From e45154c770567507cc51eb78b28a1fae1fcdf396 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 24 Sep 2018 19:03:17 +0200 Subject: [PATCH 1/3] killall: use is_kernel_thread() during killing spree process filtering too Apparently the new "bpfilter" subsystem otherwise confuses us. See: https://lists.freedesktop.org/archives/systemd-devel/2018-September/041392.html --- src/core/killall.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/src/core/killall.c b/src/core/killall.c index 87d207fd3d..3dde3033fa 100644 --- a/src/core/killall.c +++ b/src/core/killall.c @@ -23,9 +23,8 @@ static bool ignore_proc(pid_t pid, bool warn_rootfs) { _cleanup_fclose_ FILE *f = NULL; - char c; const char *p; - size_t count; + char c = 0; uid_t uid; int r; @@ -33,6 +32,11 @@ static bool ignore_proc(pid_t pid, bool warn_rootfs) { if (pid == 1) return true; + /* Ignore kernel threads */ + r = is_kernel_thread(pid); + if (r != 0) + return true; /* also ignore processes where we can't determine this */ + r = get_process_uid(pid, &uid); if (r < 0) return true; /* not really, but better safe than sorry */ @@ -46,11 +50,10 @@ static bool ignore_proc(pid_t pid, bool warn_rootfs) { if (!f) return true; /* not really, but has the desired effect */ - count = fread(&c, 1, 1, f); - - /* Kernel threads have an empty cmdline */ - if (count <= 0) - return true; + /* Try to read the first character of the command line. If the cmdline is empty (which might be the case for + * kernel threads but potentially also other stuff), this line won't do anything, but we don't care much, as + * actual kernel threads are already filtered out above. */ + (void) fread(&c, 1, 1, f); /* Processes with argv[0][0] = '@' we ignore from the killing spree. * From 20ca2d10bdcd4ac6b7c0110635357fd0a26ca302 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 24 Sep 2018 19:04:44 +0200 Subject: [PATCH 2/3] killall: filter out bogus PIDs we might as well filter these too since negative PIDs have special semantics in kill(), and we should never trigger that... --- src/core/killall.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/killall.c b/src/core/killall.c index 3dde3033fa..37c645538c 100644 --- a/src/core/killall.c +++ b/src/core/killall.c @@ -29,7 +29,7 @@ static bool ignore_proc(pid_t pid, bool warn_rootfs) { int r; /* We are PID 1, let's not commit suicide */ - if (pid == 1) + if (pid <= 1) return true; /* Ignore kernel threads */ From d3a94b3e803862e31196a24d6b538974dd8a4c19 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 24 Sep 2018 19:05:23 +0200 Subject: [PATCH 3/3] killall: (void)ify more things --- src/core/killall.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/killall.c b/src/core/killall.c index 37c645538c..f0ce996556 100644 --- a/src/core/killall.c +++ b/src/core/killall.c @@ -66,7 +66,7 @@ static bool ignore_proc(pid_t pid, bool warn_rootfs) { _cleanup_free_ char *comm = NULL; - get_process_comm(pid, &comm); + (void) get_process_comm(pid, &comm); log_notice("Process " PID_FMT " (%s) has been marked to be excluded from killing. It is " "running from the root file system, and thus likely to block re-mounting of the "