Linux: update get_parent_pid to ensure that it checks that real_paren…

…t is readable and remove unneeded source code
eve-mem · Oct 9, 2024 · 7f85dd6 · 7f85dd6
1 parent 43e41cf
commit 7f85dd6
Showing 1 changed file with 5 additions and 17 deletions.
diff --git a/volatility3/framework/symbols/linux/extensions/__init__.py b/volatility3/framework/symbols/linux/extensions/__init__.py
@@ -381,23 +381,11 @@ def get_pid(self) -> int:
     def get_parent_pid(self) -> int:
         """Returns the pid of parent of this process"""
         # Uses real_parent rather than parent to match Linux kernel getppid
-        # /*
-        #  * Accessing ->real_parent is not SMP-safe, it could
-        #  * change from under us. However, we can use a stale
-        #  * value of ->real_parent under rcu_read_lock(), see
-        #  * release_task()->call_rcu(delayed_put_task_struct).
-        #  */
-        # SYSCALL_DEFINE0(getppid)
-        # {
-        # 	int pid;
-
-        # 	rcu_read_lock();
-        # 	pid = task_tgid_vnr(rcu_dereference(current->real_parent));
-        # 	rcu_read_unlock();
-
-        # 	return pid;
-        # }
-        return self.real_parent.get_pid() if self.parent else 0
+        return (
+            self.real_parent.get_pid()
+            if self.real_parent and self.real_parent.is_readable()
+            else 0
+        )
 
     def get_name(self) -> str:
         """Returns the name of this process"""