Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp11158851imu; Thu, 6 Dec 2018 12:31:31 -0800 (PST) X-Google-Smtp-Source: AFSGD/WCST/Qjcu6qAkUVWof9ez6R/6sNdPYxw4azhN3EeJ+46VTHqyio+uPoc+LeVAJ4XE0BZcw X-Received: by 2002:a62:2a4b:: with SMTP id q72mr29590064pfq.61.1544128291030; Thu, 06 Dec 2018 12:31:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544128291; cv=none; d=google.com; s=arc-20160816; b=WGJLefWU6Nnol+xbokfaKnwmVAtemO9X8esaQqaaCfNo6cNdcLkxSIxbpRpZ6xKmTD 3A4mBY96uBTRFgXX2GdrFuNpDX239kJcPPMvIDYGantQMS6uL4B3c6QTV1Iri2Ro7P7P ZW0xVDmsHhD/oeZbCDJWQs7B7hGP97qQcLW/6PTZtfRx9HM0qaGW8qvlpeCi4RXrPDkN ZrAGk+6qytP95N7YRRf0E2ZQ4/r01/HB4i8Xt8ZCvqRNjGZDzzPQM99joQHB6vcbMfDi MWhQ/xZz0KnE5v0B81HczfEgi/udqyZlE2qDpp+PURj7En3VZ+SO/daob/MEP5O4L+H0 jiKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:subject:mime-version:user-agent :message-id:in-reply-to:date:references:cc:to:from; bh=zJrVu4Jjtl7UxK5I8R+3UjX+2bi0OGbgOkN2aYXPvy4=; b=aw82Fm4fRqhaT5uBZVNgAIdYfxPXY+gaogR9ZssGWlHdQag8mhVjJfHprL74OMK9Z5 SWfoHxTpmTzbPOHrbroSBWIzdWQYww2LaizwM1JHLckwwqwCxz7sA1EEp8ms3CZju7uj TV5Uf8VzdTvdaygjfgrx0Q/gri1ZwlL2FRCP4IRMQuoWNv1bZmyEKLHTSIZqV+tf6N0y JF/bDvR6OaGDJMy2K/lxSIgiYxnNvwy/Lae7FjhJlz4nIHLHlqOKfYU3j5AUb7haspt7 eOdDY2sUPBJpWi4gTpm4yvtGsXRG6d0rBhw1QQQFWMTItQpyO2o5IEl6Q77yxpyIY7ut Qsvg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xmission.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y4si1073340pfk.172.2018.12.06.12.31.14; Thu, 06 Dec 2018 12:31:30 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xmission.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726018AbeLFU32 (ORCPT + 99 others); Thu, 6 Dec 2018 15:29:28 -0500 Received: from out03.mta.xmission.com ([166.70.13.233]:42095 "EHLO out03.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725916AbeLFU31 (ORCPT ); Thu, 6 Dec 2018 15:29:27 -0500 Received: from in02.mta.xmission.com ([166.70.13.52]) by out03.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from ) id 1gV0Gz-0007ne-Ke; Thu, 06 Dec 2018 13:29:25 -0700 Received: from ip68-227-174-240.om.om.cox.net ([68.227.174.240] helo=x220.xmission.com) by in02.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from ) id 1gV0Gy-0003sV-Nh; Thu, 06 Dec 2018 13:29:25 -0700 From: ebiederm@xmission.com (Eric W. Biederman) To: Christian Brauner Cc: linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, luto@kernel.org, arnd@arndb.de, serge@hallyn.com, jannh@google.com, akpm@linux-foundation.org, oleg@redhat.com, cyphar@cyphar.com, viro@zeniv.linux.org.uk, linux-fsdevel@vger.kernel.org, dancol@google.com, timmurray@google.com, linux-man@vger.kernel.org, keescook@chromium.org, fweimer@redhat.com, tglx@linutronix.de, x86@kernel.org References: <20181206121858.12215-1-christian@brauner.io> <87sgzahf7k.fsf@xmission.com> <875zw6bh2z.fsf@xmission.com> <20181206193017.wpxls5p3zgjd6rv2@brauner.io> Date: Thu, 06 Dec 2018 14:29:13 -0600 In-Reply-To: <20181206193017.wpxls5p3zgjd6rv2@brauner.io> (Christian Brauner's message of "Thu, 6 Dec 2018 20:30:19 +0100") Message-ID: <871s6u9z6u.fsf@xmission.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-SPF: eid=1gV0Gy-0003sV-Nh;;;mid=<871s6u9z6u.fsf@xmission.com>;;;hst=in02.mta.xmission.com;;;ip=68.227.174.240;;;frm=ebiederm@xmission.com;;;spf=neutral X-XM-AID: U2FsdGVkX19OriSRERNH3jizl4ZALdryUhVDRipsGHQ= X-SA-Exim-Connect-IP: 68.227.174.240 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on sa06.xmission.com X-Spam-Level: X-Spam-Status: No, score=0.8 required=8.0 tests=ALL_TRUSTED,BAYES_50, DCC_CHECK_NEGATIVE,T_TM2_M_HEADER_IN_MSG,T_TooManySym_01, T_TooManySym_02,T_XMDrugObfuBody_08 autolearn=disabled version=3.4.2 X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5000] * 0.0 T_TM2_M_HEADER_IN_MSG BODY: No description available. * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa06 1397; Body=1 Fuz1=1 Fuz2=1] * 0.0 T_TooManySym_01 4+ unique symbols in subject * 1.0 T_XMDrugObfuBody_08 obfuscated drug references * 0.0 T_TooManySym_02 5+ unique symbols in subject X-Spam-DCC: XMission; sa06 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: ;Christian Brauner X-Spam-Relay-Country: X-Spam-Timing: total 565 ms - load_scoreonly_sql: 0.05 (0.0%), signal_user_changed: 2.7 (0.5%), b_tie_ro: 1.85 (0.3%), parse: 0.90 (0.2%), extract_message_metadata: 15 (2.7%), get_uri_detail_list: 2.9 (0.5%), tests_pri_-1000: 21 (3.7%), tests_pri_-950: 1.27 (0.2%), tests_pri_-900: 1.12 (0.2%), tests_pri_-90: 33 (5.9%), check_bayes: 32 (5.6%), b_tokenize: 11 (2.0%), b_tok_get_all: 11 (1.9%), b_comp_prob: 3.8 (0.7%), b_tok_touch_all: 3.5 (0.6%), b_finish: 0.61 (0.1%), tests_pri_0: 474 (83.8%), check_dkim_signature: 0.61 (0.1%), check_dkim_adsp: 3.7 (0.7%), poll_dns_idle: 