Remove superfluous {get|put}_task_struct() calls when iterating over tasks

kerneltoast · kerneltoast · commit 175a0cc36f87 · 2025-03-04T12:44:58.000-08:00
Since the memory for a task_struct pointer obtained via one of the task
list loop macros is protected via RCU, and RCU read lock protection already
encapsulates LKRG's task iterations, the {get|put}_task_struct() calls are
superfluous.

Even if LKRG were to need each task_struct's refcount to be nonzero during
the task iteration, this is already guaranteed by the RCU protection. This
guarantee was added into the kernel in an old commit from 2006:
8c7904a00b06 ("[PATCH] task: RCU protect task-&gt;usage").

As such, drop the {get|put}_task_struct() calls entirely.

Signed-off-by: Sultan Alsawaf &lt;sultan@ciq.com&gt;
diff --git a/src/modules/exploit_detection/p_exploit_detection.c b/src/modules/exploit_detection/p_exploit_detection.c
@@ -1139,10 +1139,8 @@ static unsigned int p_iterate_processes(int (*p_func)(void *), char p_ver) {
    do_each_thread(p_ptmp, p_tmp) {
 #endif
 
-      get_task_struct(p_tmp);
       /* do not touch kernel threads or the global init */
       if (!p_is_ed_task(p_tmp)) {
-         put_task_struct(p_tmp);
          continue;
       }
 
@@ -1156,7 +1154,6 @@ static unsigned int p_iterate_processes(int (*p_func)(void *), char p_ver) {
             }
          }
       }
-      put_task_struct(p_tmp);
 
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 14, 0)
    }
diff --git a/src/modules/exploit_detection/syscalls/p_seccomp/p_seccomp.c b/src/modules/exploit_detection/syscalls/p_seccomp/p_seccomp.c
@@ -67,7 +67,6 @@ int p_seccomp_entry(struct kretprobe_instance *p_ri, struct pt_regs *p_regs) {
          rcu_read_lock();
          // Available since 3.14.0
          for_each_thread(p_father, p_threads) {
-            get_task_struct(p_threads);
             p_child_tmp = p_find_ed_by_pid(task_pid_nr(p_threads));
             if (p_child_tmp) {
 #ifdef P_LKRG_TASK_OFF_DEBUG
@@ -80,7 +79,6 @@ int p_seccomp_entry(struct kretprobe_instance *p_ri, struct pt_regs *p_regs) {
                p_child_tmp->p_ed_task.p_sec.flag_sync_thread = 1;
                p_set_ed_process_off(p_child_tmp);
             }
-            put_task_struct(p_threads);
          }
          rcu_read_unlock();
       } else {
@@ -118,7 +116,6 @@ int p_seccomp_ret(struct kretprobe_instance *p_ri, struct pt_regs *p_regs) {
          rcu_read_lock();
          // Available since 3.14.0
          for_each_thread(p_father, p_threads) {
-            get_task_struct(p_threads);
             p_child_tmp = p_find_ed_by_pid(task_pid_nr(p_threads));
             if (p_child_tmp) {
                if (p_update)
@@ -135,7 +132,6 @@ int p_seccomp_ret(struct kretprobe_instance *p_ri, struct pt_regs *p_regs) {
                   p_child_tmp->p_ed_task.p_sec.flag_sync_thread = 0;
                }
             }
-            put_task_struct(p_threads);
          }
          rcu_read_unlock();
       } else {

Original file line number	Diff line number	Diff line change
`@@ -1139,10 +1139,8 @@ static unsigned int p_iterate_processes(int (p_func)(void ), char p_ver) {`
`1139`	`1139`	`do_each_thread(p_ptmp, p_tmp) {`
`1140`	`1140`	`#endif`
`1141`	`1141`
`1142`		`- get_task_struct(p_tmp);`
`1143`	`1142`	`/* do not touch kernel threads or the global init */`
`1144`	`1143`	`if (!p_is_ed_task(p_tmp)) {`
`1145`		`- put_task_struct(p_tmp);`
`1146`	`1144`	`continue;`
`1147`	`1145`	`}`
`1148`	`1146`
`@@ -1156,7 +1154,6 @@ static unsigned int p_iterate_processes(int (p_func)(void ), char p_ver) {`
`1156`	`1154`	`}`
`1157`	`1155`	`}`
`1158`	`1156`	`}`
`1159`		`- put_task_struct(p_tmp);`
`1160`	`1157`
`1161`	`1158`	`#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 14, 0)`
`1162`	`1159`	`}`
Original file line number	Diff line number	Diff line change
`@@ -67,7 +67,6 @@ int p_seccomp_entry(struct kretprobe_instance p_ri, struct pt_regs p_regs) {`
`67`	`67`	`rcu_read_lock();`
`68`	`68`	`// Available since 3.14.0`
`69`	`69`	`for_each_thread(p_father, p_threads) {`
`70`		`- get_task_struct(p_threads);`
`71`	`70`	`p_child_tmp = p_find_ed_by_pid(task_pid_nr(p_threads));`
`72`	`71`	`if (p_child_tmp) {`
`73`	`72`	`#ifdef P_LKRG_TASK_OFF_DEBUG`
`@@ -80,7 +79,6 @@ int p_seccomp_entry(struct kretprobe_instance p_ri, struct pt_regs p_regs) {`
`80`	`79`	`p_child_tmp->p_ed_task.p_sec.flag_sync_thread = 1;`
`81`	`80`	`p_set_ed_process_off(p_child_tmp);`
`82`	`81`	`}`
`83`		`- put_task_struct(p_threads);`
`84`	`82`	`}`
`85`	`83`	`rcu_read_unlock();`
`86`	`84`	`} else {`
`@@ -118,7 +116,6 @@ int p_seccomp_ret(struct kretprobe_instance p_ri, struct pt_regs p_regs) {`
`118`	`116`	`rcu_read_lock();`
`119`	`117`	`// Available since 3.14.0`
`120`	`118`	`for_each_thread(p_father, p_threads) {`
`121`		`- get_task_struct(p_threads);`
`122`	`119`	`p_child_tmp = p_find_ed_by_pid(task_pid_nr(p_threads));`
`123`	`120`	`if (p_child_tmp) {`
`124`	`121`	`if (p_update)`
`@@ -135,7 +132,6 @@ int p_seccomp_ret(struct kretprobe_instance p_ri, struct pt_regs p_regs) {`
`135`	`132`	`p_child_tmp->p_ed_task.p_sec.flag_sync_thread = 0;`
`136`	`133`	`}`
`137`	`134`	`}`
`138`		`- put_task_struct(p_threads);`
`139`	`135`	`}`
`140`	`136`	`rcu_read_unlock();`
`141`	`137`	`} else {`