[PATCH 03/12] pid: get ppid pid_t of task in init_pid_ns safely
Richard Guy Briggs
rgb at redhat.com
Fri Aug 30 19:56:46 UTC 2013
On Tue, Aug 27, 2013 at 07:21:55PM +0200, Oleg Nesterov wrote:
> On 08/20, Richard Guy Briggs wrote:
> >
> > Added the functions
> > task_ppid()
> > task_ppid_nr_ns()
> > task_ppid_nr_init_ns()
> > to safely abstract the lookup of the PPID
>
> but it is not safe.
>
> > +static inline struct pid *task_ppid(struct task_struct *task)
> > +{
> > + return task_tgid(rcu_dereference(current->real_parent));
> ^^^^^^^
> task?
Yup, thanks for those two catches.
> > + rcu_read_unlock();
>
> And why this is safe?
>
> rcu_read_lock() can't help if tsk was already dead _before_ it takes
> the rcu lock. ->real_parent can point the already freed/reused/unmapped
> memory.
Does it not bump a refcount if it is holding a pointer to it? So the
parent task might be dead, but it won't cause a pointer dereference
issue.
> This is safe if, for example, the caller alredy holds rcu_read_lock()
> and tsk was found by find_task_by*(), or tsk is current.
Fair enough, I'll have a more careful look at this. Thanks.
Most of the instances are current, but the one called from apparmour is
stored. I've just learned that this is bad and someone else just chimed
in that they have a patch to remove it...
So what is a reliable way of keeping a reference to a task? I had
assumed that the best way was to keep a pointer to its task_struct,
making sure its refcount had been bumped by something like
get_task_struct(). Another way would be to do the same with its struct
pid. The third that I'm trying to avoid is using its init_pid_namespace
pid_t since it could refer to a completely different task if the pid_t
rolls over.
> Oleg.
- RGB
--
Richard Guy Briggs <rbriggs at redhat.com>
Senior Software Engineer
Kernel Security
AMER ENG Base Operating Systems
Remote, Ottawa, Canada
Voice: +1.647.777.2635
Internal: (81) 32635
Alt: +1.613.693.0684x3545
More information about the Linux-audit
mailing list