Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp622638pxk; Thu, 3 Sep 2020 08:28:48 -0700 (PDT) X-Google-Smtp-Source: ABdhPJys67cyxF/wJQvd63pyE/QhW4OaRUfBWnFab/pdHi9361/OEQ2ztkmW1Z8J/SGCVaNVcwZx X-Received: by 2002:a17:906:29ca:: with SMTP id y10mr2629153eje.327.1599146928746; Thu, 03 Sep 2020 08:28:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1599146928; cv=none; d=google.com; s=arc-20160816; b=OjXGv/MP9nnIY6kaegyMItNYp6RzuViivBlQo9AGbUl/cD6IjXB+G54G1iCFV8uXi/ WPwbbOeC266cNmz7HLQOtylpbAh2Ox4G+ut340eBfvQSFabffzd09EiWvQ1VMvsF4ngC egk39z4ErVBV6JvDA8EuhD8JotUTzNPrEXz2H3SaGvfUvP8VbCaswZ7z6cfKDOPNSDL2 2GPLymaCx4JuD6ddUjALBhnwzXo6szBPXAV5SErRZWLyiFYxr02r8HeLZOnit5+iT+j1 pV9yzBGaqePixSVlZwpEdSql0gIUiq2YIYcAzE9PxcZeSSiGsRBUCzCmg8iH11d5rQAH WhsA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=INsUlZK3MoXvCnJlQlfjcdMyp3eg2XMfNbrmrlhcupw=; b=UUMar/WxG+KNj/rOAzOZ7EN/s6jew5ICVBEuXbCnP9MRGFWNgwPGUglJG0XOaN3Lu1 9rImQOxtje7Tj68Wgt040wJaxXocCweSmVcAROtiYUTvy5zikmROVar/GvLLFSukbdfh 1ML70ukFw1E/EXYEqitKwdx0+M8/UZmVyZ/0DJTebrjsVrZroxrYu9jvN+qn6kmOsL59 ORoSsG/0a5GCHqNZQ+Ui0paaKzD22PA/MbYyJF21s9WXbRdTQyQClfXlWfLNdidVSSIR IXT0khvY9hsF2io9aUCJe8VKuQ9U0ldom9H5VXW4UKx/BJFNEVqskApab7FSutypiKeI 3yCA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y19si2213051eje.337.2020.09.03.08.28.25; Thu, 03 Sep 2020 08:28:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728612AbgICPZh (ORCPT + 99 others); Thu, 3 Sep 2020 11:25:37 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:36697 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728618AbgICPZh (ORCPT ); Thu, 3 Sep 2020 11:25:37 -0400 Received: from ip5f5af70b.dynamic.kabel-deutschland.de ([95.90.247.11] helo=wittgenstein) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1kDr7D-0000vI-Hl; Thu, 03 Sep 2020 15:25:31 +0000 Date: Thu, 3 Sep 2020 17:25:29 +0200 From: Christian Brauner To: Oleg Nesterov Cc: linux-kernel@vger.kernel.org, Christian Brauner , "Peter Zijlstra (Intel)" , Ingo Molnar , Thomas Gleixner , "Eric W. Biederman" , Kees Cook , Sargun Dhillon , Aleksa Sarai , linux-kselftest@vger.kernel.org, Josh Triplett , Jens Axboe , linux-api@vger.kernel.org Subject: Re: [PATCH v2 1/4] pidfd: support PIDFD_NONBLOCK in pidfd_open() Message-ID: <20200903152529.llgvshvvoymwealz@wittgenstein> References: <20200902102130.147672-1-christian.brauner@ubuntu.com> <20200902102130.147672-2-christian.brauner@ubuntu.com> <20200903145808.GK4386@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20200903145808.GK4386@redhat.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Sep 03, 2020 at 04:58:09PM +0200, Oleg Nesterov wrote: > Christian, off-topic question... > > On 09/02, Christian Brauner wrote: > > > > -static int pidfd_create(struct pid *pid) > > +static int pidfd_create(struct pid *pid, unsigned int flags) > > { > > int fd; > > > > fd = anon_inode_getfd("[pidfd]", &pidfd_fops, get_pid(pid), > > - O_RDWR | O_CLOEXEC); > > + flags | O_RDWR | O_CLOEXEC); > > I just noticed this comment above pidfd_create: > > * Note, that this function can only be called after the fd table has > * been unshared to avoid leaking the pidfd to the new process. > > what does it mean? > > Of course, if fd table is shared then pidfd can "leak" to another process, > but this is true for any file and sys_pidfd_open() doesn't do any check? It's the same comment we added in kernel/fork.c to make callers aware that they can leak a pidfd to another process unintentionally. Sure, this is true of any fd but since pidfds were a new type of handle and on another process at that we felt that this was important to spell out. The "can only" should've arguably been "should probably". > > > > In fact I think this helper buys nothing but adds the unnecessary get/put_pid, > we can kill it and change pidfd_open() to do > > SYSCALL_DEFINE2(pidfd_open, pid_t, pid, unsigned int, flags) > { > int fd; > struct pid *p; > > if (flags & ~PIDFD_NONBLOCK) > return -EINVAL; > > if (pid <= 0) > return -EINVAL; > > p = find_get_pid(pid); > if (!p) > return -ESRCH; > > fd = -EINVAL; > if (pid_has_task(p, PIDTYPE_TGID)) { > fd = anon_inode_getfd("[pidfd]", &pidfd_fops, pid, > flags | O_RDWR | O_CLOEXEC); > } > if (fd < 0) > put_pid(p); > return fd; > } Sure, I'd totally take a patch like that! > > but this is cosmetic and off-topic too. No, much appreciated. Good-looking code is important. :) Christian