From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.6 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CBB0FC04AAF for ; Thu, 16 May 2019 14:04:00 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 99ECC20675 for ; Thu, 16 May 2019 14:04:00 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="gfpj8t04" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727455AbfEPOD4 (ORCPT ); Thu, 16 May 2019 10:03:56 -0400 Received: from mail-ot1-f68.google.com ([209.85.210.68]:42315 "EHLO mail-ot1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726889AbfEPODy (ORCPT ); Thu, 16 May 2019 10:03:54 -0400 Received: by mail-ot1-f68.google.com with SMTP id f23so3498016otl.9 for ; Thu, 16 May 2019 07:03:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ucVxbOUWrZZfDk/EU6PatKkf44/FaoRbkOnctoq4RZ0=; b=gfpj8t048K9YVTN68kQxa+FHJsU/2ANQn9m7IrGbqPQ/o0kHghHsG/uJc4zd0VpsFW tt+lyUarxKBI29oVO1Q7sF6b60g/Y4zexIgF4+6YB95Zr7oBm41HjsNb+60bflVmIM/a UKZ8eN6pNZNVROnG/kopqrr9ADEgcqic3lsaeqN3/9cIUca8DzVHJlNdufwkTOFf0fvt WuJWnXkH3Px0YXQ3FCfU3bP9mLp8nfVLzMr3JYliO8GXvlga8zbDUkxdoqZiZYSZv54T LbJwnBwECMCyoIPfR+yi8OKgHUx1TaxeYr/Z3Fe86n//upCOfxiL1JyMYYPQMvqWFEUj axYQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ucVxbOUWrZZfDk/EU6PatKkf44/FaoRbkOnctoq4RZ0=; b=mWJoJopjvJwIkQT6FfV6o/wD5zW9KsqdCFIhI0M+WK2FnO7aq6JXtp1GuEJ+HHVFY5 sNWGmNpB5DsqcV5NsIzi8GmlA4WrMjIFB0k3iiiZtywwd2mSHHMSF2r57DaVI5rTqKeK eUKoDDGJ/TNm9nGyI3bj6zOS7pE1yvjC1UCh0VDCcWQPIrhQpf6JjQpBu3tG40zJIlUl VzOPLqzJhrNo6CHdBA5Np2XaT0Mp0as0UENd4Rd3iB0zHQX+HkMGIJoagWYxUKvHsbOL DwEiI0uVM/OE0iJQB3oU/wmGnt0yiay7Yk5bX3RIf5Ta9rWZLs0vN4hH7lhprdVATXZl l4RQ== X-Gm-Message-State: APjAAAXAb5F2x89mONmWPNBaop16HaXaY9/E9DETC+QK/c8fsenEXlPy sJ3vTITB2Sv0tmgTD2zJ/39I1JtKn661RXAdfsY3uA== X-Google-Smtp-Source: APXvYqyBb5F3egziJpog88dFflIwgg+mGPtRq5YXqoN1sjx7sxZUEswiE+BHUSh78yMMJxAxYlD3ql7CsUOCTyJayJE= X-Received: by 2002:a9d:6954:: with SMTP id p20mr9094093oto.337.1558015433692; Thu, 16 May 2019 07:03:53 -0700 (PDT) MIME-Version: 1.0 References: <20190515100400.3450-1-christian@brauner.io> <20190516130813.i66ujfzftbgpqhnh@brauner.io> In-Reply-To: <20190516130813.i66ujfzftbgpqhnh@brauner.io> From: Jann Horn Date: Thu, 16 May 2019 16:03:27 +0200 Message-ID: Subject: Re: [PATCH 1/2] pid: add pidfd_open() To: Christian Brauner , Daniel Colascione Cc: Oleg Nesterov , Al Viro , Linus Torvalds , linux-kernel , Arnd Bergmann , David Howells , Andrew Morton , Aleksa Sarai , "Eric W. Biederman" , Elena Reshetova , Kees Cook , Andy Lutomirski , Andy Lutomirski , Thomas Gleixner , linux-alpha@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-ia64@vger.kernel.org, linux-m68k@lists.linux-m68k.org, linux-mips@vger.kernel.org, linux-parisc@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-s390 , linux-sh@vger.kernel.org, sparclinux@vger.kernel.org, linux-xtensa@linux-xtensa.org, Linux API , linux-arch , "open list:KERNEL SELFTEST FRAMEWORK" Content-Type: text/plain; charset="UTF-8" Sender: linux-mips-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-mips@vger.kernel.org On Thu, May 16, 2019 at 3:08 PM Christian Brauner wrote: > On Wed, May 15, 2019 at 10:45:06AM -0700, Daniel Colascione wrote: > > On Wed, May 15, 2019 at 3:04 AM Christian Brauner wrote: > > > > > > This adds the pidfd_open() syscall. It allows a caller to retrieve pollable > > > pidfds for a process which did not get created via CLONE_PIDFD, i.e. for a > > > process that is created via traditional fork()/clone() calls that is only > > > referenced by a PID: [...] > > > +/** > > > + * pidfd_open() - Open new pid file descriptor. > > > + * > > > + * @pid: pid for which to retrieve a pidfd > > > + * @flags: flags to pass > > > + * > > > + * This creates a new pid file descriptor with the O_CLOEXEC flag set for > > > + * the process identified by @pid. Currently, the process identified by > > > + * @pid must be a thread-group leader. This restriction currently exists > > > + * for all aspects of pidfds including pidfd creation (CLONE_PIDFD cannot > > > + * be used with CLONE_THREAD) and pidfd polling (only supports thread group > > > + * leaders). > > > + * > > > + * Return: On success, a cloexec pidfd is returned. > > > + * On error, a negative errno number will be returned. > > > + */ > > > +SYSCALL_DEFINE2(pidfd_open, pid_t, pid, unsigned int, flags) > > > +{ [...] > > > + if (pid <= 0) > > > + return -EINVAL; > > > > WDYT of defining pid == 0 to mean "open myself"? > > I'm torn. It be a nice shortcut of course but pid being 0 is usually an > indicator for child processes. So unless the getpid() before > pidfd_open() is an issue I'd say let's leave it as is. If you really > want the shortcut might -1 be better? Joining the bikeshed painting club: Please don't allow either 0 or -1 as shortcut for "self". James Forshaw found an Android security bug a while back (https://bugs.chromium.org/p/project-zero/issues/detail?id=727) that passed a PID to getpidcon(), except that the PID was 0 (placeholder for oneway binder transactions), and then the service thought it was talking to itself. You could pick some other number and provide a #define for that, but I think pidfd_open(getpid(), ...) makes more sense.