linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Daniel Colascione <dancol@google.com>
To: Michal Hocko <mhocko@kernel.org>
Cc: linux-kernel <linux-kernel@vger.kernel.org>,
	rppt@linux.ibm.com, Tim Murray <timmurray@google.com>,
	Joel Fernandes <joelaf@google.com>,
	Suren Baghdasaryan <surenb@google.com>,
	Jonathan Corbet <corbet@lwn.net>,
	Andrew Morton <akpm@linux-foundation.org>,
	Roman Gushchin <guro@fb.com>,
	Mike Rapoport <rppt@linux.vnet.ibm.com>,
	Vlastimil Babka <vbabka@suse.cz>,
	"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
	"Dennis Zhou (Facebook)" <dennisszhou@gmail.com>,
	Prashant Dhamdhere <pdhamdhe@redhat.com>,
	"open list:DOCUMENTATION" <linux-doc@vger.kernel.org>
Subject: Re: [PATCH v2] Document /proc/pid PID reuse behavior
Date: Wed, 7 Nov 2018 15:48:20 +0000	[thread overview]
Message-ID: <CAKOZueu5aDtHDBzp6qKECTHEejjb=dyegQkuHh8NfwgNktzFow@mail.gmail.com> (raw)
In-Reply-To: <20181106130524.GC2453@dhcp22.suse.cz>

On Tue, Nov 6, 2018 at 1:05 PM, Michal Hocko <mhocko@kernel.org> wrote:
> On Mon 05-11-18 13:22:05, Daniel Colascione wrote:
>> State explicitly that holding a /proc/pid file descriptor open does
>> not reserve the PID. Also note that in the event of PID reuse, these
>> open file descriptors refer to the old, now-dead process, and not the
>> new one that happens to be named the same numeric PID.
>
> This sounds quite obvious

Many people *on* *LKML* were wrong about this behavior. If it's not
obvious to experienced kernel developers, it's certainly not obvious
to the public.

> otherwise anybody could simply DoS the system
> by consuming all available pids.

People can do that today using the instrument of terror widely known
as fork(2). The only thing standing between fork(2) and a full process
table is RLIMIT_NPROC. In a world where we really did reserve a
numeric PID through the lifetime of any struct pid to which it refers
(i.e., where "cd /proc/$PID" held $PID), we could charge these struct
pid reservations against RLIMIT_NPROC and achieve behavior as safe as
what we have today. The details would be subtle (you'd have to take
pains to avoid double-counting, for example), but it could be made to
work. Other people, on the various lkml threads about my process API
improvement proposals, have proposed fixing the longstanding PID race
problem by making struct pid behave the way people mistakenly believe
it behaves today. It's a serious idea worth actual consideration.

  reply	other threads:[~2018-11-07 15:48 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-10-31 15:06 [PATCH] Document /proc/pid PID reuse behavior Daniel Colascione
2018-11-01  7:08 ` Mike Rapoport
2018-11-05 13:22 ` [PATCH v2] " Daniel Colascione
2018-11-06  6:01   ` Mike Rapoport
2018-11-07 17:16     ` Matthew Wilcox
2018-11-07 18:21       ` Daniel Colascione
2018-11-06 13:05   ` Michal Hocko
2018-11-07 15:48     ` Daniel Colascione [this message]
2018-11-07 16:00       ` Michal Hocko
2018-11-07 16:10         ` Daniel Colascione
2018-11-07 16:19           ` Michal Hocko
2018-11-19 11:16           ` Aleksa Sarai
2018-11-07 17:04         ` Martin Steigerwald
2018-11-08 12:02           ` David Laight
2018-11-08 12:27             ` Matthew Wilcox
2018-11-08 13:42               ` David Laight
2018-11-08 14:07                 ` Matthew Wilcox
2018-11-08 14:14                   ` David Laight
2018-11-08 13:25           ` Michal Hocko
2018-11-19 10:54   ` Pavel Machek
2018-11-19 16:24     ` Daniel Colascione
2018-11-20  8:50       ` Pavel Machek
2018-11-20  9:05     ` Vlastimil Babka
2018-11-20  9:18       ` Pavel Machek
2018-11-20 17:39         ` Matthew Wilcox
2018-11-20 17:48           ` Daniel Colascione
2018-11-20 17:59             ` Matthew Wilcox
2018-11-20 16:37       ` Joel Fernandes
2018-11-20 16:49       ` Jonathan Corbet
2018-11-20 16:57         ` Pavel Machek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAKOZueu5aDtHDBzp6qKECTHEejjb=dyegQkuHh8NfwgNktzFow@mail.gmail.com' \
    --to=dancol@google.com \
    --cc=akpm@linux-foundation.org \
    --cc=corbet@lwn.net \
    --cc=dennisszhou@gmail.com \
    --cc=guro@fb.com \
    --cc=joelaf@google.com \
    --cc=kirill.shutemov@linux.intel.com \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mhocko@kernel.org \
    --cc=pdhamdhe@redhat.com \
    --cc=rppt@linux.ibm.com \
    --cc=rppt@linux.vnet.ibm.com \
    --cc=surenb@google.com \
    --cc=timmurray@google.com \
    --cc=vbabka@suse.cz \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).