bioset process - what is its function?
What is the function of the bioset process? Why is there no documentation for the bioset process? Why are there no definitive answers to the questions about the bioset process already posted?
What was found so far is only speculation:
- virus; because there is no documentation to verify that it is a legitimate process, not even an answer saying that it is a legitimate process
- kernel process; because the symbol for the process is the same as other kernel processes and user is unable to modify, stop, end, or kill the bioset process
- key logger; seems to access the internet and is associated with applications that access the internet
- time bomb; will start to break the functions of applications over time
- other; speculations much less likely or totally outrageous
Solution 1:
It's part of the kernel block IO:
https://lwn.net/Articles/26404/
Those bioset threads specifically are part of some recovery system.
https://github.com/torvalds/linux/blob/c4004b02f8e5b9ce357a0bb1641756cc86962664/block/bio.c#L1904
Solution 2:
The bioset
process is coming from the kernel thread (often PID 2) and is used in pretty much anything that is using a Block IO
memory or device operation. I would guess that bioset
stand for "Block layer IO scheduler ...something".
The links already provided in previous comments will explain it in more details. But here is a full picture of the Linux IO subsystem.
References:
- https://developpaper.com/linux-storage-stack-diagram/
- https://www.thomas-krenn.com/en/wiki/Linux_Storage_Stack_Diagram
Solution 3:
I just noticed this process and was curious about it as well, so I did some cursory research ...
I'm still not certain, but it appears to be a kernel process related to block I/O (hence the "bio" in bioset) ... it also appears in the device-mapper code: https://github.com/torvalds/linux/search?utf8=%E2%9C%93&q=bioset
Solution 4:
Bioset on my computer seems to be embedded in the kernel. It starts with a parent process of 2. It encyrpts all internal communication.
Previously, I caught hacker on my serial terminal. After digging around it seems that I had been compromised by several items. Maybe windigo and ebuny. Trojanish type.
I can connect to the internet with low priv user, root connects to keyserver, and soon I have lots of dns/udp processes and kernel sockets open up.
This guy loves communication with udp packets to its primary servers.
Just letting you know my experience. Also if you are connecting to servers, you should remove all your local private keys and update your server keys. It spreads by via ssh.
Recommend everyone install ids, auditd, and configure their firefox really well. It has been a learning curve for me.