Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Date:   Sun, 13 Feb 2022 09:52:12 +0100
From:   Christian Brauner <brauner@kernel.org>
To:     Andy Lutomirski <luto@amacapital.net>
Cc:     Robert =?utf-8?B?xZp3acSZY2tp?= <robert@swiecki.net>,
        Kees Cook <keescook@chromium.org>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        Jann Horn <jannh@google.com>, Will Drewry <wad@chromium.org>,
        linux-api@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-hardening@vger.kernel.org
Subject: Re: [RFC] Get siginfo from unreaped task
Message-ID: <20220213085212.cwzuqlrabpgbnbac@wittgenstein>
References: <CAP145phC6S6Zda-ZWLH1s4ZfDPh79rtf_7vzs-yvt1vykUCP4A@mail.gmail.com>
 <CF5167CE-FA1C-4CEC-9EA8-5EE8041FE7C4@amacapital.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CF5167CE-FA1C-4CEC-9EA8-5EE8041FE7C4@amacapital.net>
Precedence: bulk

On Sat, Feb 12, 2022 at 06:32:08PM -0800, Andy Lutomirski wrote:
> 
> > On Feb 12, 2022, at 3:24 AM, Robert Święcki <robert@swiecki.net> wrote:
> > 
> > ﻿sob., 12 lut 2022 o 05:28 Kees Cook <keescook@chromium.org> napisał(a):
> >> 
> >> Make siginfo available through PTRACE_GETSIGINFO after process death,
> >> without needing to have already used PTRACE_ATTACH. Uses 48 more bytes
> >> in task_struct, though I bet there might be somewhere else we could
> >> stash a copy of it?
> > 
> > An alternative way of accessing this info could be abusing the
> > waitid() interface, with some additional, custom to Linux, flag
> > 
> > waitid(P_ALL, 0, &si, __WCHILDSIGINFO);
> > 
> > which would change what is put into si.
> > 
> > But maybe ptrace() is better, because it's mostly incompatible with
> > other OSes anyway on the behavior/flag level, while waitd() seems to
> > be POSIX/BSD standard, even if Linux specifies some additional flags.
> > 
> > 
> 
> I had a kind of opposite thought, which is that it would be very nice
> to be able to get all the waitid() data without reaping a process or
> even necessarily being its parent.  Maybe these can be combined?  A
> new waitid() option like you’re suggesting could add siginfo (and
> might need permissions).  And we could have a different waitid() flag
> that says “maybe not my child, don’t reap” (and also needs
> permissions).
> 
> Although the “don’t reap” thing is fundamentally racy. What a sane
> process manager actually wants is an interface to read all this info
> from a pidfd, which means it all needs to get stuck in struct pid. And

/me briefly pops out from vacation

Agreed and not just siginfo I would expect(?). We already came to that
conclusion when we first introduced them.

> task_struct needs a completion or wait queue so you can actually wait
> for a pidfd to exit (unless someone already did this — I had patches a
> while back).  And this would be awesome.

Currently, you can wait for a pidfd to exit via polling and you can use
a pidfd to pass it to waitid(P_PIDFD, pidfd, ...).

/me pops back into vacation