Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp665506yba; Thu, 16 May 2019 07:07:53 -0700 (PDT) X-Google-Smtp-Source: APXvYqz1FxrMhAmjtdrN8S8xCPrZNoUrIGERHnz98bHcW+KfoRjjAmmf+IAh32E0BNK8LCR5HiLF X-Received: by 2002:a63:6988:: with SMTP id e130mr51123643pgc.150.1558015673036; Thu, 16 May 2019 07:07:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1558015673; cv=none; d=google.com; s=arc-20160816; b=iuCwvufWbeM1dCUCiCif3EytZ4QvjZDx9LNDB2BB0pDBQfbyuFtNeJaNFhbPmZ01Yo 6Xkq5hI65pI9QPugJrfhlw95g4lKzz9NcDUGNLjg9lctlDqxGmZ6L5cE1SgvSypLG4eb EWJQmCq0LH13Fqvu5lidx7wry9rdw81J7l4SmmXw4SfUt944ohO1EDLDX9usK8dJp+xL oESgTmFBXmfCMt/frH5curaXHdWrt3iVlquaSDBWsvHQu7GyEX5/gCgFsoaRb9H/LA/x Qu3MgLIwrRvd/BeeQu49sNezBBGkw0c80CpGBCLUfN/PnCFdh4mx2H5VFfPh63zApipp 4S4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=ucVxbOUWrZZfDk/EU6PatKkf44/FaoRbkOnctoq4RZ0=; b=KrYd59Uvfhh7TEHX79SIHS9dCEHsHIBAi1XdNsRGNUgXCMSsMFPuLhWDKBV1ncuBZY a+7ZCj+Tn9++dKqBRqnwVRtan3q0GwNKzC2k0NeIXmb9ssjsh7CGgSfCz1bsmk+tSo9f 5teFUmzIe/1JaC2o7W8bxR/nUnSvNEzrHINatG6T1bk/8aw0DkliDnoRcJ7QmFwRbyqD d2uxGro3V/c10Q1+5lm0HjXe3oIBrNRxB33eV2hhdiH+I8c3eCBLOn7QNCfuaOfvx1lJ AA7O/iHUc9lkKygfIQu6rVAU9lZWu4H4hSvjs23AQ+Y93WS8WVxv0we3cwTHJ0mrAOtu 1mSw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=gfpj8t04; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c21si5225034pgg.549.2019.05.16.07.07.17; Thu, 16 May 2019 07:07:53 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=gfpj8t04; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727593AbfEPOD4 (ORCPT + 99 others); Thu, 16 May 2019 10:03:56 -0400 Received: from mail-ot1-f66.google.com ([209.85.210.66]:43019 "EHLO mail-ot1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727448AbfEPODy (ORCPT ); Thu, 16 May 2019 10:03:54 -0400 Received: by mail-ot1-f66.google.com with SMTP id i8so3485506oth.10 for ; Thu, 16 May 2019 07:03:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ucVxbOUWrZZfDk/EU6PatKkf44/FaoRbkOnctoq4RZ0=; b=gfpj8t048K9YVTN68kQxa+FHJsU/2ANQn9m7IrGbqPQ/o0kHghHsG/uJc4zd0VpsFW tt+lyUarxKBI29oVO1Q7sF6b60g/Y4zexIgF4+6YB95Zr7oBm41HjsNb+60bflVmIM/a UKZ8eN6pNZNVROnG/kopqrr9ADEgcqic3lsaeqN3/9cIUca8DzVHJlNdufwkTOFf0fvt WuJWnXkH3Px0YXQ3FCfU3bP9mLp8nfVLzMr3JYliO8GXvlga8zbDUkxdoqZiZYSZv54T LbJwnBwECMCyoIPfR+yi8OKgHUx1TaxeYr/Z3Fe86n//upCOfxiL1JyMYYPQMvqWFEUj axYQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ucVxbOUWrZZfDk/EU6PatKkf44/FaoRbkOnctoq4RZ0=; b=FA0cIe4FQhQALKkbww9OFU3MHlFMg1wN0To544m2V8oM5Rl5hW+0+5ruRGLXcHu+JJ A8vC1UJ1yZilg59EY1iQQH31K1G7bohYMNKMmCUfLSarnq/fHgU4Oxh++wvQcRBZT3nT eOG5z15R5TNX5R+SiHQuyxyEF7czdl9PTwOgIZnNgFvRfxZ55AVs5RMG+JV05T7RBe9I Ae9a+gcVJlb2m0PKfFiS+9/NKbj8rYFQYX/Z7Dv59TK7QeMf8ov2Be40hY8PZkc2Afqi vhTG5rTk1AtswnpNhz9cFYA7+CjXfQ60WpIr2rJ+az6V7WEcjzVzOhS5bIo37PemaCwi C4LQ== X-Gm-Message-State: APjAAAUsGrayI5nE0DwPDEMT+Tj1Izv/LJWpa0vEITYAm0Roi7QLSyjz 6/8hDRZNJXqXrlcqqvGY8ygtiFayzdJsu6p3cwGFNA== X-Received: by 2002:a9d:6954:: with SMTP id p20mr9094093oto.337.1558015433692; Thu, 16 May 2019 07:03:53 -0700 (PDT) MIME-Version: 1.0 References: <20190515100400.3450-1-christian@brauner.io> <20190516130813.i66ujfzftbgpqhnh@brauner.io> In-Reply-To: <20190516130813.i66ujfzftbgpqhnh@brauner.io> From: Jann Horn Date: Thu, 16 May 2019 16:03:27 +0200 Message-ID: Subject: Re: [PATCH 1/2] pid: add pidfd_open() To: Christian Brauner , Daniel Colascione Cc: Oleg Nesterov , Al Viro , Linus Torvalds , linux-kernel , Arnd Bergmann , David Howells , Andrew Morton , Aleksa Sarai , "Eric W. Biederman" , Elena Reshetova , Kees Cook , Andy Lutomirski , Andy Lutomirski , Thomas Gleixner , linux-alpha@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-ia64@vger.kernel.org, linux-m68k@lists.linux-m68k.org, linux-mips@vger.kernel.org, linux-parisc@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-s390 , linux-sh@vger.kernel.org, sparclinux@vger.kernel.org, linux-xtensa@linux-xtensa.org, Linux API , linux-arch , "open list:KERNEL SELFTEST FRAMEWORK" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, May 16, 2019 at 3:08 PM Christian Brauner wrote: > On Wed, May 15, 2019 at 10:45:06AM -0700, Daniel Colascione wrote: > > On Wed, May 15, 2019 at 3:04 AM Christian Brauner wrote: > > > > > > This adds the pidfd_open() syscall. It allows a caller to retrieve pollable > > > pidfds for a process which did not get created via CLONE_PIDFD, i.e. for a > > > process that is created via traditional fork()/clone() calls that is only > > > referenced by a PID: [...] > > > +/** > > > + * pidfd_open() - Open new pid file descriptor. > > > + * > > > + * @pid: pid for which to retrieve a pidfd > > > + * @flags: flags to pass > > > + * > > > + * This creates a new pid file descriptor with the O_CLOEXEC flag set for > > > + * the process identified by @pid. Currently, the process identified by > > > + * @pid must be a thread-group leader. This restriction currently exists > > > + * for all aspects of pidfds including pidfd creation (CLONE_PIDFD cannot > > > + * be used with CLONE_THREAD) and pidfd polling (only supports thread group > > > + * leaders). > > > + * > > > + * Return: On success, a cloexec pidfd is returned. > > > + * On error, a negative errno number will be returned. > > > + */ > > > +SYSCALL_DEFINE2(pidfd_open, pid_t, pid, unsigned int, flags) > > > +{ [...] > > > + if (pid <= 0) > > > + return -EINVAL; > > > > WDYT of defining pid == 0 to mean "open myself"? > > I'm torn. It be a nice shortcut of course but pid being 0 is usually an > indicator for child processes. So unless the getpid() before > pidfd_open() is an issue I'd say let's leave it as is. If you really > want the shortcut might -1 be better? Joining the bikeshed painting club: Please don't allow either 0 or -1 as shortcut for "self". James Forshaw found an Android security bug a while back (https://bugs.chromium.org/p/project-zero/issues/detail?id=727) that passed a PID to getpidcon(), except that the PID was 0 (placeholder for oneway binder transactions), and then the service thought it was talking to itself. You could pick some other number and provide a #define for that, but I think pidfd_open(getpid(), ...) makes more sense.