Received: by 2002:a05:6359:6284:b0:131:369:b2a3 with SMTP id se4csp2809484rwb; Mon, 7 Aug 2023 04:03:34 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHChUhg4pVNH+PW+/oZyZ/vdHcZ6GiVT5t6OUMMJ+BCDu9wXqTmmo+z2HJ2vPHutZPIOAAj X-Received: by 2002:aa7:d58b:0:b0:523:3889:542a with SMTP id r11-20020aa7d58b000000b005233889542amr1696405edq.34.1691406214229; Mon, 07 Aug 2023 04:03:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691406214; cv=none; d=google.com; s=arc-20160816; b=VYlAxgYMrrhoJ9RlQc1MwnZQthcQGgfbcY6RfQLanKk8Jp03GOLXCmTHujRCnvEf85 XP36jFmjN9576YDrOSKH4Ji0RCQaocV93QadAeCSWQ/LUupZA+4l85pJ8t7i0wRTjVwW n0Y8k1pE/bXMcqaLbKvRWlwWCXD9Vh08gbwW87zrvzcOmvv2qSn5P0bE215eMY/KzuvD Yqn8l1arS4S3kDSXsKC2y3ZdXuHFbu/FqbRVGKtLtHcptrc58w6xMTZN0bKcCyMntI0q xPeLzv/yNlyk6HvCy5lBWCobJaXsirjiVEkWUd0LYYLMeD2OwU+C6sqiWNKaTDscrC+4 Ryxg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:subject:cc:to:from :date:references:in-reply-to:message-id:mime-version:user-agent :feedback-id:dkim-signature:dkim-signature; bh=y3DPVjkaUxmqO62aQ4XQSfaxDrnmEMdPiEBqy9V57yg=; fh=PQJi3Zz8r5xEsouWRqOFOMWkBV9CIbTZS6OA5BYZYeQ=; b=E+9d5W6AG4b0sILPvYeB6jDY2iIZ+GmyLfa1SVvrgz24KPwA9WtCrUGytiXFmQ/NEm QFNDWElipHFv81V7K8dOBv2DaeTjyDK2xEOaGLbcq5UG3iFczldUkdciKbIRJD8IWaaD 0Ziwkcj5Ucuh93OkBqRhbAOnBgd8itA6LY4sk4AdbffIQO4ZL7dXDq6M4tl7hBpbste5 hen4hR8iIUgt1fZEInYLI2NXYYXvbktvLrSXtHYFLrgPfEroZ8JMa6ZNa0F3KjASHFbm qdM85meeo6vjf685w87abLdfBuR2zWnYoY2T3ZbNSrfwyM+OFGph0vdJBLWnmbFPGxtv cD7A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@readahead.eu header.s=fm3 header.b=IxYbbtvo; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=ysGGkc2T; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id v24-20020aa7d818000000b005232d28e4fbsi2865038edq.583.2023.08.07.04.03.05; Mon, 07 Aug 2023 04:03:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@readahead.eu header.s=fm3 header.b=IxYbbtvo; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=ysGGkc2T; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231334AbjHGJMi (ORCPT + 99 others); Mon, 7 Aug 2023 05:12:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49370 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231331AbjHGJMg (ORCPT ); Mon, 7 Aug 2023 05:12:36 -0400 Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 75674E6C for ; Mon, 7 Aug 2023 02:12:35 -0700 (PDT) Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id AB2665C00C0; Mon, 7 Aug 2023 05:12:33 -0400 (EDT) Received: from imap50 ([10.202.2.100]) by compute6.internal (MEProxy); Mon, 07 Aug 2023 05:12:33 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=readahead.eu; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:sender:subject:subject:to:to; s=fm3; t= 1691399553; x=1691485953; bh=y3DPVjkaUxmqO62aQ4XQSfaxDrnmEMdPiEB qy9V57yg=; b=IxYbbtvo/JaymIlnXE7lQ3CiNTPRz/wOKkq6mR6l2Q+IR0aN8Y2 wfuHeFr6UmzUWtArndSqggkRMKp+y7CDcQLPVLjXG/i+Owf77OoQu+RweFTZwV2+ Irynuu+iSfkhIJbBrBvPwVFR6C0waicxUWHps/vKvQ7uiR41e5UuH5tN7lS1z4iE uT4spH7u9T950VStlfZnJAAO/TOPqLkT/3hjavsrrFIzqEh2zl97CKLFf7RE23KT 0kKE1Qs87UpWud4wy+SfeuBgUQwVupdidCZ/L2D54Qq0luwvRDM5754/+jZYuAU+ qydfu8SCpKmAmUoA2rPVAz9HEzYcpxxb9fw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:sender:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t= 