On 2020/06/26 21:55, Eric W. Biederman wrote:
> +static void umd_cleanup(struct subprocess_info *info)
> +{
> + struct umh_info *umh_info = info->data;
> +
> + /* cleanup if umh_pipe_setup() was successful but exec failed */
s/umh_pipe_setup/umd_setup/
> + if (info->retval) {
> + fput(umh_info->pipe_to_umh);
> + fput(umh_info->pipe_from_umh);
> + }
> +}
After this cleanup, I expect adding some protections/isolation which kernel threads
have (e.g. excluded from ptrace(), excluded from OOM victim selection, excluded from
SysRq-i, won't be terminated by SIGKILL from usermode processes, won't be stopped by
SIGSTOP from usermode processes, what else?). Doing it means giving up Alexei's
It's nice to be able to compile that blob with -g and be able to 'gdb -p' into it.
That works and very convenient when it comes to debugging. Compare that to debugging
a kernel module!
but I think doing it is essential for keeping usermode blob processes as secure/robust
as kernel threads.
