Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp3569948ybz; Mon, 27 Apr 2020 18:48:23 -0700 (PDT) X-Google-Smtp-Source: APiQypIqMyNUNVIhiWQ1EXHmQP8FLbHcjp8Pwlfcei0/3GtJlu/UT9ftg+phipEGxN5BdXklqly4 X-Received: by 2002:a50:cf4d:: with SMTP id d13mr21571497edk.175.1588038503619; Mon, 27 Apr 2020 18:48:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1588038503; cv=none; d=google.com; s=arc-20160816; b=mImS8lDgEa5fqmSaSNycXVscPOvx8kaz03PJEYRP9PNKtQ5WhSQU2LrkLpeH6qSull FMRG7sv/IpYHUuAQfYyDJDDYQv7PILZjunvJR/HY7b1BrpQfaNOulHmXwXu/5iiPLSAH C2BBSZjdNLmx63GJX7jPKl791Zrkj+u9/+KXmg5zaZjgu2oJq+m/m8QheOj0PGK9Dnoz sZzcmWRs2WBTK7blYkoTCmQDDgKHR9ZER+lvRzYUruAxTDCE18X6891JIABU7hY+JDow ecR6LbVcesBS3lCqdC4a3sY03ZUundYXxrUSSzJwdJgxVF3b2pYBuqrv+YJmNZVLQr0F S0Jg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=6dLKuml1l37VsUNUL7W3+8Plw3oZZU13zk85vygbzVU=; b=JDVdMiYvCxZpCgsWMyOk4NL6yPeSd1gOLa9rf+ngkLSff4mG1YzNg9z3z83zCkX+j1 klIdaqLL4Pungxnjrh+s4DpyG0MeCA0NO+zeGeSJxbvLhlbsiy5v2gN1F5Y8t25mTqO5 yYqTr7GSLfnT0Vk+dosk5dtwdsPhnMk599S6jCq3A39J9dBQ0Ze345r94cTx0w0b8MT2 sDjLOZSPV0guyvd6yJ6ZxBkniJDyyyHPXDuI/a8gMP7M14V1RGvrxoHqpJyHBIWIy47J Bvlec/7cC76jRKHxNiw8T2IYRkk/XtKZqHVbJ8w9cvVpUHs13e4QXnY/xa/n1p40NKH/ jaKw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=Bd+HoaOQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id cw24si830258edb.248.2020.04.27.18.47.59; Mon, 27 Apr 2020 18:48:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=Bd+HoaOQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726307AbgD1Boc (ORCPT + 99 others); Mon, 27 Apr 2020 21:44:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55278 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1726264AbgD1Bob (ORCPT ); Mon, 27 Apr 2020 21:44:31 -0400 Received: from mail-ed1-x541.google.com (mail-ed1-x541.google.com [IPv6:2a00:1450:4864:20::541]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 91C5FC03C1A8 for ; Mon, 27 Apr 2020 18:44:31 -0700 (PDT) Received: by mail-ed1-x541.google.com with SMTP id r7so15193385edo.11 for ; Mon, 27 Apr 2020 18:44:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=6dLKuml1l37VsUNUL7W3+8Plw3oZZU13zk85vygbzVU=; b=Bd+HoaOQxYuuh8Zf1OdODQuVSh84RUl4JQmlzGerUyQmf8yQo21wChRkbSt91VRbi7 rW7nVLys2SsQX2Zyf0eFgqihojc0YmFDp8m/iu9CZyEhvrn1ELZTebPjm+Ei/dLS9xRA fQg/tEt3Rd0+Q259PEVjDGKRpewOS/+lcY8FU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=6dLKuml1l37VsUNUL7W3+8Plw3oZZU13zk85vygbzVU=; b=OFEa9D0TR44hd2nxsFuPrP2BC6pvFEAzJMitRQ68VEpT8VU0yoNxRtmdn4ZGfHgK1U y3ymkmp9qclKpeIcfBKAxhLgyqKyqd5ntl5GIyi7RAb1xZE7Ym6zSmmbxGQW8fQ2sI37 d96oNJ/FQ5Io69470SvCHxgclsbXp9h6eNRYaeaqbKKQ2IKq2cp9PB7i4PD2LyEYuPkZ FxkRvZ54pRvvUYUtmPn/wO0EDWa3DumRBHibQ/N1/UxVYsmzWkgwpHUK1o2N+f83AC+C g1jVRuzgDPUr5I484Sv3n77RGc7Z0WBhYY11OrIp6LSV7vs6hrzHwJBsK8//eCHAjKRs 76SA== X-Gm-Message-State: AGi0PuZ0vhGhhjQ+0BD7teCE/r9JdIWHJSQEqKeNw2LVml4vMv2adkWe gjvi0DP/9zYzaqw0STHkGd2U9HTCkJk= X-Received: by 2002:a50:9b53:: with SMTP id a19mr21482394edj.104.1588038269964; Mon, 27 Apr 2020 18:44:29 -0700 (PDT) Received: from mail-ed1-f42.google.com (mail-ed1-f42.google.com. [209.85.208.42]) by smtp.gmail.com with ESMTPSA id a15sm134933eds.50.2020.04.27.18.44.29 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 27 Apr 2020 18:44:29 -0700 (PDT) Received: by mail-ed1-f42.google.com with SMTP id a8so15219881edv.2 for ; Mon, 27 Apr 2020 18:44:29 -0700 (PDT) X-Received: by 2002:a05:6512:14a:: with SMTP id m10mr17156490lfo.152.1588037812064; Mon, 27 Apr 2020 18:36:52 -0700 (PDT) MIME-Version: 1.0 References: <20200426130100.306246-1-hagen@jauu.net> <20200426163430.22743-1-hagen@jauu.net> <20200427170826.mdklazcrn4xaeafm@wittgenstein> <87zhawdc6w.fsf@x220.int.ebiederm.org> <20200427185929.GA1768@laniakea> <20200427201303.tbiipopeapxofn6h@wittgenstein> <20200428004546.mlpwixgms2ekpfdm@yavin.dot.cyphar.com> In-Reply-To: <20200428004546.mlpwixgms2ekpfdm@yavin.dot.cyphar.com> From: Linus Torvalds Date: Mon, 27 Apr 2020 18:36:36 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [RFC v2] ptrace, pidfd: add pidfd_ptrace syscall To: Aleksa Sarai Cc: Christian Brauner , Arnd Bergmann , Hagen Paul Pfeifer , "Eric W. Biederman" , Jann Horn , kernel list , Florian Weimer , Al Viro , Christian Brauner , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , Brian Gerst , Sami Tolvanen , David Howells , Andy Lutomirski , Oleg Nesterov , Arnaldo Carvalho de Melo , Sargun Dhillon , Linux API , linux-arch , Greg Kroah-Hartman Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Apr 27, 2020 at 5:46 PM Aleksa Sarai wrote: > > I agree. It would be a shame to add a new ptrace syscall and not take > the opportunity to fix the multitude of problems with the existing API. > But that's a Pandora's box which we shouldn't open unless we want to > wait a long time to get an API everyone is okay with -- a pretty high > price to just get pidfds support in ptrace. We should really be very very careful with some "smarter ptrace". We've had _so_ many security issues with ptrace that it's not even funny. And that's ignoring all the practical issues we've had. I would definitely not want to have anything that looks like ptrace AT ALL using pidfd. If we have a file descriptor to specify the target process, then we should probably take advantage of that file descriptor to actually make it more of a asynchronous interface that doesn't cause the kinds of deadlocks that we've had with ptrace. The synchronous nature of ptrace() means that not only do we have those nasty deadlocks, it's also very very expensive to use. It also has some other fundamental problems, like the whole "take over parent" and the SIGCHLD behavior. It also is hard to ptrace a ptracer. Which is annoying when you're debugging gdb or strace or whatever. So I think the thing to do is ask the gdb (and strace) people if they have any _very_ particular painpoints that we could perhaps help with. And then very carefully think things through and not repeat all the mistakes ptrace did. I'm not very optimistic. Linus