Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp4291661imu; Mon, 24 Dec 2018 21:34:58 -0800 (PST) X-Google-Smtp-Source: AFSGD/X5P4G0qGQEcqpiLddhUlE4dFbS/PR/MZYlKLKm1DnWhhlIkEpsKSZloqrPrHJ6oUjSWi0N X-Received: by 2002:a62:4e83:: with SMTP id c125mr15681300pfb.101.1545716098187; Mon, 24 Dec 2018 21:34:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1545716098; cv=none; d=google.com; s=arc-20160816; b=Rbgv45l9Rj9OJaEg3Wu50ywflJOnM7zyvzxM3tlFt5H0Ci//eKztPT4Qep5vZOLRk5 m9wzApTzRhnAuQHn0BNIpfPfYX+K67cnhPnv8eT4fQVw+7NdmpUyqCYf1wwyw9SRbXAP VWlTU+PtJslcUW6CA5hGpE6hytXC2T9McMOipOvCzKfZNuHL12/f/YC1d2cpKMfYf8NV HE/uDUUpbSevU+tIRfuq9613vOAYLpLh2kXi0+EZzv9k9akKIFc1WduMJSK5GN5K0Nr/ ST0W+7/fBvzDOd1yJbOMolaPe6Bd4rVZ2Sxh3Rhd04oKkA/kQb1TsJpjtvvgfUw4iuJK uSOA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=+A74NzcsU5jVuDJexZfDXwDFdTQppxIwyEi8thauB1U=; b=Jz3nj7jFLYYlPZUbx2Sso/Gukw0zy5ApXmeIYW5vHAwfree2Uc0pJ9Pnm4MX59Pjv0 prtDCzhRSmkCOOvdBIbNMEjY4d6xzZB3YbGp+Mu04nEwdVQDCbF78Ja2C75jQqZSJENd 5uXpUyPcwFjN14qhXD+KvV5+yCARfWVY4uC3I4Hv4K6GtNN0NG5ndhRsdYwzNm0ulMxc RpilGWU0gCXLgs/DM5BNBr3TfJOA0ubZ9RsQh9NWeYcmKDynwGvhCsIuKM/0EA7e2Aqq Z9JfFlHWUE2+5LVPHN7a3mq6hpb3RHH0CBgIlykMxtleXV/XQhRvoTbMhMB+CSDiFE1r 85vA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=LD6Itty6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p5si725571pls.338.2018.12.24.21.34.29; Mon, 24 Dec 2018 21:34:58 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=LD6Itty6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725871AbeLYFdF (ORCPT + 99 others); Tue, 25 Dec 2018 00:33:05 -0500 Received: from mail-io1-f65.google.com ([209.85.166.65]:44986 "EHLO mail-io1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725791AbeLYFdE (ORCPT ); Tue, 25 Dec 2018 00:33:04 -0500 Received: by mail-io1-f65.google.com with SMTP id r200so10156026iod.11; Mon, 24 Dec 2018 21:33:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=+A74NzcsU5jVuDJexZfDXwDFdTQppxIwyEi8thauB1U=; b=LD6Itty65NVQOUp5+dFsoJDFfawIvngvgt+5luRb4ulzCCaVXWiPqHigY15fSLSp9a L2NK+JFcdgPLhLEJMoVpMO/+PhMwMA0mQ2oa9UdsBFxmQnl5bBn+F4zs1Go0kjBQGLxp 2zPzuFgQje4HS64tiWW9NOL1ZNlvvPeeiQgxmJuRunzJbMZTU8gAhwJFFDcy72YyKGiX gwtnqkEy8v0rnCaqZ5IjKmNL/MbGh91devGii1SGMgkZh0isP7cdheaMGZ8Pm+As3Elh uHTYdWuMAHy6h+F3PYHIHBvOXEeijwQRz2OGJfR7Z5XfLniCPBtmEXLC08G3hMjaycId +14w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=+A74NzcsU5jVuDJexZfDXwDFdTQppxIwyEi8thauB1U=; b=lTRpZHl2N7ztk2iZEyq81tZbGDArWzglvk7LDnich1wpecanFGDQeskV09yPuzb7l7 ho/ND8eL4/N+HJNBJ1NOtm3xd/9ZgBHFlOm2sOtrAoIQR1ZAR4LDEhrg9z/k+7XNu2Nd oBLLdD+4mfqdLiJviImhSIz88xkR4KgjV9GEmljCTJrrBDzlhWJwlx76pal8+0vc7ntA tr39CTwLq2ChINSaDwio+LbHNSh69wx+XoHcfkv4JbUGEGtz4plaIQu2XP3g7DCoULJK 10Fv5b4KsP8OR7y52o2DlVWFTLE89GFh6WaFnUTUeiBcAMYBDpTB19F4cSInklVIrC86 elKQ== X-Gm-Message-State: AJcUukePPdYFqxzG0kZjCIA4UqurEpbdZmGYThsPk53L2ytkmhNHGc8V 7QOh0hd+WKlzcqPBhXrnHfGWVy/Wx75YAg92cfM= X-Received: by 2002:a6b:600b:: with SMTP id r11mr11206750iog.259.1545715983251; Mon, 24 Dec 2018 21:33:03 -0800 (PST) MIME-Version: 1.0 References: <20181120105124.14733-1-christian@brauner.io> <87in0g5aqo.fsf@oldenburg.str.redhat.com> <746B7C49-CC7B-4040-A7EF-82491796D360@brauner.io> <20181202100304.labt63mzrlr5utdl@brauner.io> <8736rebl9s.fsf@oldenburg.str.redhat.com> <20181203180224.fkvw4kajtbvru2ku@brauner.io> <874lbtjvtd.fsf@oldenburg2.str.redhat.com> <87y392h4b7.fsf@oldenburg2.str.redhat.com> In-Reply-To: From: Lai Jiangshan Date: Tue, 25 Dec 2018 13:32:51 +0800 Message-ID: Subject: Re: [PATCH v2] signal: add procfd_signal() syscall To: Christian Brauner Cc: Florian Weimer , Andy Lutomirski , "Eric W. Biederman" , LKML , "Serge E. Hallyn" , Jann Horn , Andrew Morton , Oleg Nesterov , Aleksa Sarai , Al Viro , Linux FS Devel , Linux API , Daniel Colascione , Tim Murray , linux-man , Kees Cook Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Is it possible to avoid adding any syscall? Since holding /proc/pid/reg_file can also hold the pid. With this guarantee, /proc/pid/uuid (universally unique identifier ) can be introduced to identify tasks, the kernel generates a uuid for every task when created. save_pid_uuid_pair_for_later_kill(int pid) { /* save via /proc/$pid/uuid */ /* don't need to keep any fd after save */ } safe_kill(pid, uuid, sig) { fd =3D open(/proc/$pid/uuid); /* also hold the pid until close() if open() successes */ if (open successes and read uuid from fd and if it equals to uuid) kill(pid, sig) close(fd) } All things needed to be done is to implement /proc/pid/uuid. And if pid can= 't be recycled within 1 ticket, or the user can ensure it. The user can use starttime(in /proc/pid/stat) instead. save_pid_starttime_pair_for_later_kill(int pid) { /* save via /proc/$pid/stat */ /* don't need to keep any fd after save or keep it for 1 ticket at most *= / } safe_kill(pid, starttime, sig) { fd =3D open(/proc/$pid/stat); /* also hold the pid until close() if open() successes */ if (open successes and read starttime from fd and if it equals to start= time) kill(pid, sig) close(fd) } In this case, zero LOC is added in the kernel. All of it depends on the guarantee that holding /proc/pid/reg_file also holds the pid, one of which I haven't checked carefully either. On Fri, Dec 7, 2018 at 3:05 AM Christian Brauner wro= te: > > On December 7, 2018 7:56:44 AM GMT+13:00, Florian Weimer wrote: > >* Andy Lutomirski: > > > >>> I suppose that's fine. Or alternatively, when thread group support > >is > >>> added, introduce a flag that applications have to use to enable it, > >so > >>> that they can probe for support by checking support for the flag. > >>> > >>> I wouldn't be opposed to a new system call like this either: > >>> > >>> int procfd_open (pid_t thread_group, pid_t thread_id, unsigned > >flags); > >>> > >>> But I think this is frowned upon on the kernel side. > >> > >> I have no problem with it, except that I think it shouldn=E2=80=99t re= turn an > >> fd that can be used for proc filesystem access. > > > >Oh no, my intention was that it would just be used with *_send_signal > >and related functions. > > Let's postpone that discussion a little. > I think we don't need a syscall to base this off of pids. > As I said I rather send my revived version of CLONE_NEWFD that would serv= e the same task. > The same way we could also just add a new open() flag that blocks fs acce= ss completely. > I just pitched that idea to Serge a few days back: O_NOCHDIR or similar. > That could even be part of Aleksa's path resolution patchset. > > > > >Thanks, > >Florian >