0.38 (0.1%), tests_pri_10: 2.4 (0.4%), tests_pri_500: 11 (1.9%), rewrite_mail: 0.00 (0.0%) Subject: Re: [PATCH v4] signal: add taskfd_send_signal() syscall X-Spam-Flag: No X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600) X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Christian Brauner writes: > On Thu, Dec 06, 2018 at 01:17:24PM -0600, Eric W. Biederman wrote: >> Christian Brauner writes: >> >> > On December 7, 2018 4:01:19 AM GMT+13:00, ebiederm@xmission.com wrote: >> >>Christian Brauner writes: >> >> >> >>> The kill() syscall operates on process identifiers (pid). After a >> >>process >> >>> has exited its pid can be reused by another process. If a caller >> >>sends a >> >>> signal to a reused pid it will end up signaling the wrong process. >> >>This >> >>> issue has often surfaced and there has been a push [1] to address >> >>this >> >>> problem. >> >>> >> >>> This patch uses file descriptors (fd) from proc/ as stable >> >>handles on >> >>> struct pid. Even if a pid is recycled the handle will not change. The >> >>fd >> >>> can be used to send signals to the process it refers to. >> >>> Thus, the new syscall taskfd_send_signal() is introduced to solve >> >>this >> >>> problem. Instead of pids it operates on process fds (taskfd). >> >> >> >>I am not yet thrilled with the taskfd naming. >> > >> > Userspace cares about what does this thing operate on? >> > It operates on processes and threads. >> > The most common term people use is "task". >> > I literally "polled" ten non-kernel people for that purpose and asked: >> > "What term would you use to refer to a process and a thread?" >> > Turns out it is task. So if find this pretty apt. >> > Additionally, the proc manpage uses task in the exact same way (also see the commit message). >> > If you can get behind that name even if feeling it's not optimal it would be great. >> >> Once I understand why threads and not process groups. I don't see that >> logic yet. > > The point is: userspace takes "task" to be a generic term for processes > and tasks. Which is what is important. The term also covers process > groups for all that its worth. Most of userspace isn't even aware of > that distinction necessarily. > > fd_send_signal() makes the syscall name meaningless: what is userspace > signaling too? The point being that there's a lot more that you require > userspace to infer from fd_send_signal() than from task_send_signal() > where most people get the right idea right away: "signals to a process > or thread". > >> >> >>Is there any plan to support sesssions and process groups? >> > >> > I don't see the necessity. >> > As I said in previous mails: >> > we can emulate all interesting signal syscalls with this one. >> >> I don't know what you mean by all of the interesting signal system >> calls. I do know you can not replicate kill(2). > > [1]: You cannot replicate certain aspects of kill *yet*. We have > established this before. If we want process group support later we do > have the flags argument to extend the sycall. Then you have horrible contradiction in the API. Either the grouping is a property of your file descriptor or the grouping comes from the flags argument. If the grouping is specified in the flags argument then pidfd is the proper name for your file descriptors, and the appropriate prefix for your system call. If the grouping is a property of your file descriptor it does not make sense to talk about using the flags argument later. Your intention is to add the thread case to support pthreads once the process case is sorted out. So this is something that needs to be made clear. Did I miss how you plan to handle threads? And this fundamentally and definitely gets into all of my concerns about proper handling of pid_task and PIDTYPE_TGID etc. >> Sending signals to a process group the "kill(-pgrp)" case with kill >> sends the signals to an atomic snapshot of processes. If the signal >> is SIGKILL then it is guaranteed that then entire process group is >> killed with no survivors. > > See [1]. > >> >> > We succeeded in doing that. >> >> I am not certain you have. > > See [1]. > >> >> > No need to get more fancy. >> > There's currently no obvious need for more features. >> > Features should be implemented when someone actually needs them. >> >> That is fair. I don't understand what you are doing with sending >> signals to a thread. That seems like one of the least useful >> corner cases of sending signals. > > It's what glibc and Florian care about for pthreads and their our > biggest user atm so they get some I'd argue they get some say in this. :) Fair enough. If glibc could use this then we certainly have users and a user case. Eric