[PATCH 1/5] pid: get pid_t ppid of task in init_pid

stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH 1/5] pid: get pid_t ppid of task in init_pid_ns
       [not found] ` <cover.1387834776.git.rgb@redhat.com>
@ 2013-12-23 22:27   ` Richard Guy Briggs
  2013-12-30 17:04     ` Oleg Nesterov
  2013-12-23 22:27   ` [PATCH 2/5] audit: convert PPIDs to the inital PID namespace Richard Guy Briggs
       [not found]   ` <cover.1392842865.git.rgb@redhat.com>
  2 siblings, 1 reply; 6+ messages in thread
From: Richard Guy Briggs @ 2013-12-23 22:27 UTC (permalink / raw)
  To: linux-audit, linux-kernel
  Cc: Richard Guy Briggs, Eric Paris, Peter Zijlstra, Ingo Molnar,
	Eric W. Biederman, Oleg Nesterov, stable

Added the functions task_ppid_nr_ns() and task_ppid_nr() to abstract the lookup
of the PPID (real_parent's pid_t) of a process, including rcu locking, in the
arbitrary and init_pid_ns.
This provides an alternative to sys_getppid(), which is relative to the child
process' pid namespace.

(informed by ebiederman's 6c621b7e)
Cc: stable@vger.kernel.org
Cc: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
---
 include/linux/sched.h |   24 ++++++++++++++++++++++++
 1 files changed, 24 insertions(+), 0 deletions(-)

diff --git a/include/linux/sched.h b/include/linux/sched.h
index e27baee..7bf5ab2 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -1497,6 +1497,30 @@ static inline pid_t task_tgid_vnr(struct task_struct *tsk)
 }
 
 
+static inline pid_t task_ppid_nr_ns(struct task_struct *tsk, struct pid_namespace *ns)
+{
+	pid_t pid;
+
+	rcu_read_lock();
+	pid = pid_alive(tsk) ?
+		task_pid_nr_ns(rcu_dereference(tsk->real_parent), ns) : 0;
+	rcu_read_unlock();
+
+	return pid;
+}
+
+static inline pid_t task_ppid_nr(struct task_struct *tsk)
+{
+	pid_t pid;
+
+	rcu_read_lock();
+	pid = pid_alive(tsk) ?
+		task_pid_nr(rcu_dereference(tsk->real_parent)) : 0;
+	rcu_read_unlock();
+
+	return pid;
+}
+
 static inline pid_t task_pgrp_nr_ns(struct task_struct *tsk,
 					struct pid_namespace *ns)
 {
-- 
1.7.1


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH 1/5] pid: get pid_t ppid of task in init_pid_ns
  2013-12-23 22:27   ` [PATCH 1/5] pid: get pid_t ppid of task in init_pid_ns Richard Guy Briggs
@ 2013-12-30 17:04     ` Oleg Nesterov
  0 siblings, 0 replies; 6+ messages in thread
From: Oleg Nesterov @ 2013-12-30 17:04 UTC (permalink / raw)
  To: Richard Guy Briggs
  Cc: linux-audit, linux-kernel, Eric Paris, Peter Zijlstra,
	Ingo Molnar, Eric W. Biederman, stable

On 12/23, Richard Guy Briggs wrote:
>
> +static inline pid_t task_ppid_nr_ns(struct task_struct *tsk, struct pid_namespace *ns)
> +{
> +	pid_t pid;
> +
> +	rcu_read_lock();
> +	pid = pid_alive(tsk) ?
> +		task_pid_nr_ns(rcu_dereference(tsk->real_parent), ns) : 0;
> +	rcu_read_unlock();
> +
> +	return pid;
> +}

I do not really mind, but perhaps

	pid_t pid = 0;

	rcu_read_lock();
	if (pid_alive(task))
		pid = task_pid_nr_ns(rcu_dereference(tsk->real_parent);
	rcu_read_unlock();

	return pid;

looks a bit cleaner.

> +static inline pid_t task_ppid_nr(struct task_struct *tsk)
> +{
> +	pid_t pid;
> +
> +	rcu_read_lock();
> +	pid = pid_alive(tsk) ?
> +		task_pid_nr(rcu_dereference(tsk->real_parent)) : 0;
> +	rcu_read_unlock();
> +
> +	return pid;
> +}

It could simply do

	return task_ppid_nr_ns(tsk, init_pid_ns);

but again, I won't argue.

Oleg.


