Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp11280106imu; Thu, 6 Dec 2018 14:45:10 -0800 (PST) X-Google-Smtp-Source: AFSGD/UtM1iqucVgfqRVocKb5bSanN9/mCUDTvXK9VmgPe2v54r+B52KnH7s28KGTwWvLFAyk7Jt X-Received: by 2002:a62:7e13:: with SMTP id z19mr30336448pfc.94.1544136310591; Thu, 06 Dec 2018 14:45:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544136310; cv=none; d=google.com; s=arc-20160816; b=R6meQiHWkUmvVZViHKOtAQgBfbuNYAWUsN3cKWqq46VFhJb5PlyAFqPnQJvxNFN7n7 XGY0ROFswR6KZ2vyvZkfQ/q9urUmmdp2uR4Wuzp+c3K7uZOG/MlG8RNd7xdQ1xUdJqZD aqE01D9YgeKNo8WyDyOvGoNadr3sPBocRpPVGmDI8mWVd4/F1C6DWdPDcegOeSXwr1GE XxykqPpKc9Gbpuxem4vIX5p4GSdE6LpQli0jj4c6E4JfqPqa/mjAEy+TebkLjzmLBJEk g0NSgDSn3VuOWQkWn9N5Vtbf1ZUFb4QMEI4r4mdgsJ2gqhYgCpiE8WJaotURinG/7TKJ HsCg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=QGrQwYLmnukcpJtpUnCarc+d2xCO3T8JySHhNzbHxME=; b=oFyfRBSS73rWsbOk6MaQipeHlV38Z18gb8clusXc3STs4tG4LeF4z3JJ+HBPEsXtzY gPztgR2PHe3YKkYm9yf0brsXxgCv9I68sSiE+0F9U43Arnbj8EqTgz2p7qK2g7qY/J1o Zbg3gM3sLqZLjW0UqYEK+OiutFyQIAJBDqxesPwzaJ4Zesz/m9GnYoliKeDXqFDiVLRj WawVRb6LxrKLCxSUbAVucXryg9ToqBWK1esOKphs0XBM7NWrnUbkg7YvO1aEaKI+rDZ/ Sn3WHa6Ho6WIvQ8/0LG/mf2796c3SHsV5x+Nyy1U39W6fDzorVvOc0u6013UNiZSQ02B u3Xg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=KpCWlLny; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h9si1302031plb.180.2018.12.06.14.44.53; Thu, 06 Dec 2018 14:45:10 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=KpCWlLny; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726136AbeLFWnm (ORCPT + 99 others); Thu, 6 Dec 2018 17:43:42 -0500 Received: from mail-vs1-f68.google.com ([209.85.217.68]:42209 "EHLO mail-vs1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726097AbeLFWnl (ORCPT ); Thu, 6 Dec 2018 17:43:41 -0500 Received: by mail-vs1-f68.google.com with SMTP id b74so1329387vsd.9 for ; Thu, 06 Dec 2018 14:43:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=QGrQwYLmnukcpJtpUnCarc+d2xCO3T8JySHhNzbHxME=; b=KpCWlLny6xFNYYEcX+tPuJ03w3WwN4CBMahyco3AuS3D29w9169o53THH18x5sUj7+ osxKGxHLOZtOmPan1/vbPUruyC4n5R6YbwRoUIMS30ka02uKdhyanPPV1M/9zlwXwmBs nerGKz0Up9XZtOAYVYwc2DslP7o4CL+psB4VZpfUOrcGG2uU2GG8eTvs23t66bAR6Naj K0cvo5lbnTxkz24ifqIsLZ3CRdsjxTNrPQF3Hl5CV8eo5Ne7rbVrlhp7wOTVwX0VRtUG Q/bK0K/4Xhs5C3TuRm/N2vG8FMkCvXscqGGO32Ej/GyaCRAkNQCa2G4CQRQjWAjflXHK XQ0g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=QGrQwYLmnukcpJtpUnCarc+d2xCO3T8JySHhNzbHxME=; b=uDLG/LtOzsvNa9mQ8cQy5w+ez+2oPKAQQtVNO9avxwl8DOXcrbl4L1aD3x4ComzCmp 1eCqxFl+108qLKJ+Y7MoEUW9j9r/nquJatqtPQTUdX+TGwC9fG+sKfSMy792uBh1uTqi Z2/i2zE4gChuRINToJDzJqWGq5uZ7Gw7Y37HvP6PqI6FJf45bkvsNW2uZWtH5WpitHbO o33jN1y2aUxoS8lzHrDC11oxxZnqhhsdvWtBrZgBlovPTqiLb5B7ELCAIEyP0jlILJGJ uYnFfcAercuEzykxkNR2OJene1CRd8Q9d7bsHNdELK8qTdI9mY77lhWQQlVU8gDHOTXx nIIA== X-Gm-Message-State: AA+aEWY7o6Zj8zji09jMyOnpysZuRwvzVUHL9+Vam1B7/Y6bl8IzskwT uJtV0pVqC+WihrB7Kchk8wq7e2kXzZsPHAHWCC/D0Q== X-Received: by 2002:a67:6e87:: with SMTP id j129mr13761958vsc.171.1544136220011; Thu, 06 Dec 2018 14:43:40 -0800 (PST) MIME-Version: 1.0 References: <20181206121858.12215-1-christian@brauner.io> <87sgzahf7k.fsf@xmission.com> <875zw6bh2z.fsf@xmission.com> <20181206193017.wpxls5p3zgjd6rv2@brauner.io> <871s6u9z6u.fsf@xmission.com> <87in0647og.fsf@xmission.com> In-Reply-To: <87in0647og.fsf@xmission.com> From: Daniel Colascione Date: Thu, 6 Dec 2018 14:43:27 -0800 Message-ID: Subject: Re: [PATCH v4] signal: add taskfd_send_signal() syscall To: "Eric W. Biederman" Cc: Christian Brauner , linux-kernel , Linux API , Andy Lutomirski , Arnd Bergmann , "Serge E. Hallyn" , Jann Horn , Andrew Morton , Oleg Nesterov , Aleksa Sarai , Al Viro , Linux FS Devel , Tim Murray , linux-man , Kees Cook , Florian Weimer , tglx@linutronix.de, x86@kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Dec 6, 2018 at 2:22 PM Eric W. Biederman wrote: > > Daniel Colascione writes: > > > On Thu, Dec 6, 2018 at 12:29 PM Eric W. Biederman wrote: > >> Christian Brauner writes: > >> > >> > [1]: You cannot replicate certain aspects of kill *yet*. We have > >> > established this before. If we want process group support later we do > >> > have the flags argument to extend the sycall. > >> > >> Then you