Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp3603815img; Mon, 25 Mar 2019 13:45:44 -0700 (PDT) X-Google-Smtp-Source: APXvYqz/k9W5kBZK8oYXkSqEChvQfy7xyGuiLnUOQmqPaOCeEdeLaWMk1Jex8m2fV5+SrZl+6JFK X-Received: by 2002:a63:6142:: with SMTP id v63mr24984757pgb.342.1553546744014; Mon, 25 Mar 2019 13:45:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553546744; cv=none; d=google.com; s=arc-20160816; b=V4r1BU0oF23fglz/fCDQQdmOWvf1HKcbq9O3r/995eN153Oqrj7kTzB0ufz+Z+Osal lOrEso6S8wZa4CqovaRZKOpeO0bNZLacVK1NFLIx10krZ2TmeK0fSGp6dUnHFKV7Mlva 7EWzS+ZR9Arvka6sNQEXI1lXrqkwZdPFOC7eCOucBnYOzNa5BWv4efKCeDgyhgZdB5ar aKTB2CkIY50eXOqIzSVkoageZQEJPsoAreXnO5en6ZGXXhdeYyfYu9wEK35x9jsqU0Cx OIYQlVATthYB/SzI3v5pj+CbCDre+lLatUJQh+HUpLQSJu180jZbQ2JFZpwSFteN5CIn 8cew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=JeZojxslx7gvup/G5yckHSix5U36utO7nTs9ax9VodI=; b=GoIKvoyVcYDaCnCA0SC+Y+vUes0i+EqGgBorGzrt9xW5mOroSvwRdUB5dyKx4PKVzW xkGpr7vrtNQl2d2cHHzvkRuEFfdIDuNxxNmtH6+1G0Jn56EJmpO75PjObaCdWXGfWFVG gA8/umVo58okcBqsf/VQVFKgc4mN1a0qbPHx2pHHV/rqKC3agbZ5WPFEDhuw5tg+ktI3 9BHCJmauV6v8N91Df1Pmv38prgzp77srxzWPJwZXEZnIcjQPyQux8O2kXIusWya7UiIS bZkEI2pduiTf4esIN/eMpb8MXFxj9aiSxpk2r2cN75sbi+cNf5Hb2XZC2HS5YUITEx46 cCUA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="mY/PhDgP"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 7si10257474pfh.34.2019.03.25.13.45.27; Mon, 25 Mar 2019 13:45:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="mY/PhDgP"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730164AbfCYUom (ORCPT + 99 others); Mon, 25 Mar 2019 16:44:42 -0400 Received: from mail-ot1-f66.google.com ([209.85.210.66]:36581 "EHLO mail-ot1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729761AbfCYUom (ORCPT ); Mon, 25 Mar 2019 16:44:42 -0400 Received: by mail-ot1-f66.google.com with SMTP id o74so9399798ota.3 for ; Mon, 25 Mar 2019 13:44:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=JeZojxslx7gvup/G5yckHSix5U36utO7nTs9ax9VodI=; b=mY/PhDgPNeo69+cgQ+SxHL8hqOHdD5JS+j5ZcjjNM33PjE5YCNKxzX80VaVRmDZyy6 RCcBy8QRgCEaOcSpuFvKMYfXqSitscWDi45PbOsSLSPSvPi7SZAIsu4Uh/o9/cqhgQ5e F7iVaZV90D7ci7ln+sMWFpH6wsI0GtHzbDveadizJLlEvzgZkIQQduy4ZmSCtafoNEP9 M3ZQ9d3MTLYAQ0ztxgMs2PvuOeLILUbsoKFdH10yTWle/REXaf9/2eARUm7XtnfHf2GW IdTNmaq8Og5C+UzEJ9N/WvWWk4Nh4WmUOcpmOi1deJG5U0t2cV65BmBdKxTiyD8e7paC GXSA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=JeZojxslx7gvup/G5yckHSix5U36utO7nTs9ax9VodI=; b=qafiGtwX6H7iEDhjoE262iFp891Y3FViXXPPng7YLH3S3CZpWzWPIHudLH7Tt2ZhQ4 i+WF/qo8sypPfWT8cUTXm70Grc4Ef6704t6IKmGIy2vSbphuCOaqb7jZoIZ2jd1f/j9I vcB7tlwdlkRWOdPT592FTJkFZE/jxs0FsD7cPni+TAnkolSlejMvGXhqBaj2uWkKsANP TOrcsU65+f36LLgYnz9AI2NdsOEJUQff7G5a45FmDHadGMhab0xx8gRHRR7mZ2++eDQ/ R+9QudRzxZuVvHRzyfX3+OWkpl437CO4etKUAI85q+R2ajEA3jJbKgyDsrVjlKJ62yUJ +VwA== X-Gm-Message-State: APjAAAXsxKC431Kgy1PXpssMekPsg8xP2YDoggWXxrU9sUbEpJIB9PIk eHFA8kh29E1ts9MecLi330kstcGMQ3GQ49vsfeg= X-Received: by 2002:a9d:7dd6:: with SMTP id k22mr19175741otn.31.1553546681477; Mon, 25 Mar 2019 13:44:41 -0700 (PDT) MIME-Version: 1.0 References: <20190320200702.GA27111@avx2> In-Reply-To: From: Michael Tirado Date: Mon, 25 Mar 2019 16:14:56 +0000 Message-ID: Subject: Re: pidfd design To: Linus Torvalds Cc: LKML , Alexey Dobriyan , christian@brauner.io Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Mar 25, 