From: Oleg Nesterov <oleg@redhat.com>
To: Christian Brauner <brauner@kernel.org>
Cc: linux-fsdevel@vger.kernel.org, Jeff Layton <jlayton@kernel.org>,
Lennart Poettering <lennart@poettering.net>,
Daan De Meyer <daan.j.demeyer@gmail.com>,
Mike Yuan <me@yhndnzj.com>
Subject: Re: [PATCH v2 06/15] pidfs: allow to retrieve exit information
Date: Tue, 4 Mar 2025 22:47:11 +0100 [thread overview]
Message-ID: <20250304214710.GF5756@redhat.com> (raw)
In-Reply-To: <20250304-wochen-gutgesinnt-53c0765c5e81@brauner>
On 03/04, Christian Brauner wrote:
>
> On Tue, Mar 04, 2025 at 06:34:56PM +0100, Oleg Nesterov wrote:
> > On 03/04, Christian Brauner wrote:
> > >
> > > + task = get_pid_task(pid, PIDTYPE_PID);
> > > + if (!task) {
> > > + if (!(mask & PIDFD_INFO_EXIT))
> > > + return -ESRCH;
> > > +
> > > + if (!current_in_pidns(pid))
> > > + return -ESRCH;
> >
> > Damn ;) could you explain the current_in_pidns() check to me ?
> > I am puzzled...
>
> So we currently restrict interactions with pidfd by pid namespace
> hierarchy. Meaning that we ensure that the pidfd is part of the caller's
> pid namespace hierarchy.
Well this is clear... but sorry I still can't understand.
Why do we check current_in_pidns() only if get_pid_task(PIDTYPE_PID)
returns NULL?
And, unless (quite possibly) I am totally confused, if task != NULL
but current_in_pidns() would return false, then
kinfo.pid = task_pid_vnr(task);
below will set kinfo.pid = 0, and pidfd_info() will return -ESRCH anyway?
> So this check is similar to:
>
> pid_t pid_nr_ns(struct pid *pid, struct pid_namespace *ns)
> {
> struct upid *upid;
> pid_t nr = 0;
>
> if (pid && ns->level <= pid->level) {
> upid = &pid->numbers[ns->level];
> if (upid->ns == ns)
> nr = upid->nr;
> }
> return nr;
> }
>
> Only that by the time we perform this check the pid numbers have already
> been freed so we can't use that function directly.
Confused again... Yes, the [u]pid numbers can be already "freed" in that
upid->nr can be already idr_remove()'ed, but
> But the pid namespace
> hierarchy is still alive as that won't be released until the pidfd has
> put the reference on struct @pid.
Yes, so I still don't undestand, sorry :/
IOW. Why not check current_in_pidns() at the start? and do
task = get_pid_task() later, right before
if (!task)
goto copy_out;
?
Oleg.
next prev parent reply other threads:[~2025-03-04 21:47 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-04 9:41 [PATCH v2 00/15] pidfs: provide information after task has been reaped Christian Brauner
2025-03-04 9:41 ` [PATCH v2 01/15] pidfs: switch to copy_struct_to_user() Christian Brauner
2025-03-04 12:42 ` Jeff Layton
2025-03-04 9:41 ` [PATCH v2 02/15] pidfd: rely on automatic cleanup in __pidfd_prepare() Christian Brauner
2025-03-04 12:44 ` Jeff Layton
2025-03-04 9:41 ` [PATCH v2 03/15] pidfs: move setting flags into pidfs_alloc_file() Christian Brauner
2025-03-04 12:53 ` Jeff Layton
2025-03-04 9:41 ` [PATCH v2 04/15] pidfs: add inode allocation Christian Brauner
2025-03-04 13:06 ` Jeff Layton
2025-03-04 9:41 ` [PATCH v2 05/15] pidfs: record exit code and cgroupid at exit Christian Brauner
2025-03-04 13:05 ` Jeff Layton
2025-03-04 13:10 ` Oleg Nesterov
2025-03-04 19:10 ` Christian Brauner
2025-03-04 9:41 ` [PATCH v2 06/15] pidfs: allow to retrieve exit information Christian Brauner
2025-03-04 13:27 ` Jeff Layton
2025-03-04 17:23 ` Christian Brauner
2025-03-04 17:22 ` Oleg Nesterov
2025-03-04 20:16 ` Christian Brauner
2025-03-04 17:34 ` Oleg Nesterov
2025-03-04 20:09 ` Christian Brauner
2025-03-04 21:47 ` Oleg Nesterov [this message]
2025-03-05 8:54 ` Christian Brauner
2025-03-04 9:41 ` [PATCH v2 07/15] selftests/pidfd: fix header inclusion Christian Brauner
2025-03-04 9:41 ` [PATCH v2 08/15] pidfs/selftests: ensure correct headers for ioctl handling Christian Brauner
2025-03-04 9:41 ` [PATCH v2 09/15] selftests/pidfd: move more defines to common header Christian Brauner
2025-03-04 9:41 ` [PATCH v2 10/15] selftests/pidfd: add first PIDFD_INFO_EXIT selftest Christian Brauner
2025-03-04 9:41 ` [PATCH v2 11/15] selftests/pidfd: add second " Christian Brauner
2025-03-04 9:41 ` [PATCH v2 12/15] selftests/pidfd: add third " Christian Brauner
2025-03-04 9:41 ` [PATCH v2 13/15] selftests/pidfd: add fourth " Christian Brauner
2025-03-04 9:41 ` [PATCH v2 14/15] selftests/pidfd: add fifth " Christian Brauner
2025-03-04 9:41 ` [PATCH v2 15/15] selftests/pidfd: add sixth " Christian Brauner
2025-03-04 20:18 ` [PATCH v2 17/16] selftests/pidfd: test multi-threaded exec with PPIDFD_INFO_EXIT Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250304214710.GF5756@redhat.com \
--to=oleg@redhat.com \
--cc=brauner@kernel.org \
--cc=daan.j.demeyer@gmail.com \
--cc=jlayton@kernel.org \
--cc=lennart@poettering.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=me@yhndnzj.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.