have horrible contradiction in the API. > >> > >> Either the grouping is a property of your file descriptor or the > >> grouping comes from the flags argument. > >> > >> If the grouping is specified in the flags argument then pidfd is the > >> proper name for your file descriptors, and the appropriate prefix > >> for your system call. > > > > Yes and no. "taskfd" is fine, since even if we do add a > > kill-process-group capability, the general facility under discussion > > is still *about* tasks in general, so "taskfd" still tells you in a > > general sense what the thing does. "pidfd" would be wrong, and for the > > same reason that the kernel's "struct pid" is badly-named: the object > > being named is a *task*, and signaling a particular task instead of > > whatever task happens to be labeled with a particular numeric PID at > > the time of all is the whole point of this change. > > No. The object being named by struct pid is an identifier. > > The same identifier can label processes, the same identifier can > label threads, the same identifier can label process groups the > same identifier can label sessions. > > That is fundamental to how that identifier works. > > Now the new file descriptor can either be a handle to the struct pid > the general purpose identifier, or the file descriptor can be a handle > to a process. Other file descriptor types would be handles to different > kinds of processes. If you open /proc/pid, you get a file descriptor of type A. If you pass that file descriptor to taskfd_signal, you signal the process. If you open a file descriptor to /proc/pid/task/tid, you get a file descriptor of type B, and if you pass that file descriptor to taskfd_signal, you signal the thread. A and B are *already* distinct. The only reason you'd want to require a flag for case B is to reduce the probability of error. The flag wouldn't let you open /proc/pid, yielding an A, and then pass it to taskfd_signal with a flag saying "interpret as B". I understand that it'd be inconsistent to later add a flag saying "interpret this A as a reference to its whole process group", because with respect to the difference between threads and processes, it's the file descriptor type that controls the operation invoked, not the flags. We can solve that by introducing a new FD type for a process group or by just allowing the "casting" via flag, but we're not at the point of having to decide that just yet, and I don't think the API is particularly bad either way. If you don't want to require a flag value when passing a B, then fine. It'll work either with or without the flag. If, instead, you want the flag to allow "casting" an A to a B or vice versa, that's fine too. > When people tell me the new interface can handle process groups or > sessions by just adding a flag. I hear they want to have an handle > to struct pid then general purpose identifier. Because it doesn't make > any sense at all to add a flag to when you need to add a new file > descriptor type to keep the API consistent. > > Later when I hear people say that they want an identifier for a process > and not have a handle to a general purpose identifier I think they need > to think about differnt types of file descriptors for the different > purposes. The flags argument does not help at all there. > > >> If the grouping is a property of your file descriptor it does not make > >> sense to talk about using the flags argument later. > >> > >> Your intention is to add the thread case to support pthreads once the > >> process case is sorted out. So this is something that needs to be made > >> clear. Did I miss how you plan to handle threads? > >> > >> And this fundamentally and definitely gets into all of my concerns about > >> proper handling of pid_task and PIDTYPE_TGID etc. > > > > To the extent that it's possible, this system call should mimic the > > behavior of a signal-send to a positive numeric PID (i.e., a specific > > task), so if we change one, we should change both. > > There is a special case in kill(2) where we treat an identifier that > only identifies a thread as an identifier of a process. We should > not copy that. Sure.