Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp11877744ybi; Fri, 26 Jul 2019 01:04:37 -0700 (PDT) X-Google-Smtp-Source: APXvYqwaqfOZAB7IltdCYwNSn7Zco+HUbvfwoAaeoEtaEtkif/fBHgR5UZG9yrsU38HhcKwANILn X-Received: by 2002:a17:902:be0a:: with SMTP id r10mr89756961pls.51.1564128277006; Fri, 26 Jul 2019 01:04:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564128276; cv=none; d=google.com; s=arc-20160816; b=oMrf6jONrcmOFVKCcbIAEQMkvMb87tOJFNX4AurumUQfB9B1XiUPRcEKuf0lk6SZBQ UF8iUDZ/N5/xk3LJVMGxIoLeI7Cm8xTuyNZVa4Vk6W8Ju+O/nwhAd08uOFSjcnoU3QMq qKaEg5Jnn0zeu7+mQZLNk9GOGZiO3Ka1XjOOIMwjXIccBLCxkOWDyjWa+kkBPYCnXjOx +YaoBMZL9f02BH/mEgscPa9HbLxiCNM2Nos6ZQGJ0kzE54n4EwJ5bwWLhyMvo4f5jyo7 Qt1BvQSjTEr/ae/OrysjaWsAh+s6zhVbMzbnV+3/RIgapttlfy92oEgCCt2LHMhZQnMP J2xA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=ZB8dfk0+fR1uXGnwfzqMYaZMnZMymTDsEAfbI/dGGgM=; b=PDyTqnXBdD3vewY6BQl8rJqFYLk+pC/k8660LrIlrVGkI2XiTcx8mziTH3BXj0HLbt VUCnyuvUiAxvf+IsVIBsL0Yykzd86XqEkafqpSF4VYHLLsQx+T7a9PospfFDrI/pRm9x sEQxeVG0kwnWjVetoSDk2nBzinm8coEe2fX53TzRDunXOBThW6DOjrF50buDas6ez6d7 Y7/BH7J6vAKBF/H+fw4/YDDKBxkwCXzoikgX91F9S1tp4WQoAHMgFjgvgLIETKPolTmd bRuHkUWTCVMnpkNwTfp2iR2VYlyvKtTx3eljBBiQBhfZYO1AtgwGGZ9z3mUxBTN004HR v81A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@brauner.io header.s=google header.b=Is5BWPCu; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f59si21574431plf.220.2019.07.26.01.04.21; Fri, 26 Jul 2019 01:04:36 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@brauner.io header.s=google header.b=Is5BWPCu; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726074AbfGZIBj (ORCPT + 99 others); Fri, 26 Jul 2019 04:01:39 -0400 Received: from mail-wr1-f67.google.com ([209.85.221.67]:36057 "EHLO mail-wr1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725815AbfGZIBj (ORCPT ); Fri, 26 Jul 2019 04:01:39 -0400 Received: by mail-wr1-f67.google.com with SMTP id n4so53460239wrs.3 for ; Fri, 26 Jul 2019 01:01:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brauner.io; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=ZB8dfk0+fR1uXGnwfzqMYaZMnZMymTDsEAfbI/dGGgM=; b=Is5BWPCunQpjy7PvPMsrepFEaIGGTLAgm+Qb7dy7rLrzpOI/1YYXPHC9DF2tVSZlAu 5MEh2PX9qkakBs66dvrzdjb5uiN83FVXp4OI12kzBTGOrsXmtRFJQIpzZ1qVRdUXz65m P9nqoM8Zyekr4Zn2+AhWU9HR67IJt6MevwL0ATW7qFumMQUHzmJG9jDhFVtOOyKjbc1L 1b3q/ok8kDo7rSQlCzbPmb/OhgQOvXhDZTLSMJ0ViyjUMtGTY4JAanmwVsYojCGSK+bR 2+QKmflufD08AKH8HOvIM3Jbe7pMKykUqxyioUpf/UgJNx5vZtG5Sk0ljUj8u2DWyU8c zoyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=ZB8dfk0+fR1uXGnwfzqMYaZMnZMymTDsEAfbI/dGGgM=; b=aphwGhaHS4gF+VT8w6wDrsEz08tGd/twNHUtB9uGEKPLfnwE8d9WADrJNvtuGzrHGy oiJYOFOkcMqmDuxOwciYXICUOs5Sr0iGoMzNFOqVTFyp0nFider7V2ZDduD6eM5ogS7E Zzgn/SvUQICSMCk3M2B/g+eC4VF2fAPsPZJNbFQNXDV9iQiaqlq5sbOuA4Clow81vxcW 1iXaoQgx9XLM5TOVExuLr/cDJpjgxpgZa9igw8IJZU/2d40KS/b0JyvLMc85v5wR0DrP /2nB4DxK6MWzwYf9cUt4fZcaef1pPamt5TfVQDOIN6pJztEPubD7uedgU/DA6L0PkiPi Pntw== X-Gm-Message-State: APjAAAWk9Zl3MjxSub0UWIF75qolUk3yLehvOsZTXr5qhr44xX9Abkvm Q0eUi4Wej2p9pqDRgIYobtY= X-Received: by 2002:adf:dcc6:: with SMTP id x6mr71091327wrm.322.1564128096151; Fri, 26 Jul 2019 01:01:36 -0700 (PDT) Received: from brauner.io ([213.220.153.21]) by smtp.gmail.com with ESMTPSA id s15sm32108777wrw.21.2019.07.26.01.01.35 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Fri, 26 Jul 2019 01:01:35 -0700 (PDT) Date: Fri, 26 Jul 2019 10:01:34 +0200 From: Christian Brauner To: "Eric W. Biederman" Cc: Linus Torvalds , Linux List Kernel Mailing , Oleg Nesterov , Arnd Bergmann , Kees Cook , Joel Fernandes , Thomas Gleixner , Tejun Heo , David Howells , Jann Horn , Andrew Lutomirski , Andrew Morton , Aleksa Sarai , Al Viro , Android Kernel Team Subject: Re: [RFC][PATCH 1/5] exit: kill struct waitid_info Message-ID: <20190726080133.yrxsaaxasxudyjj4@brauner.io> References: <20190724144651.28272-1-christian@brauner.io> <20190724144651.28272-2-christian@brauner.io> <87zhl2wabp.fsf@xmission.