bioset process - what is its function?

kernel process

What is the function of the bioset process? Why is there no documentation for the bioset process? Why are there no definitive answers to the questions about the bioset process already posted?

What was found so far is only speculation:

  • virus; because there is no documentation to verify that it is a legitimate process, not even an answer saying that it is a legitimate process
  • kernel process; because the symbol for the process is the same as other kernel processes and user is unable to modify, stop, end, or kill the bioset process
  • key logger; seems to access the internet and is associated with applications that access the internet
  • time bomb; will start to break the functions of applications over time
  • other; speculations much less likely or totally outrageous

Solution 1:

It's part of the kernel block IO:

https://lwn.net/Articles/26404/

Those bioset threads specifically are part of some recovery system.

https://github.com/torvalds/linux/blob/c4004b02f8e5b9ce357a0bb1641756cc86962664/block/bio.c#L1904

Solution 2:

The bioset process is coming from the kernel thread (often PID 2) and is used in pretty much anything that is using a Block IO memory or device operation. I would guess that bioset stand for "Block layer IO scheduler ...something".

The links already provided in previous comments will explain it in more details. But here is a full picture of the Linux IO subsystem.

enter image description here

References:

  • https://developpaper.com/linux-storage-stack-diagram/
  • https://www.thomas-krenn.com/en/wiki/Linux_Storage_Stack_Diagram

Solution 3:

I just noticed this process and was curious about it as well, so I did some cursory research ...

I'm still not certain, but it appears to be a kernel process related to block I/O (hence the "bio" in bioset) ... it also appears in the device-mapper code: https://github.com/torvalds/linux/search?utf8=%E2%9C%93&q=bioset

Solution 4:

Bioset on my computer seems to be embedded in the kernel. It starts with a parent process of 2. It encyrpts all internal communication.

Previously, I caught hacker on my serial terminal. After digging around it seems that I had been compromised by several items. Maybe windigo and ebuny. Trojanish type.

I can connect to the internet with low priv user, root connects to keyserver, and soon I have lots of dns/udp processes and kernel sockets open up.

This guy loves communication with udp packets to its primary servers.

Just letting you know my experience. Also if you are connecting to servers, you should remove all your local private keys and update your server keys. It spreads by via ssh.

Recommend everyone install ids, auditd, and configure their firefox really well. It has been a learning curve for me.

Related

How to set up Ubuntu Server as a NAS?
How do I see the history of the commands I have run in tmux?
difference between gksudo and sudo? [duplicate]
Where does Ubuntu store its keyboard shortcut configuration?
Why is Unity a "slow" desktop environment?
Can I run Steam as its own standalone session?
`Read-only file system` error using tab completion, and terminal window closing randomly
Where are the .desktop icon files stored?
What does the "-ng" suffix mean in package names?
Ubuntu freezes. Which logs can I check out?
Where can I find the full list of Compose combinations for my locale?
How to visually display dependencies of a package?