From: Oleg Nesterov <oleg@redhat.com>
To: luca.boccassi@gmail.com
Cc: linux-kernel@vger.kernel.org, christian@brauner.io
Subject: Re: [PATCH v5] pidfd: add ioctl to retrieve pid info
Date: Sun, 6 Oct 2024 19:21:59 +0200 [thread overview]
Message-ID: <20241006172158.GA10213@redhat.com> (raw)
In-Reply-To: <20241006145727.291401-1-luca.boccassi@gmail.com>
On 10/06, luca.boccassi@gmail.com wrote:
>
> +static long pidfd_info(struct task_struct *task, unsigned int cmd, unsigned long arg)
> +{
> + struct pidfd_info __user *uinfo = (struct pidfd_info __user *)arg;
> + size_t usize = _IOC_SIZE(cmd);
> + struct pidfd_info kinfo = {};
> + struct user_namespace *user_ns;
> + const struct cred *c;
> + __u64 request_mask;
> +
> + if (!uinfo)
> + return -EINVAL;
> + if (usize < sizeof(struct pidfd_info))
> + return -EINVAL; /* First version, no smaller struct possible */
> +
> + if (copy_from_user(&request_mask, &uinfo->request_mask, sizeof(request_mask)))
> + return -EFAULT;
> +
> + c = get_task_cred(task);
> + if (!c)
> + return -ESRCH;
> +
> + /* Unconditionally return identifiers and credentials, the rest only on request */
> +
> + kinfo.pid = task_pid_vnr(task);
> + kinfo.tgid = task_tgid_vnr(task);
> + kinfo.ppid = task_ppid_nr_ns(task, task_active_pid_ns(task));
^^^^^^^^^^^^^^^^^^^^^^^^
The same problem as with "info.pid = pid_nr_ns(pid, task_active_pid_ns(task));"
you used before. You should use the caller's namespace, not the task's namespace.
kinfo.ppid = task_ppid_nr_ns(task, NULL);
should work, see __task_pid_nr_ns() which uses task_active_pid_ns(current) if
ns == NULL.
> + /*
> + * One last check before returning: the task might have exited while we
> + * were fetching all the data, so check again to be safe. */
> + if (task_pid_vnr(task) == 0)
> + return -ESRCH;
Well, this looks strange. It would be better to kill "kinfo.pid = task_pid_vnr()"
above and do
kinfo.pid = task_pid_vnr(task);
if (!kinfo.pid)
return -ESRCH;
at the end, but this is minor.
I don't think we can rely on this check.
Suppose that pidfd_info() runs on CPU_0 and it races with __unhash_process(task)
on CPU_1 which does
detach_pid(p, PIDTYPE_PID);
detach_pid(p, PIDTYPE_TGID);
Without the barries/locking CPU_0 can see the changes above out of order,
so it is possible that pidfd_info() will see task_pid_vnr(task) != 0, but
report kinfo.tgid == 0.
Oleg.
next prev parent reply other threads:[~2024-10-06 17:22 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-06 14:54 [PATCH v5] pidfd: add ioctl to retrieve pid info luca.boccassi
2024-10-06 17:21 ` Oleg Nesterov [this message]
2024-10-06 17:52 ` Luca Boccassi
2024-10-06 18:55 ` Oleg Nesterov
2024-10-06 21:33 ` Luca Boccassi
2024-10-07 12:11 ` Christian Brauner
2024-10-06 17:38 ` Oleg Nesterov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241006172158.GA10213@redhat.com \
--to=oleg@redhat.com \
--cc=christian@brauner.io \
--cc=linux-kernel@vger.kernel.org \
--cc=luca.boccassi@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.