Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1636765imu; Sun, 18 Nov 2018 06:00:19 -0800 (PST) X-Google-Smtp-Source: AJdET5efgZvH7mOkLK5dGIEeo2reRPHxD+I0IlXh7VbcQW3NP1r1X17mBe1rFlt2MgqINUETBSJz X-Received: by 2002:a62:ca9c:: with SMTP id y28mr183638pfk.236.1542549619934; Sun, 18 Nov 2018 06:00:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542549619; cv=none; d=google.com; s=arc-20160816; b=AHqZSr+iOVOZavsVG2Dhn82WwtqF81nom7W7u/ciAmd7JwBSlEbT/FgW0e4mTLKqAE +FYXcbWORZipEydpdl6wLx5f2YXCJ/gHoCM7BigZqS9PXR42qy2/d9FyXUHR+RyAPxjM KAqyZ5xSJmUz2hPDxFS6jACnmn8dsrKqaTOnZWTEFMDr9ZE8UZ6CbWXzntuc8TSGRUnp AAnJyHiBxzbyUIdeSO6P/4lsIxfqdv4TTytsTHojeDAk59Q1RoqmpmAUDNyDhvC4t28R pIwJip7XWbkGpmnidxfypYhy7J2A3yKRdq5E73MPdqeaBuNS4tGUatnEiaTFxcwGYy22 eLwg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature; bh=YQ9La5BR4nomH41UKaWmwEQ3YGqZVjb7lZbfpKqW1CU=; b=krTzXyRJTuuxSZOrDMdoXfRgQyTEqFiZhD1ENdRGr7X6cxcRn2u0TKqS3WHLT1W10U 38GLQhtjD2am/OAkG+TiHYk+a+L7gWWPIhWNUFfWlkvj60CmWXGoo4/JIBdZwZx7xQAW ztsAGf0LxiZd7eLAp+IpPR3nJMUHoTNvEWByTRiuA2bavKCCD6d8AB/E3qpdju15N3gK z1+JQk1/0az9fRS5k0bUfgY0G4qTJM7T4FcCscCrYTXkReA1UBzmo2zDOXynOI7O+Rl8 vxIBFHAxB5S5aPREBthZ+M226ig219cpGu1wC6+x2ArAJbsWxydF22sXt9JR2zShjmaw b7Hw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=JVXXmMDI; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b34-v6si38097492pld.276.2018.11.18.06.00.04; Sun, 18 Nov 2018 06:00:19 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=JVXXmMDI; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727188AbeKSATu (ORCPT + 99 others); Sun, 18 Nov 2018 19:19:50 -0500 Received: from mail-vs1-f68.google.com ([209.85.217.68]:42485 "EHLO mail-vs1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726269AbeKSATu (ORCPT ); Sun, 18 Nov 2018 19:19:50 -0500 Received: by mail-vs1-f68.google.com with SMTP id b74so16280412vsd.9 for ; Sun, 18 Nov 2018 05:59:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=YQ9La5BR4nomH41UKaWmwEQ3YGqZVjb7lZbfpKqW1CU=; b=JVXXmMDIKUXCptsScc8oZ2th6i5DbACs/w9DsI241977XVugJWE8YLLlNNLhtv8+Au +O4rOG18i98TqAZ6zlq9jzh2Mae2Ni+/sKcdUSR/0gLCoPk28g1jI0UDJOvYjcjZ61kC NwuUs6ddmYoY0/UOo57QaHyKdDjbbarkHYeqvhQYFjhJ3CxEKizfN28AgASvJcqZp/F2 AKtPPKcUWqO4S7khSTZyE2Dy2e/9fyc/mQpIAIOEyvG4s6pAXNKL1PDJDWL07CFY6uQK dWBQQHXN/reXGIID85TxM49iSJWs9fdnxmw49hhAX6IAvwI2Rvhx9K4Mzq1QqlQEgVvW 0qUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=YQ9La5BR4nomH41UKaWmwEQ3YGqZVjb7lZbfpKqW1CU=; b=PBiXXgwhLeod3YAkmDO40QCo0rH2UjmwEZvREiIpcdu8Bj3muWW//Ozoquv7Rul24H W8oyMi4r00CaRcj9X8YsGZMWSVb5nAn13RtLz5Ic6U5Q2blEV4l3JHWUSNqXvl4AWm26 Li3K0hZzLixH5lKrbOjZfQDL+qvjHA6s1DIJNbMPkTqWrtq6gBDhyispfGvkYiNOYK2x kwcSAcQXYlN154kU4SebRieN1HcQISVjMw/MP04yEz3AaHwAwSjiUqkVFW1lQvtpsXuK GG+a0W2A/lcOjSgwQJiSpOF5f2BKb545Qs719a9BWIszUqnPQ1DL3KYyXxcTzrKNG6YZ Sh5g== X-Gm-Message-State: AGRZ1gLyOMaF6rJ5YynQpumFGcF8WXV0LBlmozMsNNigHrgHjrdeAXha mDT6PpVuGpJ/JOflSD1J9SK9JoqG+1Ck/90l62veAg== X-Received: by 2002:a67:b44:: with SMTP id 65mr7547012vsl.77.1542549565740; Sun, 18 Nov 2018 05:59:25 -0800 (PST) MIME-Version: 1.0 Received: by 2002:a67:f48d:0:0:0:0:0 with HTTP; Sun, 