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <87zhl2wabp.fsf@xmission.com> User-Agent: NeoMutt/20180716 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jul 25, 2019 at 07:46:50AM -0500, Eric W. Biederman wrote: > Linus Torvalds writes: > > > On Wed, Jul 24, 2019 at 7:47 AM Christian Brauner wrote: > >> > >> The code here uses a struct waitid_info to catch basic information about > >> process exit including the pid, uid, status, and signal that caused the > >> process to exit. This information is then stuffed into a struct siginfo > >> for the waitid() syscall. That seems like an odd thing to do. We can > >> just pass down a siginfo_t struct directly which let's us cleanup and > >> simplify the whole code quite a bit. > > > > Ack. Except I'd like the commit message to explain where this comes > > from instead of that "That seems like an odd thing to do". > > > > The _original_ reason for "struct waitid_info" was that "siginfo_t" is > > huge because of all the insane padding that various architectures do. > > > > So it was introduced by commit 67d7ddded322 ("waitid(2): leave copyout > > of siginfo to syscall itself") very much to avoid stack usage issues. > > And I quote: > > > > collect the information needed for siginfo into > > a small structure (waitid_info) > > > > simply because "sigset_t" was big. > > > > But that size came from the explicit "pad it out to 128 bytes for > > future expansion that will never happen", and the kernel using the > > same exact sigset_t that was exposed to user space. > > > > Then in commit 4ce5f9c9e754 ("signal: Use a smaller struct siginfo in > > the kernel") we got rid of the insane padding for in-kernel use, > > exactly because it causes issues like this. > > > > End result: that "struct waitid_info" no longer makes sense. It's not > > appreciably smaller than kernel_siginfo_t is today, but it made sense > > at the time. > > Apologies. I meant to reply yesterday but I was preempted by baby > issues. > > I strongly disagree that this direction makes sense. The largest > value that I see from struct waitid_info is that it makes it possible to > reason about which values are returned where struct kernel_siginfo does > not. > > One of the details the existence of struct waitid_info makes clear is > that unlike the related child death path the wait code does not > fillin si_utime and si_stime. Which is very important to know when you > are dealing with y2038 issues and Arnd Bergmann is. > > The most egregious example I know of using siginfo wrong is: > 70f1b0d34bdf ("signal/usb: Replace kill_pid_info_as_cred with > kill_pid_usb_asyncio"). But just by moving struct siginfo out of the > program logic and into dedicated little functions that just deal with > the craziness of struct siginfo I have found lots of little bugs. > > We don't need that kind of invitation to bugs in the wait logic. I don't think it's a strong enough argument for rejecting this change. Suspecting that something might go wrong if we simplify something is a valid call to proceed with caution and be on the lookout for potential regressions so we can react fast. I respect that. But it's not necessarily a good argument to reject a change. I'm happy to switch from an initializer (which is not even clear is a bug) to using clear_siginfo(). And I'm also going to split this patch out of the P_PIDFD patch but I'm going to send this out again. I haven't heard a sound argument why this patch is worse than what we have right now in there. Christian