Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp603862yba;
        Sun, 31 Mar 2019 07:53:49 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxc46H2H04fJvyTqDu/odXvkUhwwTUgtnlQNYofgzkHZt7sapAEZcDmP7t/q2mx4ZcUG7iL
X-Received: by 2002:a63:e306:: with SMTP id f6mr57314016pgh.263.1554044028916;
        Sun, 31 Mar 2019 07:53:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1554044028; cv=none;
        d=google.com; s=arc-20160816;
        b=KgIxcfnywGK3Mf2OZPZcZUSjqSn2YJA88Eqxt2pOJeUucPKGak2eWNXS8Mj/AxTUq1
         OZSUUoxQkSazVeJbsw+fUeiLNjCSb5ZP3jrGib5OmhKbvIpmWxA0UMSbzqvKVHqLp2He
         uXf1g3mcHcA1EbGLDe8iDfzCCAxPZdJdwXTlF/c0NEnzj6JyBfduLuYFo+ESLQbFkS4f
         2f40hKVEGE0MdKouKZ0e5uwwVAWjRIkYZwDb5cL1/Ytah4rOMar6f76YO94y1S8hIT4c
         wYZ3zIMLobnf0m5J+Md79GH/CiIyfKeEm86d2aopcpf3BAndJAv3nW7hOaL4lCuceza9
         1bxQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=2y7OgXdpOdTE+br0K6QafAQdwQ5xYRbe0gstaLiCTtc=;
        b=sqHUr+uKwclwJKc3eH3yucS0OgLk9HP9Q48WSKZdAfuOJYAjisu2Tu8RBXbThSty0o
         OLF58oKyrE00imp5XcCW+jLUXM8lq5zlW6k4CAbj+6OudtOCEd8aMgkPBkIvjlzJ238Q
         lv2rWbcAKcEn5Bd5WzXyhTs+F9qiMHG6IyGR7bPwXsRNt/zGa01fKV6WgBSDmmcfjEG/
         ImIIGXYq8ftGw9kiNwua+r0yjTrq/zuRswa36l00FvMAW/v51Kndo5jRVVfnqtOXDU4z
         O85vXLQ90Ij79E7VOkRnjCxWnkgEpracl1fUe+EFGCH6VR6KmzyBQmbRwKCIbmycOkyR
         k3ow==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linux-foundation.org header.s=google header.b=Zlw0KAsu;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id j133si6711841pgc.543.2019.03.31.07.53.32;
        Sun, 31 Mar 2019 07:53:48 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linux-foundation.org header.s=google header.b=Zlw0KAsu;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731259AbfCaOws (ORCPT <rfc822;lans.zhang2008@gmail.com>
        + 99 others); Sun, 31 Mar 2019 10:52:48 -0400
Received: from mail-lj1-f193.google.com ([209.85.208.193]:34909 "EHLO
        mail-lj1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1731146AbfCaOwr (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 31 Mar 2019 10:52:47 -0400
Received: by mail-lj1-f193.google.com with SMTP id t4so5824375ljc.2
        for <linux-kernel@vger.kernel.org>; Sun, 31 Mar 2019 07:52:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linux-foundation.org; s=google;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=2y7OgXdpOdTE+br0K6QafAQdwQ5xYRbe0gstaLiCTtc=;
        b=Zlw0KAsuj3qtXgQM/1AUYXYLuKAP8JZoO8b6FkXvAVEf2M57udZ/hmvhE9CsJOvtTX
         HqyMCNidoPgwjh3iUvKcMza4Fw2FVRg7dbd6tk6/8yBkRql/4fs9IV3hQkYPV5Yi4lky
         H3VjMPFwIMt1zv/CQDZHky9I0uV0EE67lNEhg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=2y7OgXdpOdTE+br0K6QafAQdwQ5xYRbe0gstaLiCTtc=;
        b=rtwBWmGHiL4VjhMyb48O4zaHiXQKbnrNmny63ihvG5Nzd3nqCPe2RqWfEpXA+oQY81
         l1sDJiiejnX/IIC+nVonTxmFH+oR21U14vuj9/vHGTrCtPWahkAXEP6wyGF8+mLYT7aF
         eFcSJBepHXr3qPQkNfjyKFQ1aNIT+xUXQg0OWpHhf7y5AnHT8Yh5wC0KpGIk8KjDh9ZY
         ZVjlyuqMlQEA1nS0SMH2KYaCGBHZ7zDL8N0px0zFRT90o083MzUIxmbHyCmnwn128SMx
         l1jtanohnLLlTtryFxXADbHIkTWTojVsWMlXU6AB+uJ2nZwa6uE7BFe2Z6rlGfYPyhN5
         XHoA==
X-Gm-Message-State: APjAAAXlvsVEKmlqrXOVQjChCsD4eR4C2P3Zmb6tZFEM+srsPM7TTTMv
        iebvNRf2vR+6y88skVtaPSrkQ9ztPUw=
X-Received: by 2002:a2e:8089:: with SMTP id i9mr31416795ljg.137.1554043965495;
        Sun, 31 Mar 2019 07:52:45 -0700 (PDT)
Received: from mail-lf1-f52.google.com (mail-lf1-f52.google.com. [209.85.167.52])
