Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3347740imu;
        Mon, 19 Nov 2018 14:40:52 -0800 (PST)
X-Google-Smtp-Source: AJdET5f3b587zlOaAIdhbCyRvTwpboDQuZnYryq6Q8r4trOs8GCLvC7lCd70bS2qFepSQi/5UObu
X-Received: by 2002:a63:981:: with SMTP id 123mr21908676pgj.444.1542667252171;
        Mon, 19 Nov 2018 14:40:52 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1542667252; cv=none;
        d=google.com; s=arc-20160816;
        b=y7yCQ1KxxP3gTE4XyewATXNzYJQ5z/57LygfCVc/GLWgDOIjr7tdzugxAtwsd4xRyy
         TzHBWfMjmO+zVpCV68jMIQapHbXPGOqLROTzQOH0Q6KPLTguzYwy+DplTx/+ut4bS72a
         6WuYap9L0lHCsfA+mtGT+vCd1lS1UlW5nUN4Gi4s+B+Af2ibgn7d1xFXNR7091eVhy7Y
         Ywvw7a86fqIfQl5gehM1zIHA0DcoaeXo0PPM1oTzNJg8jrzp54917idz4DL7R5xMdVDl
         vayUNts52L02/vCXuZoQvOnIZYdjlmKlBj/8mVy4d26EtWsZJWPOQqe+hktiOim3q/PY
         8OoQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=V9Dtv5lhjmiwwT+fmo/egRH1C+SB084sb2G6VU2EwTs=;
        b=b8IBgP0vG7RHUH88SLTzP9YBlFJNym3uYCEzm6Y179mvQ4h9UuOmSx19jjLTl9UABs
         09TvDd9zR7eYkZshX5RaqNYEOVXq4OKs6oNUIOvLpXvWQ2cNRlP263a/aPhe7W34ueLH
         /E4zm8MG8TkAgigXuI7sWMwqMiaVbrvUCP/+sr2o/LttMr5FGNdkunQuUO9wMP8wK6Ry
         TaK2UnYIWNvpg3sg8i7EijqHzp6l/nccBHD46ljJfvqYatnaoa3wtuNgcZXYIx9I8UqW
         9uHSqFghCHWeTNg6Z5E3dfIHosVzkCVs6+n56gnt26C1qBJUN9NZWQ+5Sr1PWgwqyW89
         wYsQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@tycho-ws.20150623.gappssmtp.com header.s=20150623 header.b=hndXFIt4;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id q13si41288059pgj.86.2018.11.19.14.40.36;
        Mon, 19 Nov 2018 14:40:52 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@tycho-ws.20150623.gappssmtp.com header.s=20150623 header.b=hndXFIt4;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731509AbeKTJFv (ORCPT <rfc822;kkoh.linux@gmail.com>
        + 99 others); Tue, 20 Nov 2018 04:05:51 -0500
Received: from mail-pf1-f193.google.com ([209.85.210.193]:45390 "EHLO
        mail-pf1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1730899AbeKTJFv (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 20 Nov 2018 04:05:51 -0500
Received: by mail-pf1-f193.google.com with SMTP id g62so12274233pfd.12
        for <linux-kernel@vger.kernel.org>; Mon, 19 Nov 2018 14:39:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=tycho-ws.20150623.gappssmtp.com; s=20150623;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to:user-agent;
        bh=V9Dtv5lhjmiwwT+fmo/egRH1C+SB084sb2G6VU2EwTs=;
        b=hndXFIt4AQzQsa0XxIMeK2XsVY5Q+I2utk62/J2/S5VX90fnjccjTyc1Ns1rxoeJpv
         AmvOEuhjol3aKWY3TJa8hIdFOFZGfyqmxk/sxvBKqFH598mdskx1xeIhMLn9AhFvB65R
         W6aW8XAw7A+1C5kBS3GSszvjfHt0hw+7pla+lVuivpk/PdSJ9PRyA918bTXwn8ay3pGA
         CUh2RTf0u9twMjiQsu66TuaG4gBGet7S2g8WUdr27cTghc9YNmjkRc+hL9Es/FMT7FMq
         HbdtlyOXff+WuKt4h7L84We3biqaEoeB9Da+5RM6DPGLEUZJ2TPfRIMGIe8BJ9Kahpof
         Nh0A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to:user-agent;
        bh=V9Dtv5lhjmiwwT+fmo/egRH1C+SB084sb2G6VU2EwTs=;
