Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp5584400pxb; Mon, 14 Feb 2022 02:40:00 -0800 (PST) X-Google-Smtp-Source: ABdhPJwiDZIHtb8zErMU81U+NwkjQLvBUFWWzQTnigZQXQ5j2RFWZAmR8Idfmi+q+/+BPwV2dvzr X-Received: by 2002:a17:90a:ca93:: with SMTP id y19mr14038453pjt.108.1644835200375; Mon, 14 Feb 2022 02:40:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1644835200; cv=none; d=google.com; s=arc-20160816; b=Jdxi5r8TxoHVYis8kdv1eMEfALrlYXsYVIC7ydAnBX+9iOl0y4Hl2jX+YemfoY/HAw XypiwyDGtfdkTLYzuXrRIhCp3BEgN+MOhK6oAQ9yKLIGPipGr5YwQhCPtGUDNmUU+ax6 FhCYy1pReF7u99H6LN+M3Gc9fGufLe1qq7YQ3lJaxAHFhXoHkYCScH1q6PGUdkae085t 42bEPsyPPK5PmLClaHjHmeMx9WAphVjJEWyuTdvlelR/WYxJXO2tX5vv/2497wJ30ANi wbZ4HLSuT4DhiPwTq0TyAqbn/mGQ3nbHd+yc7ozUVvMO1evZMPOfwyQ031OSQ/Qe/Hzd DtNQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=vgng9ZiKQdF8pdqjbIRgBSO4p4YSNKm9WGCq9fS3jJ4=; b=wBAhm0wWY/oXKRiY5WLNzyqVUTkwI+3ZmTF2JhY3uK08/IFP54bkek6a/qixm8KyRz o1P1w54SMwW2mxOBD/8UK7sVOrJGio92ocS7QefXc4jigaSEBf6DJ0P/HLhxc+4jJXDN +dLkkADQs0cQlQ923bk/8nCOeod/e6RvPYa//1Mqtu9H6pfQsgRO29El6d0YqW3DAt+k 45DhDjmWGPyhxld2WtA5AGYhO7HlG5EP/V+bHOahunA6OYdae/89hEUsbh3CFw6IJUM8 V37e+vkpKfSIujn82V0bDWuUqGgF8sdQs50hlLb5NZa/9Sjd1hvf8mAQ0U6uV1QpaKAQ TjuA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Yd5zIkOM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id o18si11923877pll.372.2022.02.14.02.39.46; Mon, 14 Feb 2022 02:40:00 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Yd5zIkOM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234538AbiBMIw3 (ORCPT + 99 others); Sun, 13 Feb 2022 03:52:29 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:56434 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230153AbiBMIw2 (ORCPT ); Sun, 13 Feb 2022 03:52:28 -0500 Received: from sin.source.kernel.org (sin.source.kernel.org [IPv6:2604:1380:40e1:4800::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DDC851132; Sun, 13 Feb 2022 00:52:23 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sin.source.kernel.org (Postfix) with ESMTPS id BFA25CE0A56; Sun, 13 Feb 2022 08:52:21 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A32E2C004E1; Sun, 13 Feb 2022 08:52:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1644742339; bh=B/EBfaegPNI+dBkInnAmuSfvhqk9AvrQYIlPmH2+oYg=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Yd5zIkOM1+5Td2FmpGTYaf5RyVUT+Xe3TPCoH/trZBr9TcLCJtfF0zqcZYV4pEk63 N51+cDMMr79fbYmAdGtaGmKdp29usUysCzdiWRH49bchaYX578GJ7IQySwKDSwyY0e XmclR3U19tqGoDQhH3f24zxgxA4c/E7eYxasYVT9sbJG0/1yHi8gbq8Ynucv84jE0F NaIBBYoR6wYOgnjuMvrJBWxubyYMj80PuHDbgtF26fvslB3ClRUoSSMqqGSYIY3nfy VwITjsMYj109w5e+PsaiJvqnMeqNGE73Trgmr8j8AY9ORb6GXgHcFDnKWF09JE6uIA 5m7G0Qt4g3RYQ== Date: Sun, 13 Feb 2022 09:52:12 +0100 From: Christian Brauner To: Andy Lutomirski Cc: Robert =?utf-8?B?xZp3acSZY2tp?= , Kees Cook , "Eric W. Biederman" , Jann Horn , Will Drewry , linux-api@vger.kernel.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [RFC] Get siginfo from unreaped task Message-ID: <20220213085212.cwzuqlrabpgbnbac@wittgenstein> References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Spam-Status: No, score=-7.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Feb 12, 2022 at 06:32:08PM -0800, Andy Lutomirski wrote: > > > On Feb 12, 2022, at 3:24 AM, Robert Święcki wrote: > > > > sob., 12 lut 2022 o 05:28 Kees Cook napisał(a): > >> > >> Make siginfo available through PTRACE_GETSIGINFO after process death, > >> without needing to have already used PTRACE_ATTACH. Uses 48 more bytes > >> in task_struct, though I bet there might be somewhere else we could > >> stash a copy of it? > > > > An alternative way of accessing this info could be abusing the > > waitid() interface, with some additional, custom to Linux, flag > > > > waitid(P_ALL, 0, &si, __WCHILDSIGINFO); > > > > which would change what is put into si. > > > > But maybe ptrace() is better, because it's mostly incompatible with > > other OSes anyway on the behavior/flag level, while waitd() seems to > > be POSIX/BSD standard, even if Linux specifies some additional flags. > > > > > > I had a kind of opposite thought, which is that it would be very nice > to be able to get all the waitid() data without reaping a process or > even necessarily being its parent. Maybe these can be combined? A > new waitid() option like you’re suggesting could add siginfo (and > might need permissions). And we could have a different waitid() flag > that says “maybe not my child, don’t reap” (and also needs > permissions). > > Although the “don’t reap” thing is fundamentally racy. What a sane > process manager actually wants is an interface to read all this info > from a pidfd, which means it all needs to get stuck in struct pid. And /me briefly pops out from vacation Agreed and not just siginfo I would expect(?). We already came to that conclusion when we first introduced them. > task_struct needs a completion or wait queue so you can actually wait > for a pidfd to exit (unless someone already did this — I had patches a > while back). And this would be awesome. Currently, you can wait for a pidfd to exit via polling and you can use a pidfd to pass it to waitid(P_PIDFD, pidfd, ...). /me pops back into vacation