Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp3722924img; Mon, 25 Mar 2019 16:48:07 -0700 (PDT) X-Google-Smtp-Source: APXvYqwXfExpfa8ktk76hELXwD9WZEt0e8XSLacMo7GegXs/mL3QqpROKyGKGWqOWROfNf2O5fDE X-Received: by 2002:a62:e418:: with SMTP id r24mr27079094pfh.52.1553557687028; Mon, 25 Mar 2019 16:48:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553557687; cv=none; d=google.com; s=arc-20160816; b=TUKMK+HtSsrroYjYjgRvNo17+nWmCSL5NH3KbIX33zAUiN10e5Se5GkW4YAW/ixFxc jqEajmi55ZHUXzH/AixTqHk8ECxfxmpMfVw1cM+r6QX/EMtzFOmaZgiVosI1aXCLtCSd n2RMbIDzVoHE9kVtBY/D8hA2yRh1bjSpN32U0Zt1hRmOLCQfv0wHG01HrW5gw/voX55H oEzJdkQQeXSxRCeh9kvIgQEdaygGVluqnJF1VeDYRLaAcZNeLbBZBlntMQDVrZnyeyZo Uvd5yo1E6jBFKOuaQIKcpkn+5u3ueRZ3724QpxCPocspNQnHjUT8VAKYXHLwb5x67svE oLPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=OntNR28WwPqMJhtqPqgyFaqEwtslS1iyZrH+qWE3grA=; b=lmDCT3c0JuVuwLqiESiLp7wc0Lh6AZxAiIlCSKu8FxQo4ARRpZCagLCAKSDgN3Llfw +hDsCkqdI14uX8TrZO8i+mk8XvFsbmRprhDTGoa783K8N4Nm7Gzj1ogYmNhASmGxYW+j BFYyH/X+9lLSdtlzsLQmVStWuQHXL5qmpULLqmtYK/V30lfi+J64NwIMC+RKR9f/xuKq 52tt7hh7MBJS2znpLBmnwtjdUP52eiK4x9U7wMiYflrbPoeqw8n0xQpYXOTUgbi3jsv9 /ZPxP6XEPjb0SZNOe1uevp7QXpFsghM9yXEIC3H/eRMU5wLGH73Hvp1o0cq51J42PDkV vo2w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@brauner.io header.s=google header.b=cVk1cYHT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id cu15si4825465plb.83.2019.03.25.16.47.51; Mon, 25 Mar 2019 16:48:07 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@brauner.io header.s=google header.b=cVk1cYHT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729250AbfCYXpx (ORCPT + 99 others); Mon, 25 Mar 2019 19:45:53 -0400 Received: from mail-ed1-f67.google.com ([209.85.208.67]:39890 "EHLO mail-ed1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725268AbfCYXpw (ORCPT ); Mon, 25 Mar 2019 19:45:52 -0400 Received: by mail-ed1-f67.google.com with SMTP id p20so8675416eds.6 for ; Mon, 25 Mar 2019 16:45:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brauner.io; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=OntNR28WwPqMJhtqPqgyFaqEwtslS1iyZrH+qWE3grA=; b=cVk1cYHTS0g7sBJckf00k2shHBsR7NFtfywGu/5GYvB1tsc/3Lbf10iQ+E9ejeeQWA wzhp3ajCZ0v7IBydAc2BJhEMC9RHlYAqsuCK/VQy5EXhts6+cEbORqG3uCT2jyuzyuem bHkPatnI7YmBTNESLmm2ihmeV1zdkeTzKbjyMV0X/JAk+9fz+F9urguId7XhHa5g00i/ +EcDS8xkrmuyLnLI5tX6vL77ZTtg47mDhNbdXb6Cq1CI9Wzdo6dgWWeDiS5uMk96H+Zf 1ndlgw77rlMYgr6DHQva2sSu0ZOyYZXMTnK26hGeZc/qPyGGNc3OHsVb1YzM+4I1Ryrv hozQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=OntNR28WwPqMJhtqPqgyFaqEwtslS1iyZrH+qWE3grA=; b=hXaVEmH+vFFyhz6TjdT0MJOEctn1n/Wz537aIXvPuYeSnUG/5/4x34yajIJvrd+3vp Tw6iwm2/DoVXtvr0GnmhHbBaLsc6XfvU9GxoDYYXPFdcexcnXq/W2XyinPOgC3V+pRwc /JZvAVdT5B1b/arP/Tl4pyOHEP1F6RaWW3Vc5EfYwJOHWJoc7YAn97wujpdD/rr0yUlF LcoisvvpS8UnyQmn+TYou2CeCyjnQnEyEx2qtJqodmQTqIyXiwL7Vq/G4puVYByrAdh1 7zl7VdZoOmCBu5+mJNQd9Tz9l0yh5TwxbhX64ts6mhLud0YaH0zUi98J6HqYSyUn4odr PG3A== X-Gm-Message-State: APjAAAV733Bvbg5Ke4usTtciSgaPajRDBCovlf4GDuBF8fLEkLiX+Ivt 329hRtFQmi6R6EwUB0k/oRYc/w== X-Received: by 2002:a50:ad58:: with SMTP id z24mr18121001edc.75.1553557550779; Mon, 25 Mar 2019 16:45:50 -0700 (PDT) Received: from brauner.io ([2a02:8109:b6bf:d24a:b136:35b0:7c8c:280a]) by smtp.gmail.com with ESMTPSA id e2sm3787185ejc.53.2019.03.25.16.45.49 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Mon, 25 Mar 2019 16:45:50 -0700 (PDT) Date: Tue, 26 Mar 2019 00:45:48 +0100 From: Christian Brauner To: Andy Lutomirski Cc: Daniel Colascione , Jann Horn , Joel Fernandes , Suren Baghdasaryan , Steven Rostedt , Sultan Alsawaf , Tim Murray , Michal Hocko , Greg Kroah-Hartman , Arve =?utf-8?B?SGrDuG5uZXbDpWc=?= , Todd Kjos , Martijn Coenen , Ingo Molnar , Peter Zijlstra , LKML , "open list:ANDROID DRIVERS" , kernel-team , Oleg Nesterov , "Serge E. Hallyn" , Kees Cook , Jonathan Kowalski , Linux API Subject: Re: pidfd design Message-ID: <20190325234547.wo6lyimrp52qie5p@brauner.io> References: <20190320182649.spryp5uaeiaxijum@brauner.io> <20190320185156.7bq775vvtsxqlzfn@brauner.io> <20190320191412.5ykyast3rgotz3nu@brauner.io> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20180716 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Mar 25, 2019 at 04:42:14PM -0700, Andy Lutomirski wrote: > On Mon, Mar 25, 2019 at 1:23 PM Daniel Colascione wrote: > > > > On Mon, Mar 25, 2019 at 1:14 PM Jann Horn wrote: > > > > > > On Mon, Mar 25, 2019 at 8:44 PM Andy Lutomirski wrote: > > > > One ioctl on procfs roots to translate pidfds into that procfs, > > > subject to both the normal lookup permission checks and only working > > > if the pidfd has a translation into the procfs: > > > > > > int proc_root_fd = open("/proc", O_RDONLY); > > > int proc_dir_fd = ioctl(proc_root_fd, PROC_PIDFD_TO_PROCFSFD, pidfd); > > > > > > And one ioctl on procfs directories to translate from PGIDs and PIDs to pidfds: > > > > > > int proc_pgid_fd = open("/proc/self", O_RDONLY); > > > int self_pg_pidfd = ioctl(proc_pgid_fd, PROC_PROCFSFD_TO_PIDFD, 0); > > > int proc_pid_fd = open("/proc/thread-self", O_RDONLY); > > > int self_p_pidfd = ioctl(proc_pid_fd, PROC_PROCFSFD_TO_PIDFD, 0); > > > > > This sounds okay to me. Or we could make it so that a procfs > directory fd also works as a pidfd, but that seems more likely to be > problematic than just allowing two-way translation like this > > > > > > > And then, as you proposed, the new sys_clone() can just return a > > > pidfd, and you can convert it into a procfs fd yourself if you want. > > > > I think that's the consensus we reached on the other thread. The > > O_DIRECTORY open on /proc/self/fd/mypidfd seems like it'd work well > > enough. > > I must have missed this particular email. > > IMO, if /proc/self/fd/mypidfd allows O_DIRECTORY open to work, then it > really ought to do function just like /proc/self/fd/mypidfd/. and > /proc/self/fd/mypidfd/status should work. And these latter two > options seem nutty. > > Also, this O_DIRECTORY thing is missing the entire point of the ioctl > interface -- it doesn't require procfs access. The other option was to encode the pid in the callers pid namespace into the pidfd's fdinfo so that you can parse it out and open /proc/. You'd just need an event on the pidfd to tell you when the process has died. Jonathan and I just discussed this.