On 05.10.2021 22:48, Eric W. Biederman wrote:
Especially as calling do_group_exit(SIGKILL) from a random location is
not a clean way to kill a process. Strictly speaking it is not even
killing the process.
Partly this is just me seeing the introduction of a
do_group_exit(SIGKILL) call and not likely the maintenance that will be
needed. I am still sorting out the problems with other randomly placed
calls to do_group_exit(SIGKILL) and interactions with ptrace and
PTRACE_EVENT_EXIT in particular.
Which is a long winded way of saying if I can predictably trigger a
warning that calls do_group_exit(SIGKILL), on some architectures I can
use ptrace and can convert that warning into a way to manipulate the
kernel stack to have the contents of my choice.
If anyone goes forward with this please use the existing oops
infrastructure so the ptrace interactions and anything else that comes
up only needs to be fixed once.
Hello Eric, hello everyone.
I learned the oops infrastructure and see that it's arch-specific.
The architectures have separate implementations of the die() function with
different prototypes. I don't see how to use the oops infrastructure for killing
all threads in a process that hits a kernel warning.
What do you think about doing the same as the oom_killer (and some other
subsystems)? It kills all threads in a process this way:
do_send_sig_info(SIGKILL, SEND_SIG_PRIV, current, PIDTYPE_TGID).
The oom_killer also shows a nice way to avoid killing init and kthreads:
static bool oom_unkillable_task(struct task_struct *p)
{
if (is_global_init(p))
return true;
if (p->flags & PF_KTHREAD)
return true;
return false;
}
I want to do something similar.
I would appreciate your comments.
Best regards,
Alexander