From: Oleg Nesterov <oleg@redhat.com>
To: David Rheinsberg <david@readahead.eu>
Cc: Christian Brauner <brauner@kernel.org>,
linux-kernel@vger.kernel.org, Jan Kara <jack@suse.cz>,
Kees Cook <keescook@chromium.org>,
Alexander Mikhalitsyn <alexander@mihalicyn.com>,
Luca Boccassi <bluca@debian.org>
Subject: Re: [PATCH] pid: allow pidfds for reaped tasks
Date: Mon, 14 Aug 2023 15:20:39 +0200 [thread overview]
Message-ID: <20230814132039.GA17738@redhat.com> (raw)
In-Reply-To: <6feef7e0-ea72-412d-837e-34b6fdd3b869@app.fastmail.com>
On 08/14, David Rheinsberg wrote:
>
> Hi Oleg,
>
> On Fri, Aug 11, 2023, at 1:57 PM, Oleg Nesterov wrote:
> >> What code do we need to allow userspace to open a pidfd to a leader pid
> >> even if it has already been exited and reaped (without also accidently
> >> allowing to open non-lead pid pidfds)?
> >
> > I'll try to think more, but can you also explain why do we need this?
> >
> > See my another email. Can't we simply shift the pid_has_task(PIDTYPE_TGID)
> > check from pidfd_prepare() to pidfd_create() ? (and then we can kill
> > pidfd_prepare and rename __pidfd_prepare to pidfd_prepare).
>
> Yes, the easiest solution would be to use `__pidfd_prepare()` and ensure
> that the caller only ever calls this on tg-leaders. This would work just
> fine, imo. And this was my initial approach.
Great,
> I think Christian preferred an explicit assertion that ensures we do not
> accidentally hand out pidfds for non-tg-leaders. The question is thus whether
> there is an easy way to assert this even for reaped tasks?
> Or whether there is a simple way to flag a pid that was used as tg-leader?
I do not see how can we check if a detached pid was a leader pid, and I don't
think it makes sense to add a new member into struct pid...
> Or, ultimately, whether this has limited use and we should just use
> `__pidfd_prepare()`?
Well, if you confirm that sk->sk_peer_pid and scm->pid are always initialized with
task_tgid(current), I'd certainly prefer this approach unless Christian objects.
Oleg.
next prev parent reply other threads:[~2023-08-14 13:23 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-07 8:52 [PATCH] pid: allow pidfds for reaped tasks David Rheinsberg
2023-08-07 9:01 ` Alexander Mikhalitsyn
2023-08-07 9:12 ` David Rheinsberg
2023-08-07 9:31 ` Alexander Mikhalitsyn
2023-08-07 10:07 ` Christian Brauner
2023-08-11 11:29 ` Oleg Nesterov
2023-08-11 11:40 ` Christian Brauner
2023-08-11 11:57 ` Oleg Nesterov
2023-08-14 5:13 ` David Rheinsberg
2023-08-14 13:20 ` Oleg Nesterov [this message]
2023-08-14 13:34 ` Alexander Mikhalitsyn
2023-08-14 15:11 ` Christian Brauner
2023-08-11 11:47 ` Oleg Nesterov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230814132039.GA17738@redhat.com \
--to=oleg@redhat.com \
--cc=alexander@mihalicyn.com \
--cc=bluca@debian.org \
--cc=brauner@kernel.org \
--cc=david@readahead.eu \
--cc=jack@suse.cz \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.