lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20180508153920.9e74e1ab86a8b10e8ddf09a0@linux-foundation.org>
Date:   Tue, 8 May 2018 15:39:20 -0700
From:   Andrew Morton <akpm@...ux-foundation.org>
To:     Alexey Dobriyan <adobriyan@...il.com>
Cc:     linux-kernel@...r.kernel.org
Subject: Re: [PATCH] proc: test /proc/*/fd a bit (+ PF_KTHREAD is ABI!)

On Sat, 5 May 2018 03:04:14 +0300 Alexey Dobriyan <adobriyan@...il.com> wrote:

> * Test lookup in /proc/self/fd.
>   "map_files" lookup story showed that lookup is not that simple.
> 
> * Test that all those symlinks open the same file.
>   Check with (st_dev, st_info).
> 
> * Test that kernel threads do not have anything in their /proc/*/fd/
>   directory.
> 
> Now this is where things get interesting.
> 
> First, kernel threads aren't pinned by /proc/self or equivalent,
> thus some "atomicity" is required.
> 
> Second, ->comm can contain whitespace and ')'.
> No, they are not escaped.
> 
> Third, the only reliable way to check if process is kernel thread
> appears to be field #9 in /proc/*/stat.
> 
> This field is struct task_struct::flags in decimal!
> Check is done by testing PF_KTHREAD flags like we do in kernel.
> 
> 	PF_KTREAD value is a part of userspace ABI !!!

erk.  Well if there's a need the we could export and support some
stable interface.  I wonder how ps determines this.


> Other methods for determining kernel threadness are not reliable:
> * RSS can be 0 if everything is swapped, even while reading
>   from /proc/self.
> 
> * ->total_vm CAN BE ZERO if process is finishing
> 
> 	munmap(NULL, whole address space);
> 
> * /proc/*/maps and similar files can be empty because unmapping
>   everything works. Read returning 0 can't distinguish between
>   kernel thread and such suicide process.
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