Received: by 2002:a25:5b86:0:0:0:0:0 with SMTP id p128csp2653829ybb; Sat, 30 Mar 2019 10:13:11 -0700 (PDT) X-Google-Smtp-Source: APXvYqyFmjUQQ4+P05tjntzCwCq1lfrxJKYQ/dpxByJnLP+a5S0Ho7bbixwJMe14dKGCKLhy3CLf X-Received: by 2002:a63:7153:: with SMTP id b19mr46110002pgn.289.1553965991793; Sat, 30 Mar 2019 10:13:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553965991; cv=none; d=google.com; s=arc-20160816; b=C9/i6O0XmF7xkDDJW4QST2NSgrpdPmTvOVxCTCLxB73rAs4HtBW/Z2GTNNuG35lp1e WvboInqlZ6Fjn6iNR1/aYKV0HJ7h5BSgILC/WWlwlmnhxos83S5CGbNNWI0nT1yQxNY1 FB7drWeFnEpwbYb4Nl6ihUWi25UOUnwX78Yc1kO6EcMoB/vbJwM519eCx/Rl7f2Kyi85 1TaNfseXPZakMFUXVT4zmLOG2JdCL7SHxrG1o8z4kaHzV5r4Pwlf5u1xX5NlRCZnzbff w8V/KE30ArBDBrTS0SeBl168/lS0av48/bcIoCddX06CaKhr38zJDpRN0yi6gwnau3qc xKOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=zC8Nl9G6/l5MMFOXorxDKy0jA9yGChzBjLvNeElBA7o=; b=rkBJHl/FQIolwD6RRun2aSJlhBmM+CgyMkKsP9SbpPpQ1AZg1rRmNs4/mbLVHAEqKf yfCGRqB+jTBeAJLIsoQNkIrq4LKYgxkZpG0NNXV6uSe+MS9zCddTRP3Qbnota+3Hofb4 21l2DoU03h6+b7SammizIjgSohhWMIVHC6Uihtl2BsBnS6M0p4iXnqb7tjsAtZvaD3/1 vnGiMWfsZ12X0WliyFIZnaQ87faOu3QRtDPDPA5vnwYxmTf+RjWGgEKRyKVSWucCnS0j P8dKBMmPkiUYZAHEIuKxjm4h3h9+mPf3FTx/xGHDpVQsSogYQnUU3IxYGbi7tHuVTAwy lKyA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@brauner.io header.s=google header.b=G+yofZ6M; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b15si4776152pge.349.2019.03.30.10.12.55; Sat, 30 Mar 2019 10:13:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@brauner.io header.s=google header.b=G+yofZ6M; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730652AbfC3RMU (ORCPT + 99 others); Sat, 30 Mar 2019 13:12:20 -0400 Received: from mail-ed1-f68.google.com ([209.85.208.68]:43683 "EHLO mail-ed1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730477AbfC3RMU (ORCPT ); Sat, 30 Mar 2019 13:12:20 -0400 Received: by mail-ed1-f68.google.com with SMTP id d26so4622288ede.10 for ; Sat, 30 Mar 2019 10:12:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brauner.io; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=zC8Nl9G6/l5MMFOXorxDKy0jA9yGChzBjLvNeElBA7o=; b=G+yofZ6M4v5SaeLy/9xv1r+7DYHVR32oTFlPrWToYcUx+oQhgkI9/JnLaDzXJxgLrL v+dlBaFETZlGkMKEXQ4vif/yNh0uwn/lU4BWZGhUlQ+Og71Y0UpZYs0mbA8anLytC9Ib q0Cm2GPUWSlz8DjoeF3v/EXOsJm68KHIKHLvDN3LHx5P99mcURoj8boGD7evpBJDm+Ic QbBk+88dxc9mwiU2cqniD6N7/10O2JTTXRcKaSLFp4lBTRNTZ3bVmV4jQLZa04Y1gALF vNZ8ey9b+xGfv8ce6Y79oLxv6dd6QMMcaWs1yrilAKEzmukv5FRg9NKXyaWb50YugdjA X9Gg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=zC8Nl9G6/l5MMFOXorxDKy0jA9yGChzBjLvNeElBA7o=; b=jrwvS9u7r+D3WFNmm9KneE8OD2MmrzzjaApgLy5x2fqYLg7nXjWa0KZZyxUIu+MdXq o+Bg1CLJpTKED/xiOlYnp10lceBrcRpIhBnWA65s6NPO2XskkSTmdJkSMQdsakF7TBlk baPumOq2XUhu27UOnz07kYC6xTXVtCYyNwK52cHYr+X1Te3M4UE+FaGnbRGYhAu5iuql