18 Nov 2018 05:59:25 -0800 (PST) In-Reply-To: <20181118111751.6142-1-christian@brauner.io> References: <20181118111751.6142-1-christian@brauner.io> From: Daniel Colascione Date: Sun, 18 Nov 2018 05:59:25 -0800 Message-ID: Subject: Re: [PATCH] proc: allow killing processes via file descriptors To: Christian Brauner Cc: "Eric W. Biederman" , linux-kernel , serge@hallyn.com, Jann Horn , luto@kernel.org, Andrew Morton , Oleg Nesterov , Aleksa Sarai , Al Viro , linux-fsdevel@vger.kernel.org, Linux API , Tim Murray , Kees Cook Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org I had been led to believe that the proposal would be a comprehensive process API, not an ioctl basically equivalent to my previous patch. If you had a more comprehensive proposal, please just share it on LKML instead of limiting the discussion to those able to attend these various conferences. If there's some determined opposition to a general new process API, this opposition needs a fair and full airing, as not everyone can attend these conferences. On Sun, Nov 18, 2018 at 3:17 AM, Christian Brauner wrote: > With this patch an open() call on /proc/ will give userspace a handle > to struct pid of the process associated with /proc/. This allows to > maintain a stable handle on a process. > I have been discussing various approaches extensively during technical > conferences this year culminating in a long argument with Eric at Linux > Plumbers. The general consensus was that having a handle on a process > will be something that is very simple and easy to maintain ioctls are the opposite of "easy to maintain". Their file-descriptor-specific behavior makes it difficult to use the things safely. If you want to take this approach, please make a new system call. An ioctl is just a system call with a very strange spelling and unfortunate collision semantics. > with the > option of being extensible via a more advanced api if the need arises. The need *has* arisen; see my exithand patch. > I > believe that this patch is the most simple, dumb, and therefore > maintainable solution. > > The need for this has arisen in order to reliably kill a process without > running into issues of the pid being recycled as has been described in the > rejected patch [1]. That patch was not "rejected". It was tabled pending the more comprehensive process API proposal that was supposed to have emerged. This patch is just another variant of the sort of approach we discussed on that patch's thread here. As I mentioned on that thread, the right approach option is a new system call, not an ioctl. To fulfill the need described in that patchset a new > ioctl() PROC_FD_SIGNAL is added. It can be used to send signals to a > process via a file descriptor: > > int fd = open("/proc/1234", O_DIRECTORY | O_CLOEXEC); > ioctl(fd, PROC_FD_SIGNAL, SIGKILL); > close(fd); > > Note, the stable handle will allow us to carefully extend this feature in > the future. We still need the ability to synchronously wait on a process's death, as in my patch set. I will be refreshing that patch set.