* [PATCH 1/5] pid: get pid_t ppid of task in init_pid_ns
[not found] ` <cover.1387834776.git.rgb@redhat.com>
@ 2013-12-23 22:27 ` Richard Guy Briggs
2013-12-30 17:04 ` Oleg Nesterov
2013-12-23 22:27 ` [PATCH 2/5] audit: convert PPIDs to the inital PID namespace Richard Guy Briggs
[not found] ` <cover.1392842865.git.rgb@redhat.com>
2 siblings, 1 reply; 6+ messages in thread
From: Richard Guy Briggs @ 2013-12-23 22:27 UTC (permalink / raw)
To: linux-audit, linux-kernel
Cc: Richard Guy Briggs, Eric Paris, Peter Zijlstra, Ingo Molnar,
Eric W. Biederman, Oleg Nesterov, stable
Added the functions task_ppid_nr_ns() and task_ppid_nr() to abstract the lookup
of the PPID (real_parent's pid_t) of a process, including rcu locking, in the
arbitrary and init_pid_ns.
This provides an alternative to sys_getppid(), which is relative to the child
process' pid namespace.
(informed by ebiederman's 6c621b7e)
Cc: stable@vger.kernel.org
Cc: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
---
include/linux/sched.h | 24 ++++++++++++++++++++++++
1 files changed, 24 insertions(+), 0 deletions(-)
diff --git a/include/linux/sched.h b/include/linux/sched.h
index e27baee..7bf5ab2 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -1497,6 +1497,30 @@ static inline pid_t task_tgid_vnr(struct task_struct *tsk)
}
+static inline pid_t task_ppid_nr_ns(struct task_struct *tsk, struct pid_namespace *ns)
+{
+ pid_t pid;
+
+ rcu_read_lock();
+ pid = pid_alive(tsk) ?
+ task_pid_nr_ns(rcu_dereference(tsk->real_parent), ns) : 0;
+ rcu_read_unlock();
+
+ return pid;
+}
+
+static inline pid_t task_ppid_nr(struct task_struct *tsk)
+{
+ pid_t pid;
+
+ rcu_read_lock();
+ pid = pid_alive(tsk) ?
+ task_pid_nr(rcu_dereference(tsk->real_parent)) : 0;
+ rcu_read_unlock();
+
+ return pid;
+}
+
static inline pid_t task_pgrp_nr_ns(struct task_struct *tsk,
struct pid_namespace *ns)
{
--
1.7.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 2/5] audit: convert PPIDs to the inital PID namespace.
[not found] ` <cover.1387834776.git.rgb@redhat.com>
2013-12-23 22:27 ` [PATCH 1/5] pid: get pid_t ppid of task in init_pid_ns Richard Guy Briggs
@ 2013-12-23 22:27 ` Richard Guy Briggs
2013-12-30 17:07 ` Oleg Nesterov
[not found] ` <cover.1392842865.git.rgb@redhat.com>
2 siblings, 1 reply; 6+ messages in thread
From: Richard Guy Briggs @ 2013-12-23 22:27 UTC (permalink / raw)
To: linux-audit, linux-kernel
Cc: Richard Guy Briggs, Eric Paris, Peter Zijlstra, Eric W. Biederman,
Oleg Nesterov, stable
sys_getppid() returns the parent pid of the current process in its own pid
namespace. Since audit filters are based in the init pid namespace, a process
could avoid a filter or trigger an unintended one by being in an alternate pid
namespace or log meaningless information.
Switch to task_ppid_nr() for PPIDs to anchor all audit filters in the
init_pid_ns.
