f46-f4ad-b6c8-b7bc-0a8d8449c62f@virtuozzo.com>
Date:   Fri, 12 Jan 2018 13:05:19 +0300
From:   Kirill Tkhai <ktkhai@...tuozzo.com>
To:     Oleg Nesterov <oleg@...hat.com>
Cc:     linux-kernel@...r.kernel.org, gregkh@...uxfoundation.org,
        jslaby@...e.com, viro@...iv.linux.org.uk, keescook@...omium.org,
        serge@...lyn.com, james.l.morris@...cle.com, luto@...nel.org,
        john.johansen@...onical.com, mingo@...nel.org,
        akpm@...ux-foundation.org, mhocko@...e.com, peterz@...radead.org
Subject: Re: [PATCH 3/4] tty: Iterate only thread group leaders in __do_SAK()

On 12.01.2018 11:42, Kirill Tkhai wrote:
> On 11.01.2018 21:34, Oleg Nesterov wrote:
>> On 01/11, Kirill Tkhai wrote:
>>>
>>> Since threads can't have additional fd in comparison
>>> to thread group leader
>> ...
>>> as they definitely have the same
>>> files struct, as thread group leader.
>>
>> Hmm. Why? Iirc CLONE_THREAD doesn't require CLONE_FILES?
> 
> Oh, it's really so. Surprise. Thanks for pointing that.
> I'll try to find a way, how we can iterate threads fds using rcu.
> 
>> Also. The group leader can exit, in this case its ->files == NULL
>> but other threads can be alive.
> 
> Sure, thanks, Oleg.

How about this patch instead of the whole set? I left thread iterations
and added sighand locking for visability.

It looks like the only way, that already iterated tasks reopen tty fd again,
is when they obtain it from unix scm or from foreign /proc/[pid]/fd/[fd]
like it was before the patch. What do you think about this?

diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
index dc60aeea87d8..ab86aabfebc7 100644
--- a/drivers/tty/tty_io.c
+++ b/drivers/tty/tty_io.c
@@ -2706,6 +2706,7 @@ void __do_SAK(struct tty_struct *tty)
 #else
 	struct task_struct *g, *p;
 	struct pid *session;
+	unsigned long flags;
 	int		i;
 
 	if (!tty)
@@ -2723,25 +2724,51 @@ void __do_SAK(struct tty_struct *tty)
 			   task_pid_nr(p), p->comm);
 		send_sig(SIGKILL, p, 1);
 	} while_each_pid_task(session, PIDTYPE_SID, p);
+	read_unlock(&tasklist_lock);
 
+	tty_lock(tty);
+	rcu_read_lock();
 	/* Now kill any processes that happen to have the tty open */
-	do_each_thread(g, p) {
-		if (p->signal->tty == tty) {
-			tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n",
-				   task_pid_nr(p), p->comm);
-			send_sig(SIGKILL, p, 1);
-			continue;
+	for_each_process(g) {
+		for_each_thread(g, p) {
+			task_lock(p);
+			i = iterate_fd(p->files, 0, this_tty, tty);
+			if (i != 0) {
+				tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n",
+					   task_pid_nr(p), p->comm, i - 1);
+				force_sig(SIGKILL, p);
+			}
+			task_unlock(p);
+
+			/*
+			 * p->signal is always valid for task_struct obtained
+			 * from the task list under rcu_read_lock().
+			 */
+			if (!i && p->signal->tty == tty) {
+				tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n",
+					   task_pid_nr(p), p->comm);
+				send_sig(SIGKILL, p, 1);
+			}
+
+			if (READ_ONCE(p->thread_node.next) == &g->signal->thread_head) {
+				/* Take and drop the lock to see newly forked threads */
+				if (lock_task_sighand(p, &flags))
+					unlock_task_sighand(p, &flags);
+				else {
+					read_lock(&tasklist_lock);
+					read_unlock(&tasklist_lock);
+				}
+			}
 		}
-		task_lock(p);
-		i = iterate_fd(p->files, 0, this_tty, tty);
-		if (i != 0) {
-			tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n",
-				   task_pid_nr(p), p->comm, i - 1);
-			force_sig(SIGKILL, p);
+
+		if (unlikely(next_task(p) == &init_task)) {
+			/* Take and drop the lock to see newly forked tasks */
+			read_lock(&tasklist_lock);
+			read_unlock(&tasklist_lock);
 		}
-		task_unlock(p);
-	} while_each_thread(g, p);
-	read_unlock(&tasklist_lock);
+	}
+	rcu_read_unlock();
+	tty_unlock(tty);
 #endif
 }
 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