^ permalink raw reply	[flat|nested] 6+ messages in thread

* [PATCH 2/5] audit: convert PPIDs to the inital PID namespace.
       [not found] ` <cover.1387834776.git.rgb@redhat.com>
  2013-12-23 22:27   ` [PATCH 1/5] pid: get pid_t ppid of task in init_pid_ns Richard Guy Briggs
@ 2013-12-23 22:27   ` Richard Guy Briggs
  2013-12-30 17:07     ` Oleg Nesterov
       [not found]   ` <cover.1392842865.git.rgb@redhat.com>
  2 siblings, 1 reply; 6+ messages in thread
From: Richard Guy Briggs @ 2013-12-23 22:27 UTC (permalink / raw)
  To: linux-audit, linux-kernel
  Cc: Richard Guy Briggs, Eric Paris, Peter Zijlstra, Eric W. Biederman,
	Oleg Nesterov, stable

sys_getppid() returns the parent pid of the current process in its own pid
namespace.  Since audit filters are based in the init pid namespace, a process
could avoid a filter or trigger an unintended one by being in an alternate pid
namespace or log meaningless information.

Switch to task_ppid_nr() for PPIDs to anchor all audit filters in the
init_pid_ns.

(informed by ebiederman's 6c621b7e)
Cc: stable@vger.kernel.org
Cc: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
---
 kernel/audit.c   |    4 ++--
 kernel/auditsc.c |    2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/kernel/audit.c b/kernel/audit.c
index 1b13b82..900f5d6 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1839,10 +1839,10 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
 	spin_unlock_irq(&tsk->sighand->siglock);
 
 	audit_log_format(ab,
-			 " ppid=%ld pid=%d auid=%u uid=%u gid=%u"
+			 " ppid=%d pid=%d auid=%u uid=%u gid=%u"
 			 " euid=%u suid=%u fsuid=%u"
 			 " egid=%u sgid=%u fsgid=%u tty=%s ses=%u",
-			 sys_getppid(),
+			 task_ppid_nr(tsk),
 			 tsk->pid,
 			 from_kuid(&init_user_ns, audit_get_loginuid(tsk)),
 			 from_kuid(&init_user_ns, cred->uid),
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 10176cd..d396c8b 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -459,7 +459,7 @@ static int audit_filter_rules(struct task_struct *tsk,
 		case AUDIT_PPID:
 			if (ctx) {
 				if (!ctx->ppid)
-					ctx->ppid = sys_getppid();
+					ctx->ppid = task_ppid_nr(tsk);
 				result = audit_comparator(ctx->ppid, f->op, f->val);
 			}
 			break;
-- 
1.7.1


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH 2/5] audit: convert PPIDs to the inital PID namespace.
  2013-12-23 22:27   ` [PATCH 2/5] audit: convert PPIDs to the inital PID namespace Richard Guy Briggs
@ 2013-12-30 17:07     ` Oleg Nesterov
  0 siblings, 0 replies; 6+ messages in thread
From: Oleg Nesterov @ 2013-12-30 17:07 UTC (permalink / raw)
  To: Richard Guy Briggs
  Cc: linux-audit, linux-kernel, Eric Paris, Peter Zijlstra,
	Eric W. Biederman, stable

On 12/23, Richard Guy Briggs wrote:
>
> @@ -1839,10 +1839,10 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
>  	spin_unlock_irq(&tsk->sighand->siglock);
>  
>  	audit_log_format(ab,
> -			 " ppid=%ld pid=%d auid=%u uid=%u gid=%u"
> +			 " ppid=%d pid=%d auid=%u uid=%u gid=%u"
>  			 " euid=%u suid=%u fsuid=%u"
>  			 " egid=%u sgid=%u fsgid=%u tty=%s ses=%u",
> -			 sys_getppid(),
> +			 task_ppid_nr(tsk),

Hmm. But sys_getppid() returns tgid, not pid.

This probably means that 1/5 should use task_tgid_nr_*() ?

Note that ->real_parent is not necessarily the group leader.

> @@ -459,7 +459,7 @@ static int audit_filter_rules(struct task_struct *tsk,
>  		case AUDIT_PPID:
>  			if (ctx) {
>  				if (!ctx->ppid)
> -					ctx->ppid = sys_getppid();
> +					ctx->ppid = task_ppid_nr(tsk);

The same.

Oleg.


^ permalink raw reply	[flat|nested] 6+ messages in thread

[parent not found: <cover.1392842865.git.rgb@redhat.com>]

* [PATCH 1/5] pid: get pid_t ppid of task in init_pid_ns
       [not found]   ` <cover.1392842865.git.rgb@redhat.com>
@ 2014-02-19 20:57     ` Richard Guy Briggs
  2014-02-19 20:57     ` [PATCH 2/5] audit: convert PPIDs to the inital PID namespace Richard Guy Briggs
  1 sibling, 0 replies; 6+ messages in thread
From: Richard Guy Briggs @ 2014-02-19 20:57 UTC (permalink / raw)
  To: linux-audit, linux-kernel
  Cc: Richard Guy Briggs, oleg, peterz, ebiederm, eparis, sgrubb,
	stable

Added the functions task_ppid_nr_ns() and task_ppid_nr() to abstract the lookup
of the PPID (real_parent's pid_t) of a process, including rcu locking, in the
arbitrary and init_pid_ns.
This provides an alternative to sys_getppid(), which is relative to the child
process' pid namespace.