(informed by ebiederman's 6c621b7e)
Cc: stable@vger.kernel.org
Cc: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
---
kernel/audit.c | 4 ++--
kernel/auditsc.c | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/kernel/audit.c b/kernel/audit.c
index 1b13b82..900f5d6 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1839,10 +1839,10 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
spin_unlock_irq(&tsk->sighand->siglock);
audit_log_format(ab,
- " ppid=%ld pid=%d auid=%u uid=%u gid=%u"
+ " ppid=%d pid=%d auid=%u uid=%u gid=%u"
" euid=%u suid=%u fsuid=%u"
" egid=%u sgid=%u fsgid=%u tty=%s ses=%u",
- sys_getppid(),
+ task_ppid_nr(tsk),
tsk->pid,
from_kuid(&init_user_ns, audit_get_loginuid(tsk)),
from_kuid(&init_user_ns, cred->uid),
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 10176cd..d396c8b 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -459,7 +459,7 @@ static int audit_filter_rules(struct task_struct *tsk,
case AUDIT_PPID:
if (ctx) {
if (!ctx->ppid)
- ctx->ppid = sys_getppid();
+ ctx->ppid = task_ppid_nr(tsk);
result = audit_comparator(ctx->ppid, f->op, f->val);
}
break;
--
1.7.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 1/5] pid: get pid_t ppid of task in init_pid_ns
2013-12-23 22:27 ` [PATCH 1/5] pid: get pid_t ppid of task in init_pid_ns Richard Guy Briggs
@ 2013-12-30 17:04 ` Oleg Nesterov
0 siblings, 0 replies; 6+ messages in thread
From: Oleg Nesterov @ 2013-12-30 17:04 UTC (permalink / raw)
To: Richard Guy Briggs
Cc: linux-audit, linux-kernel, Eric Paris, Peter Zijlstra,
Ingo Molnar, Eric W. Biederman, stable
On 12/23, Richard Guy Briggs wrote:
>
> +static inline pid_t task_ppid_nr_ns(struct task_struct *tsk, struct pid_namespace *ns)
> +{
> + pid_t pid;
> +
> + rcu_read_lock();
> + pid = pid_alive(tsk) ?
> + task_pid_nr_ns(rcu_dereference(tsk->real_parent), ns) : 0;
> + rcu_read_unlock();
> +
> + return pid;
> +}
I do not really mind, but perhaps
pid_t pid = 0;
rcu_read_lock();
if (pid_alive(task))
pid = task_pid_nr_ns(rcu_dereference(tsk->real_parent);
rcu_read_unlock();
return pid;
looks a bit cleaner.
> +static inline pid_t task_ppid_nr(struct task_struct *tsk)
> +{
> + pid_t pid;
> +
> + rcu_read_lock();
> + pid = pid_alive(tsk) ?
> + task_pid_nr(rcu_dereference(tsk->real_parent)) : 0;
> + rcu_read_unlock();
> +
> + return pid;
> +}
It could simply do
return task_ppid_nr_ns(tsk, init_pid_ns);
but again, I won't argue.
Oleg.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/5] audit: convert PPIDs to the inital PID namespace.
2013-12-23 22:27 ` [PATCH 2/5] audit: convert PPIDs to the inital PID namespace Richard Guy Briggs
@ 2013-12-30 17:07 ` Oleg Nesterov
0 siblings, 0 replies; 6+ messages in thread
From: Oleg Nesterov @ 2013-12-30 17:07 UTC (permalink / raw)
To: Richard Guy Briggs
Cc: linux-audit, linux-kernel, Eric Paris, Peter Zijlstra,
Eric W. Biederman, stable
On 12/23, Richard Guy Briggs wrote:
>
> @@ -1839,10 +1839,10 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
> spin_unlock_irq(&tsk->sighand->siglock);
>
> audit_log_format(ab,
> - " ppid=%ld pid=%d auid=%u uid=%u gid=%u"
> + " ppid=%d pid=%d auid=%u uid=%u gid=%u"
> " euid=%u suid=%u fsuid=%u"
> " egid=%u sgid=%u fsgid=%u tty=%s ses=%u",
> - sys_getppid(),
> + task_ppid_nr(tsk),
Hmm. But sys_getppid() returns tgid, not pid.
This probably means that 1/5 should use task_tgid_nr_*() ?
Note that ->real_parent is not necessarily the group leader.
> @@ -459,7 +459,7 @@ static int audit_filter_rules(struct task_struct *tsk,
> case AUDIT_PPID:
> if (ctx) {
> if (!ctx->ppid)
> - ctx->ppid = sys_getppid();
> + ctx->ppid = task_ppid_nr(tsk);
The same.
Oleg.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 1/5] pid: get pid_t ppid of task in init_pid_ns
[not found] ` <cover.1392842865.git.rgb@redhat.com>
@ 2014-02-19 20:57 ` Richard Guy Briggs
2014-02-19 20:57 ` [PATCH 2/5] audit: convert PPIDs to the inital PID namespace Richard Guy Briggs
1 sibling, 0 replies; 6+ messages in thread
From: Richard Guy Briggs @ 2014-02-19 20:57 UTC (permalink / raw)
To: linux-audit, linux-kernel
Cc: Richard Guy Briggs, oleg, peterz, ebiederm, eparis, sgrubb,
stable
Added the functions task_ppid_nr_ns() and task_ppid_nr() to abstract the lookup
of the PPID (real_parent's pid_t) of a process, including rcu locking, in the
arbitrary and init_pid_ns.