        b=gVolgZq9ftdgQB2U1pqKO1mO8UYAW4YZCiG1blRzAop/ZDgtdbKq79EPVRBJDTX0nW
         uKieOZ4rpklfpq0CVROjzmIT7sC5y3SPtYUK/fiEG9DWtvfAbVihSt2dZDApxtUnAbDH
         DKk1P3oZQvCw0bp6wn6tl+B+agaXb86Xo2nlPQ+miGdBfWuz2SOjuZEYbbz7u0WQjUts
         dByzxKoIRV7l4fTmq9OsUHU3WKSaPZPrOn6V5qbCj2ZJnQbGFlpyqDl5aCH+xC3/A0Q0
         eyoqRXkszinVs7hx0ybjvuLZA3/+0TNViS5TdSKl+InbTvg8QnDsyFil9z7OErg4U1t4
         L8gA==
X-Gm-Message-State: AGRZ1gL6jZ66zN75oOFMQWCo9+OftskKj4eYXJ/UdjeMrzHQh8/7frGp
        eXpG1HOQfW4JEOsN5/RHOjlPOA==
X-Received: by 2002:a62:e0d8:: with SMTP id d85mr24524708pfm.214.1542667199157;
        Mon, 19 Nov 2018 14:39:59 -0800 (PST)
Received: from cisco ([128.107.241.178])
        by smtp.gmail.com with ESMTPSA id f22-v6sm51384210pff.29.2018.11.19.14.39.55
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Mon, 19 Nov 2018 14:39:57 -0800 (PST)
Date:   Mon, 19 Nov 2018 15:39:54 -0700
From:   Tycho Andersen <tycho@tycho.ws>
To:     Christian Brauner <christian@brauner.io>
Cc:     ebiederm@xmission.com, linux-kernel@vger.kernel.org,
        serge@hallyn.com, jannh@google.com, luto@kernel.org,
        akpm@linux-foundation.org, oleg@redhat.com, cyphar@cyphar.com,
        viro@zeniv.linux.org.uk, linux-fsdevel@vger.kernel.org,
        linux-api@vger.kernel.org, dancol@google.com, timmurray@google.com,
        linux-man@vger.kernel.org, Kees Cook <keescook@chromium.org>
Subject: Re: [PATCH v1 2/2] signal: add procfd_signal() syscall
Message-ID: <20181119223954.GA4992@cisco>
References: <20181119103241.5229-1-christian@brauner.io>
 <20181119103241.5229-3-christian@brauner.io>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20181119103241.5229-3-christian@brauner.io>
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Nov 19, 2018 at 11:32:39AM +0100, Christian Brauner wrote:
>
> +/**
> + *  sys_procfd_signal - send a signal to a process through a process file
> + *                      descriptor
> + *  @fd: the file descriptor of the process
> + *  @sig: signal to be sent
> + *  @info: the signal info
> + *  @flags: future flags to be passed
> + */
> +SYSCALL_DEFINE4(procfd_signal, int, fd, int, sig, siginfo_t __user *, info,
> +		int, flags)
> +{

Can I just register an objection here that I think using a syscall
just for this is silly?

My understanding is that the concern is that some code might do:

unknown_fd = recv_fd();
ioctl(unknown_fd, SOME_IOCTL, NULL); // where SOME_IOCTL == PROC_FD_KILL
// whoops, unknown_fd was a procfd and we killed a task!

In my experience when writing fd sending/receiving code, the sender and
receiver are fairly tightly coupled. Has anyone ever actually fixed a
bug where they had an fd that they lost track of what "type" it was
and screwed up like this? It seems completely theoretical to me.

The ioctl() approach has the benefit of being extensible. Adding a
syscall means that everyone has to do all the boilerplate for each new
pid op in the kernel, arches, libc, strace, etc.

Tycho