(informed by ebiederman's 6c621b7e)
Cc: stable@vger.kernel.org
Cc: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
---
 include/linux/sched.h |   18 ++++++++++++++++++
 1 files changed, 18 insertions(+), 0 deletions(-)

diff --git a/include/linux/sched.h b/include/linux/sched.h
index 53f97eb..685326f 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -1561,6 +1561,24 @@ static inline pid_t task_tgid_vnr(struct task_struct *tsk)
 }
 
 
+static int pid_alive(const struct task_struct *p);
+static inline pid_t task_ppid_nr_ns(const struct task_struct *tsk, struct pid_namespace *ns)
+{
+	pid_t pid = 0;
+
+	rcu_read_lock();
+	if (pid_alive(tsk))
+		pid = task_tgid_nr_ns(rcu_dereference(tsk->real_parent), ns);
+	rcu_read_unlock();
+
+	return pid;
+}
+
+static inline pid_t task_ppid_nr(const struct task_struct *tsk)
+{
+	return task_ppid_nr_ns(tsk, &init_pid_ns);
+}
+
 static inline pid_t task_pgrp_nr_ns(struct task_struct *tsk,
 					struct pid_namespace *ns)
 {
-- 
1.7.1


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [PATCH 2/5] audit: convert PPIDs to the inital PID namespace.
       [not found]   ` <cover.1392842865.git.rgb@redhat.com>
  2014-02-19 20:57     ` [PATCH 1/5] pid: get pid_t ppid of task in init_pid_ns Richard Guy Briggs
@ 2014-02-19 20:57     ` Richard Guy Briggs
  1 sibling, 0 replies; 6+ messages in thread
From: Richard Guy Briggs @ 2014-02-19 20:57 UTC (permalink / raw)
  To: linux-audit, linux-kernel
  Cc: Richard Guy Briggs, oleg, peterz, ebiederm, eparis, sgrubb,
	stable

sys_getppid() returns the parent pid of the current process in its own pid
namespace.  Since audit filters are based in the init pid namespace, a process
could avoid a filter or trigger an unintended one by being in an alternate pid
namespace or log meaningless information.

Switch to task_ppid_nr() for PPIDs to anchor all audit filters in the
init_pid_ns.

(informed by ebiederman's 6c621b7e)
Cc: stable@vger.kernel.org
Cc: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
---
 kernel/audit.c   |    4 ++--
 kernel/auditsc.c |    2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/kernel/audit.c b/kernel/audit.c
index 34c5a23..f5ea718 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1818,10 +1818,10 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
 	spin_unlock_irq(&tsk->sighand->siglock);
 
 	audit_log_format(ab,
-			 " ppid=%ld pid=%d auid=%u uid=%u gid=%u"
+			 " ppid=%d pid=%d auid=%u uid=%u gid=%u"
 			 " euid=%u suid=%u fsuid=%u"
 			 " egid=%u sgid=%u fsgid=%u tty=%s ses=%u",
-			 sys_getppid(),
+			 task_ppid_nr(tsk),
 			 tsk->pid,
 			 from_kuid(&init_user_ns, audit_get_loginuid(tsk)),
 			 from_kuid(&init_user_ns, cred->uid),
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 0c3bf79..b909715 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -461,7 +461,7 @@ static int audit_filter_rules(struct task_struct *tsk,
 		case AUDIT_PPID:
 			if (ctx) {
 				if (!ctx->ppid)
-					ctx->ppid = sys_getppid();
+					ctx->ppid = task_ppid_nr(tsk);
 				result = audit_comparator(ctx->ppid, f->op, f->val);
 			}
 			break;
-- 
1.7.1


^ permalink raw reply related	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2014-02-19 20:57 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <cover.1377032086.git.rgb@redhat.com>
     [not found] ` <cover.1387834776.git.rgb@redhat.com>
2013-12-23 22:27   ` [PATCH 1/5] pid: get pid_t ppid of task in init_pid_ns Richard Guy Briggs
2013-12-30 17:04     ` Oleg Nesterov
2013-12-23 22:27   ` [PATCH 2/5] audit: convert PPIDs to the inital PID namespace Richard Guy Briggs
2013-12-30 17:07     ` Oleg Nesterov
     [not found]   ` <cover.1392842865.git.rgb@redhat.com>
2014-02-19 20:57     ` [PATCH 1/5] pid: get pid_t ppid of task in init_pid_ns Richard Guy Briggs
2014-02-19 20:57     ` [PATCH 2/5] audit: convert PPIDs to the inital PID namespace Richard Guy Briggs

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).