This provides an alternative to sys_getppid(), which is relative to the child
process' pid namespace.
(informed by ebiederman's 6c621b7e)
Cc: stable@vger.kernel.org
Cc: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
---
include/linux/sched.h | 18 ++++++++++++++++++
1 files changed, 18 insertions(+), 0 deletions(-)
diff --git a/include/linux/sched.h b/include/linux/sched.h
index 53f97eb..685326f 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -1561,6 +1561,24 @@ static inline pid_t task_tgid_vnr(struct task_struct *tsk)
}
+static int pid_alive(const struct task_struct *p);
+static inline pid_t task_ppid_nr_ns(const struct task_struct *tsk, struct pid_namespace *ns)
+{
+ pid_t pid = 0;
+
+ rcu_read_lock();
+ if (pid_alive(tsk))
+ pid = task_tgid_nr_ns(rcu_dereference(tsk->real_parent), ns);
+ rcu_read_unlock();
+
+ return pid;
+}
+
+static inline pid_t task_ppid_nr(const struct task_struct *tsk)
+{
+ return task_ppid_nr_ns(tsk, &init_pid_ns);
+}
+
static inline pid_t task_pgrp_nr_ns(struct task_struct *tsk,
struct pid_namespace *ns)
{
--
1.7.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 2/5] audit: convert PPIDs to the inital PID namespace.
[not found] ` <cover.1392842865.git.rgb@redhat.com>
2014-02-19 20:57 ` [PATCH 1/5] pid: get pid_t ppid of task in init_pid_ns Richard Guy Briggs
@ 2014-02-19 20:57 ` Richard Guy Briggs
1 sibling, 0 replies; 6+ messages in thread
From: Richard Guy Briggs @ 2014-02-19 20:57 UTC (permalink / raw)
To: linux-audit, linux-kernel
Cc: Richard Guy Briggs, oleg, peterz, ebiederm, eparis, sgrubb,
stable
sys_getppid() returns the parent pid of the current process in its own pid
namespace. Since audit filters are based in the init pid namespace, a process
could avoid a filter or trigger an unintended one by being in an alternate pid
namespace or log meaningless information.
Switch to task_ppid_nr() for PPIDs to anchor all audit filters in the
init_pid_ns.
(informed by ebiederman's 6c621b7e)
Cc: stable@vger.kernel.org
Cc: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
---
kernel/audit.c | 4 ++--
kernel/auditsc.c | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/kernel/audit.c b/kernel/audit.c
index 34c5a23..f5ea718 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1818,10 +1818,10 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
spin_unlock_irq(&tsk->sighand->siglock);
audit_log_format(ab,
- " ppid=%ld pid=%d auid=%u uid=%u gid=%u"
+ " ppid=%d pid=%d auid=%u uid=%u gid=%u"
" euid=%u suid=%u fsuid=%u"
" egid=%u sgid=%u fsgid=%u tty=%s ses=%u",
- sys_getppid(),
+ task_ppid_nr(tsk),
tsk->pid,
from_kuid(&init_user_ns, audit_get_loginuid(tsk)),
from_kuid(&init_user_ns, cred->uid),
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 0c3bf79..b909715 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -461,7 +461,7 @@ static int audit_filter_rules(struct task_struct *tsk,
case AUDIT_PPID:
if (ctx) {
if (!ctx->ppid)
- ctx->ppid = sys_getppid();
+ ctx->ppid = task_ppid_nr(tsk);
result = audit_comparator(ctx->ppid, f->op, f->val);
}
break;
--
1.7.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
end of thread, other threads:[~2014-02-19 20:57 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <cover.1377032086.git.rgb@redhat.com>
[not found] ` <cover.1387834776.git.rgb@redhat.com>
2013-12-23 22:27 ` [PATCH 1/5] pid: get pid_t ppid of task in init_pid_ns Richard Guy Briggs
2013-12-30 17:04 ` Oleg Nesterov
2013-12-23 22:27 ` [PATCH 2/5] audit: convert PPIDs to the inital PID namespace Richard Guy Briggs
2013-12-30 17:07 ` Oleg Nesterov
[not found] ` <cover.1392842865.git.rgb@redhat.com>
2014-02-19 20:57 ` [PATCH 1/5] pid: get pid_t ppid of task in init_pid_ns Richard Guy Briggs
2014-02-19 20:57 ` [PATCH 2/5] audit: convert PPIDs to the inital PID namespace Richard Guy Briggs
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).