1691399553; x=1691485953; bh=y3DPVjkaUxmqO62aQ4XQSfaxDrnmEMdPiEB qy9V57yg=; b=ysGGkc2TZ3T//tTg2gphUgG2pgxOYDGTCWJwQkNn8u9MTR1FkgR PVoHVIhlqXFe63RhtXO9CF+Dsx4g4upHdfqTL2VOWTYzsSULiYNOx6pBuszO9zz3 KWSX4ZPJgh+TNEF/wBpsYx8GmyXWSYtfdmBj11UKX6SNkCGxGG7ESHO4g0x+dF/a w+8xC0tEebg82Hp9GogsphdD5w3ai9oMyQy/u8exxq+H0Jnl7UdW2d4Ze6v1pu10 v93+1o74JnvsaDlFbl+FaI4Mju8OEEqn2/8kg8epZ17vDE2I3F29Cc3SFu0IASRd y51cVB1FmADh4apb/SL1/x4FVw6NQZatrLw== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedviedrledtgdduudcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefofgggkfgjfhffhffvvefutgfgsehtqhertderreejnecuhfhrohhmpedfffgr vhhiugcutfhhvghinhhssggvrhhgfdcuoegurghvihgusehrvggruggrhhgvrggurdgvuh eqnecuggftrfgrthhtvghrnhepjeeguedtueeftdejffdvgffhvddvteetjeeftdeiffek udffieehieejhedvkeetnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrg hilhhfrhhomhepuggrvhhiugesrhgvrggurghhvggrugdrvghu X-ME-Proxy: Feedback-ID: id2994666:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id 0E0BF1700089; Mon, 7 Aug 2023 05:12:33 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.9.0-alpha0-624-g7714e4406d-fm-20230801.001-g7714e440 Mime-Version: 1.0 Message-Id: <24357f20-4354-4b44-b3f7-4cb29dcfb8b4@app.fastmail.com> In-Reply-To: References: <20230807085203.819772-1-david@readahead.eu> Date: Mon, 07 Aug 2023 11:12:11 +0200 From: "David Rheinsberg" To: "Alexander Mikhalitsyn" Cc: linux-kernel@vger.kernel.org, "Christian Brauner" , "Jan Kara" , "Kees Cook" , "Luca Boccassi" Subject: Re: [PATCH] pid: allow pidfds for reaped tasks Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi On Mon, Aug 7, 2023, at 11:01 AM, Alexander Mikhalitsyn wrote: > On Mon, Aug 7, 2023 at 10:52=E2=80=AFAM David Rheinsberg wrote: [...] >> int pidfd_prepare(struct pid *pid, unsigned int flags, struct file *= *ret) >> { >> - if (!pid || !pid_has_task(pid, PIDTYPE_TGID)) >> + if (!pid) >> + return -EINVAL; >> + >> + /* >> + * Non thread-group leaders cannot have pidfds, but we allow = them for >> + * reaped thread-group leaders. >> + */ >> + if (pid_has_task(pid, PIDTYPE_PID) && !pid_has_task(pid, PIDT= YPE_TGID)) >> return -EINVAL; > > Hi David! > > As far as I understand, __unhash_process is always called with a > tasklist_lock held for writing. > Don't we need to take tasklist_lock for reading here to guarantee > consistency between > pid_has_task(pid, PIDTYPE_PID) and pid_has_task(pid, PIDTYPE_TGID) > return values? You mean PIDTYPE_TGID being cleared before PIDTYPE_PID (at least from th= e perspective of the unlocked reader)? I don't think it is a compatibili= ty issue, because the same issue existed before the patch. But it might = indeed be required to avoid spurious EINVAL _while_ the target process i= s reaped. It would be unfortunate if we need that. Because it is really not requir= ed for AF_UNIX or fanotify (they guarantee that they always deal with TG= IDs). So maybe the correct call is to just drop pidfd_prepare() and alwa= ys use __pidfd_prepare()? So far the safety-measures of pidfd_prepare() = introduced two races I already mentioned in the commit-message. So maybe= it is just better to document that the caller of __pidfd_prepare() need= s to ensure the source is/was a TGID? Thanks David