2019 at 5:45 PM Linus Torvalds wrote: > > On Fri, Mar 22, 2019 at 11:34 AM Michael Tirado wrote: > > > > On Wed, Mar 20, 2019 at 8:08 PM Alexey Dobriyan wrote: > > > > > > pidfd code should be backed out immediately. Forget about /proc. > > > > Seems like Torvalds just merges this sort of "stuff" without reading > > it now, or there's something that auto accepted pull request to RC tree? > > There is no auto-accept. > > But there also didn't seem to be any valid arguments against it, and > the android people had arguments for it. > Isn't Google working on their own C++ kernel now, I bet they would want to make a smooth transition to that at some point? Hopefully they don't screw up Linux in the process. > Arguing against it based on "I don't like /proc" is pointless. The > fact is, /proc is our system interface for a lot of things. > The argument was valid to me, at least the design is not set in stone just yet and there is still hope. I have an option in my namespace sandbox called "noproc", it works for many things, but if devs start relying on /proc ALWAYS being available I begin to have issues. You are all aware of the horrors of /proc, I hope. I don't want /proc so deeply entrenched in the ecosystem that I can no longer use "noproc". These sort of bold new core features need to be designed with extreme caution and awareness of the full spectra of affects. Just because something like procfs exists and can be used doesn't mean it is wise to go all-in. > Arguing against it based on "I worry about the _other_ > non-signal-sending things that could be done with this" is also > pointless. What other things? The only thing that got merged was the > signalling. > There have been "future changes" hinted through the patches lifecycle, it leads me to believe it's a gateway patch, and the pid wrapping is a minor bugfix bridge to some other undisclosed features. How could anyone know the design is right without knowing what these changes might be? pidctl/translate_pid? I am against any new systemcall that crosses namespaces by design to accomplish something that is already plummable. Seems like they want to use pidfd's as some sort of token to perform these cross namespace operations, can't wait to see how devs end up abusing this one. > So the model of using a file descriptor instead of a 'pid' for signal > handling is actually very unix-like. Maybe that's how pid's should > have worked to begin with. Remember that whole "everything is a file" > thing? > Perhaps it could be called an improvement if yall get it right because AFAIK the only way to handle wrapping today is to directly clone the PID you're worried about and deal with it immediately when the process exits before wrap can happen. But I really wonder why PID wrapping matters SO much, I bet some people are doing dangerously stupid things like using PID as a credential even though everyone knows it wraps. Maybe this can make signalling less racey somehow? At the very least you could learn the process has exited instead of blindly acting on a potentially recycled number. I recognize the value in that specifically. However, using pidfd as a token to do cross-namespace activities that are already plummable is just plain weird to me, but maybe I'm too used to doing things "the hard way".