lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Thu,  8 Sep 2022 17:03:11 +0300
From:   Pavel Tikhomirov <ptikhomirov@...tuozzo.com>
To:     Eric Biederman <ebiederm@...ssion.com>,
        Alexander Viro <viro@...iv.linux.org.uk>,
        Christian Brauner <brauner@...nel.org>,
        Andrei Vagin <avagin@...gle.com>, linux-kernel@...r.kernel.org
Cc:     Pavel Tikhomirov <ptikhomirov@...tuozzo.com>,
        Kees Cook <keescook@...omium.org>,
        Ingo Molnar <mingo@...hat.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Juri Lelli <juri.lelli@...hat.com>,
        Vincent Guittot <vincent.guittot@...aro.org>,
        Dietmar Eggemann <dietmar.eggemann@....com>,
        Steven Rostedt <rostedt@...dmis.org>,
        Ben Segall <bsegall@...gle.com>, Mel Gorman <mgorman@...e.de>,
        Daniel Bristot de Oliveira <bristot@...hat.com>,
        Valentin Schneider <vschneid@...hat.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        linux-ia64@...r.kernel.org, linux-mm@...ck.org,
        linux-fsdevel@...r.kernel.org, kernel@...nvz.org
Subject: [PATCH v3 0/2] Introduce CABA helper process tree

CABA = Closest Alive Born Ancestor

In Linux process tree we reparent children of a dying process to the
reaper, thus loosing information in which subtree the child was
originally born. This information can be useful to CRIU to restore
process trees right.

The idea of CABA tree is to keep reference to the closest "born"
ancestor in the process tree. In simple case if our "born" parent dies
(completely unhashed) CABA would then point to its "born" parent - our
"born" grand-parent. So CABA is always referencing closest "born"
(grand-)*parent in available processes.

Please see "Add CABA tree to task_struct" for deeper explanation, and
"tests: Add CABA selftest" for a small test and an actual example for
which we might need CABA.

Probably the original problem of restoring process tree with complex
sessions can be resolved by allowing sessions copying, like we do for
process group, but I'm not sure if that would be too secure to do it,
and if there would not be another similar resource in future. So I
prefere CABA.

Also we can use CABA not only for CRIU for restoring processes, but in
normal life when processes detach CABA will help to understand from
which place in process tree they were originally started from sshd/crond
or something else.

Hope my idea is not completely insane =)

I plan to have a talk on LPC 2022 about it https://lpc.events/event/16/contributions/1241/

CC: Eric Biederman <ebiederm@...ssion.com>
CC: Kees Cook <keescook@...omium.org>
CC: Alexander Viro <viro@...iv.linux.org.uk>
CC: Ingo Molnar <mingo@...hat.com>
CC: Peter Zijlstra <peterz@...radead.org>
CC: Juri Lelli <juri.lelli@...hat.com>
CC: Vincent Guittot <vincent.guittot@...aro.org>
CC: Dietmar Eggemann <dietmar.eggemann@....com>
CC: Steven Rostedt <rostedt@...dmis.org>
CC: Ben Segall <bsegall@...gle.com>
CC: Mel Gorman <mgorman@...e.de>
CC: Daniel Bristot de Oliveira <bristot@...hat.com>
CC: Valentin Schneider <vschneid@...hat.com>
CC: Andrew Morton <akpm@...ux-foundation.org>
CC: linux-ia64@...r.kernel.org
CC: linux-kernel@...r.kernel.org
CC: linux-mm@...ck.org
CC: linux-fsdevel@...r.kernel.org
CC: kernel@...nvz.org

Pavel Tikhomirov (2):
  Add CABA tree to task_struct
  tests: Add CABA selftest

 arch/ia64/kernel/mca.c                   |   3 +
 fs/exec.c                                |   1 +
 fs/proc/array.c                          |  20 +
 include/linux/sched.h                    |   7 +
 init/init_task.c                         |   3 +
 kernel/exit.c                            |  21 +
 kernel/fork.c                            |   4 +
 tools/testing/selftests/Makefile         |   1 +
 tools/testing/selftests/caba/.gitignore  |   1 +
 tools/testing/selftests/caba/Makefile    |   7 +
 tools/testing/selftests/caba/caba_test.c | 509 +++++++++++++++++++++++
 tools/testing/selftests/caba/config      |   1 +
 12 files changed, 578 insertions(+)
 create mode 100644 tools/testing/selftests/caba/.gitignore
 create mode 100644 tools/testing/selftests/caba/Makefile
 create mode 100644 tools/testing/selftests/caba/caba_test.c
 create mode 100644 tools/testing/selftests/caba/config

-- 
2.37.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