Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp4471746img; Tue, 26 Mar 2019 10:02:12 -0700 (PDT) X-Google-Smtp-Source: APXvYqwLuCrnX7/a9ZfOU5YloiTbKm55irk76uFNwlugIUUiTfAk5NFP3KGeMmsq8Z1TV4r1DddO X-Received: by 2002:a17:902:9688:: with SMTP id n8mr32539716plp.133.1553619732693; Tue, 26 Mar 2019 10:02:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553619732; cv=none; d=google.com; s=arc-20160816; b=yLc7Ej2whx0qnkwik9UMPukMvOj/i1XPpcCNJM0LWlwCTbvYd/ALHuNkLSMfXzXChc 0TD5R04u3/1TNlOSYfcMAJylfI8iI241t+mUHUgB9qF7gbdXdoDeRJFDeaTE1s5Y7gkS 3wRgwdKxGhIRC89H5r+bPQCbCzjirc1Fgx8ce51LrZKV+z+It1MakwfugywWcImhJ8WC O6+iRV0ke40IKHEdwM801KUd4deWQkBxKwsYBDWuTQYDrbwe+JwVQbiAdJsYQ/JqiYaQ CyyQJoz4TNdC74AV+p+BCtO9H+WDJlV3eDV+q4uPAFcTzMgEL7di0U+1X4TvtEDpLjwy HfxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=lRcI8/8uKTsntrarZeCm/4QLIQOEcDuZ+FgBJO07Gig=; b=DKmQmrf5Akxk315Hv0/HwMFd+GhAzMqqW25RIUYxlZY6QAi6tLUXMPZ1RfKXbdAZ/T pIFWXqPrnvqppCS6qNnu2DCO7XaXIHhqkkqqHX6kCrqf3IiqXc6fok1qFh8J6CKC3vSG J2fPaJYSHzumIBRfXZyUWQ8G7c6igxbb7JqUT4NolOU/QmDqPRq1hAItgMtNnLuIlRk4 NKaZPHzz6bkOdNT53D6uzd+tDi6eTqpAH5eIep+XfVyGgPNyQp1t9psddJfWnvFtfTLg JjvmUNQrTpii3Xc2z8U5mrg1zNX/Qj5vINxsTH+Bw2bGD758puXNuZY9Q/8mFEo18lgt AV5A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=ALDrepSe; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p17si1394766pgl.181.2019.03.26.10.01.57; Tue, 26 Mar 2019 10:02:12 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=ALDrepSe; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730441AbfCZRAl (ORCPT + 99 others); Tue, 26 Mar 2019 13:00:41 -0400 Received: from mail-vk1-f193.google.com ([209.85.221.193]:35165 "EHLO mail-vk1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726111AbfCZRAk (ORCPT ); Tue, 26 Mar 2019 13:00:40 -0400 Received: by mail-vk1-f193.google.com with SMTP id g24so2982650vki.2 for ; Tue, 26 Mar 2019 10:00:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=lRcI8/8uKTsntrarZeCm/4QLIQOEcDuZ+FgBJO07Gig=; b=ALDrepSeckrgXbQRemVTnDKLm0K8ha8dngvze3TQJhnsGvwmf3eP9OUps0e9mYFGk5 yvnVQORMYHgc4+t3fUnWuJ8bmSE0M3NvypWfZxRQqrLIYD4t9Km+HQLx4Oh7gC+TC+Lr FiCgeSmQdIdkvjz1aYWnLug2wDTJ800Dytx/CJbCRqeC5nLSqYDMjMr+pnD11qGo7UUM 77777K250MA6yWYesbAtbz4cYokhbTqj3W0I+5kmXtss76KMp3agddUXwLbOsjel7O8E 2aznW1gVo/dtqmhx2SmTM32x7puDYYlaQu6dYRNVxAkieXTRgyGg7Vd1HA92dEaKnvo1 LjQg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=lRcI8/8uKTsntrarZeCm/4QLIQOEcDuZ+FgBJO07Gig=; b=iJpE96/VCGL5dFb818446ho2cd0I8ZBo/7D/pcfMiLwkqpXN7zD1Q5hvCIaRF21ox6 AEeWWEIPFXk1UDZbPYkCJBypI9gzXyCdNMj+sv/RXtyREFMwzCf3858ndmwGiNsRuQro gTPkrTNdBmrMTse2psArVKP6ruktU42NYSJUpg9cLvoxjzjpMAR3gFUzMo9RXp64Cd1L feck/rn0J6kFJELbCaFiVKt7pzUDuR6nRrXPiYzjYfvKybbTLdy1b4hI083IREVgNIir KQ+9p+HcXxxOalEZXiFGJAfhrZjQWpuDFSVre5pknnOAg3/5FuidiEbfWNT1ecvZ4J63 M2BA== X-Gm-Message-State: APjAAAVU0QBam5dtiaa1h2ItuT0qMUXNVfG7oSWnZxnaopg7MC/7KaQC R704ecj2eoZXGs1xh6ePsmDo07GC5AxGLLqTojT/yw== X-Received: by 2002:ac5:c2cb:: with SMTP id i11mr1300787vkk.51.1553619639301; Tue, 26 Mar 2019 10:00:39 -0700 (PDT) MIME-Version: 1.0 References: <20190326155513.26964-1-christian@brauner.io> <20190326155513.26964-3-christian@brauner.io> <20190326162337.o256x7hiodu2qfyg@brauner.io> <20190326163142.4eh5qpgiqvygf26w@brauner.io> <20190326163452.uku4bgkessxzxvai@brauner.io> <20190326164634.ba5dko6weazp3zyd@brauner.io> In-Reply-To: <20190326164634.ba5dko6weazp3zyd@brauner.io> From: Daniel Colascione Date: Tue, 26 Mar 2019 10:00:27 -0700 Message-ID: Subject: Re: [PATCH v1 2/4] pid: add pidctl() To: Christian Brauner Cc: Andy Lutomirski , Jann Horn , Konstantin Khlebnikov , David Howells , "Serge E. Hallyn" , "Eric W. Biederman" , Linux API , linux-kernel , Arnd Bergmann , Kees Cook , Alexey Dobriyan , Thomas Gleixner , Michael Kerrisk-manpages , Jonathan Kowalski , "Dmitry V. Levin" , Andrew Morton , Oleg Nesterov , Nagarathnam Muthusamy , Aleksa Sarai , Al Viro , Joel Fernandes Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Mar 26, 2019 at 9:46 AM Christian Brauner wrote: > > On Tue, Mar 26, 2019 at 09:42:59AM -0700, Andy Lutomirski wrote: > > On Tue, Mar 26, 2019 at 9:34 AM Christian Brauner wrote: > > > > > > On Tue, Mar 26, 2019 at 05:31:42PM +0100, Christian Brauner wrote: > > > > On Tue, Mar 26, 2019 at 05:23:37PM +0100, Christian Brauner wrote: > > > > > On Tue, Mar 26, 2019 at 09:17:07AM -0700, Daniel Colascione wrote: > > > > > > Thanks for the patch. > > > > > > > > > > > > On Tue, Mar 26, 2019 at 8:55 AM Christian Brauner wrote: > > > > > > > > > > > > > > The pidctl() syscalls builds on, extends, and improves translate_pid() [4]. > > > > > > > I quote Konstantins original patchset first that has already been acked and > > > > > > > picked up by Eric before and whose functionality is preserved in this > > > > > > > syscall: > > > > > > > > > > > > We still haven't had a much-needed conversation about splitting this > > > > > > system call into smaller logical operations. It's important that we > > > > > > address this point before this patch is merged and becomes permanent > > > > > > kernel ABI. > > > > > > > > > > I don't particularly mind splitting this into an additional syscall like > > > > > e.g. pidfd_open() but then we have - and yes, I know you'll say > > > > > syscalls are cheap - translate_pid(), and pidfd_open(). What I like > > > > > about this rn is that it connects both apis in a single syscall > > > > > and allows pidfd retrieval across pid namespaces. So I guess we'll see > > > > > what other people think. > > > > > > > > There's something to be said for > > > > > > > > pidfd_open(pid_t pid, int pidfd, unsigned int flags); > > > > > > > > /* get pidfd */ > > > > int pidfd = pidfd_open(1234, -1, 0); > > > > > > > > /* convert to procfd */ > > > > int procfd = pidfd_open(-1, 4, 0); > > > > > > > > /* convert to pidfd */ > > > > int pidfd = pidfd_open(4, -1, 0); > > > > > > probably rather: > > > > > > int pidfd = pidfd_open(-1, 4, PIDFD_TO_PROCFD); > > > > Do you mean: > > > > int procrootfd = open("/proc", O_DIRECTORY | O_RDONLY); > > int procfd = pidfd_open(procrootfd, pidfd, PIDFD_TO_PROCFD); > > > > or do you have some other solution in mind to avoid the security problem? > > Yes, we need the proc root obviously. I just jotted this down. > > We probably would need where one of the fds can refer to the proc root. > > pidfd_open(pid_t, int fd, int fd, 0) Indeed. This is precisely the pidfd-procfd translation API I proposed in the last paragraph of [1]. [1] https://lore.kernel.org/lkml/CAKOZuetCFgu0B53+mGmQ3+539MPT_tiu-PACx2ATvihHrrmUKg@mail.gmail.com/