        by smtp.gmail.com with ESMTPSA id t81sm1311565lff.21.2019.03.31.07.52.44
        for <linux-kernel@vger.kernel.org>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Sun, 31 Mar 2019 07:52:45 -0700 (PDT)
Received: by mail-lf1-f52.google.com with SMTP id 10so4447994lfr.8
        for <linux-kernel@vger.kernel.org>; Sun, 31 Mar 2019 07:52:44 -0700 (PDT)
X-Received: by 2002:a19:ca02:: with SMTP id a2mr29932559lfg.88.1554043964483;
 Sun, 31 Mar 2019 07:52:44 -0700 (PDT)
MIME-Version: 1.0
References: <20190329155425.26059-1-christian@brauner.io> <CAHk-=wjq4dTPcz-qsvhpm5F42SDHCoqEWv1V=rs_kt6MC=ZThA@mail.gmail.com>
 <CAKOZueuDWWYtg9gUpUgTG2k-gVPE1KBEkstr5eP=FC2EzdmaoA@mail.gmail.com>
 <CAHk-=wjka0W1g3asQp2H=5ot=kkS-Mp+Cx6KHr0rNkGFfCOLYA@mail.gmail.com>
 <CAHk-=wi1kQDVN22qv7M=bWU+CngZZXcPAMKCsDZMeuY3k2tkyg@mail.gmail.com>
 <20190331010716.GA189578@google.com> <CAG48ez387kGbD_dLqEbZ1U9rKFbfP0EF9cMVjQT6nwc9=Y9CNw@mail.gmail.com>
 <20190331040810.GB189578@google.com> <CAG48ez2gb94SqS30Ai4+VBHhnzBp5Po9_u00nMrvUW6Wqq6hPA@mail.gmail.com>
In-Reply-To: <CAG48ez2gb94SqS30Ai4+VBHhnzBp5Po9_u00nMrvUW6Wqq6hPA@mail.gmail.com>
From:   Linus Torvalds <torvalds@linux-foundation.org>
Date:   Sun, 31 Mar 2019 07:52:28 -0700
X-Gmail-Original-Message-ID: <CAHk-=wiZ40LVjnXSi9iHLE_-ZBsWFGCgdmNiYZUXn1-V5YBg2g@mail.gmail.com>
Message-ID: <CAHk-=wiZ40LVjnXSi9iHLE_-ZBsWFGCgdmNiYZUXn1-V5YBg2g@mail.gmail.com>
Subject: Re: [PATCH v2 0/5] pid: add pidfd_open()
To:     Jann Horn <jannh@google.com>
Cc:     Joel Fernandes <joel@joelfernandes.org>,
        Daniel Colascione <dancol@google.com>,
        Christian Brauner <christian@brauner.io>,
        Andrew Lutomirski <luto@kernel.org>,
        David Howells <dhowells@redhat.com>,
        "Serge E. Hallyn" <serge@hallyn.com>,
        Linux API <linux-api@vger.kernel.org>,
        Linux List Kernel Mailing <linux-kernel@vger.kernel.org>,
        Arnd Bergmann <arnd@arndb.de>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        Konstantin Khlebnikov <khlebnikov@yandex-team.ru>,
        Kees Cook <keescook@chromium.org>,
        Alexey Dobriyan <adobriyan@gmail.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Michael Kerrisk-manpages <mtk.manpages@gmail.com>,
        Jonathan Kowalski <bl0pbl33p@gmail.com>,
        "Dmitry V. Levin" <ldv@altlinux.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        Oleg Nesterov <oleg@redhat.com>,
        Nagarathnam Muthusamy <nagarathnam.muthusamy@oracle.com>,
        Aleksa Sarai <cyphar@cyphar.com>,
        Al Viro <viro@zeniv.linux.org.uk>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sat, Mar 30, 2019 at 9:47 PM Jann Horn <jannh@google.com> wrote:
>
> Sure, given a pidfd_clone() syscall, as long as the parent of the
> process is giving you a pidfd for it and you don't have to deal with
> grandchildren created by fork() calls outside your control, that
> works.

Don't do pidfd_clone() and pidfd_wait().

Both of those existing system calls already get a "flags" argument.
Just make a WPIDFD (for waitid) and CLONE_PIDFD (for clone) bit, and
make the existing system calls just take/return a pidfd.

Side note: we could (should?) also make the default maxpid just be
larger. It needs to fit in an 'int', but MAXINT instead of 65535 would
likely alreadt make a lot of these attacks harder.

There was some really old legacy reason why we actually limited it to
65535 originally.  It was old and crufty even back when..

               Linus

              Linus