UN1H8Bf6rAxjI8wX+l/rSCqPhSLKW6lrBW//9C5GZ4Q/h7QSev/7Wst9HxO3tm7wY8vn hfCH8AQRjMPtddv5bnbA7uis3yKCt2N9D8ioWYkIyZiouSGj4A5Ry6uOWFc0+syZ1+pk 7/eA== X-Gm-Message-State: APjAAAUC2P/LWT2Iun965iRBtga2x8Hye7EMrb/Q6QLzzOc8VBc2p0ui exwTMC/XpCw2zHivzumAZwjzmQ== X-Received: by 2002:a50:8854:: with SMTP id c20mr36027528edc.167.1553965938416; Sat, 30 Mar 2019 10:12:18 -0700 (PDT) Received: from brauner.io ([2a02:8109:b6bf:d24a:b136:35b0:7c8c:280a]) by smtp.gmail.com with ESMTPSA id f13sm1657765eda.38.2019.03.30.10.12.16 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Sat, 30 Mar 2019 10:12:17 -0700 (PDT) Date: Sat, 30 Mar 2019 18:12:16 +0100 From: Christian Brauner To: Linus Torvalds Cc: Daniel Colascione , Jann Horn , Andrew Lutomirski , David Howells , "Serge E. Hallyn" , Linux API , Linux List Kernel Mailing , Arnd Bergmann , "Eric W. Biederman" , Konstantin Khlebnikov , Kees Cook , Alexey Dobriyan , Thomas Gleixner , Michael Kerrisk-manpages , Jonathan Kowalski , "Dmitry V. Levin" , Andrew Morton , Oleg Nesterov , Nagarathnam Muthusamy , Aleksa Sarai , Al Viro , Joel Fernandes Subject: Re: [PATCH v2 0/5] pid: add pidfd_open() Message-ID: <20190330171215.3yrfxwodstmgzmxy@brauner.io> References: <20190329155425.26059-1-christian@brauner.io> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20180716 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Mar 30, 2019 at 10:04:33AM -0700, Linus Torvalds wrote: > On Sat, Mar 30, 2019 at 9:34 AM Daniel Colascione wrote: > > > > Just to be clear, I'm not proposing granting secret access to procfs, > > and as far as I can see, nobody else is either. We've been talking > > about making it easier to avoid races when you happen to want a pidfd > > and a procfs fd that point to the same process > > So I thought that was the whole point of just opening /proc/. > Exactly because that way you can then use openat() from there on. To clarify, what the Android guys really wanted to be part of the api is a way to get race-free access to metadata associated with a given pidfd. And the idea was that *if and only if procfs is mounted* you could do: int pidfd = pidfd_open(1234, 0); int procfd = open("/proc", O_RDONLY | O_CLOEXEC); int procpidfd = ioctl(pidfd, PIDFD_TO_PROCFD, procfd); and then we internally verify that the struct pid that the pidfd is refering to, is still the same as the one that /proc/ is refering to and only then do we return an fd for the process /proc/ directory which would then allow you to do, e.g.: int statusfd = openat(procpidfd, "status", O_RDONLY | O_CLOEXEC); this would provide race-free access to metadat but again, only if /proc is mounted and available to the user. But if that's an instant NAK we will definitely *not* do this.