From: Christian Brauner <brauner@kernel.org>
To: Erin Shepherd <erin.shepherd@e43.eu>
Cc: Amir Goldstein <amir73il@gmail.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Jan Kara <jack@suse.cz>, Chuck Lever <chuck.lever@oracle.com>,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
Jeff Layton <jlayton@kernel.org>,
linux-nfs@vger.kernel.org
Subject: Re: [PATCH v2 0/3] pidfs: implement file handle support
Date: Thu, 14 Nov 2024 15:27:12 +0100 [thread overview]
Message-ID: <20241114-fragt-rohre-28b21496ecbc@brauner> (raw)
In-Reply-To: <431019de-b6c6-474b-bf1f-e0afcdc0ce63@e43.eu>
On Thu, Nov 14, 2024 at 01:48:02PM +0100, Erin Shepherd wrote:
>
>
> On 14/11/2024 08:02, Amir Goldstein wrote:
> > On Wed, Nov 13, 2024 at 7:01 PM Erin Shepherd <erin.shepherd@e43.eu> wrote:
> >> Since the introduction of pidfs, we have had 64-bit process identifiers
> >> that will not be reused for the entire uptime of the system. This greatly
> >> facilitates process tracking in userspace.
> >>
> >> There are two limitations at present:
> >>
> >> * These identifiers are currently only exposed to processes on 64-bit
> >> systems. On 32-bit systems, inode space is also limited to 32 bits and
> >> therefore is subject to the same reuse issues.
> >> * There is no way to go from one of these unique identifiers to a pid or
> >> pidfd.
> >>
> >> This patch implements fh_export and fh_to_dentry which enables userspace to
> >> convert PIDs to and from PID file handles. A process can convert a pidfd into
> >> a file handle using name_to_handle_at, store it (in memory, on disk, or
> >> elsewhere) and then convert it back into a pidfd suing open_by_handle_at.
> >>
> >> To support us going from a file handle to a pidfd, we have to store a pid
> >> inside the file handle. To ensure file handles are invariant and can move
> >> between pid namespaces, we stash a pid from the initial namespace inside
> >> the file handle.
> >>
> >> (There has been some discussion as to whether or not it is OK to include
> >> the PID in the initial pid namespace, but so far there hasn't been any
> >> conclusive reason given as to why this would be a bad idea)
> > IIUC, this is already exposed as st_ino on a 64bit arch?
> > If that is the case, then there is certainly no new info leak in this patch.
>
> pid.ino is exposed, but the init-ns pid isn't exposed anywhere to my knowledge.
I see what you mean. That might be an information leak. Not a very
interesting one, I think but I need to think about it.
>
> >> Signed-off-by: Erin Shepherd <erin.shepherd@e43.eu>
> >> ---
> >> Changes in v2:
> >> - Permit filesystems to opt out of CAP_DAC_READ_SEARCH
> >> - Inline find_pid_ns/get_pid logic; remove unnecessary put_pid
> >> - Squash fh_export & fh_to_dentry into one commit
> > Not sure why you did that.
> > It was pretty nice as separate commits if you ask me. Whatever.
>
> I can revert that if you prefer. I squashed them because there was some churn
> when adding the init-ns-pid necessary to restore them, but I am happy to do
> things in two steps.
>
> Do you prefer having the final handle format in the first step, or letting it
> evolve into final form over the series?
>
next prev parent reply other threads:[~2024-11-14 14:27 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <2aa94713-c12a-4344-a45c-a01f26e16a0d@e43.eu>
2024-11-13 17:55 ` [PATCH v2 0/3] pidfs: implement file handle support Erin Shepherd
2024-11-13 17:55 ` [PATCH v2 1/3] pseudofs: add support for export_ops Erin Shepherd
2024-11-13 17:55 ` [PATCH v2 2/3] exportfs: allow fs to disable CAP_DAC_READ_SEARCH check Erin Shepherd
2024-11-13 22:50 ` kernel test robot
2024-11-14 1:29 ` kernel test robot
2024-11-14 4:37 ` Christoph Hellwig
2024-11-14 12:56 ` Erin Shepherd
2024-11-14 6:37 ` Amir Goldstein
2024-11-14 14:16 ` Christian Brauner
2024-11-13 17:55 ` [PATCH v2 3/3] pidfs: implement file handle support Erin Shepherd
2024-11-14 7:07 ` Amir Goldstein
2024-11-14 12:42 ` Erin Shepherd
2024-11-14 12:52 ` Christian Brauner
2024-11-14 13:13 ` Erin Shepherd
2024-11-14 14:13 ` Christian Brauner
2024-11-14 21:52 ` Erin Shepherd
2024-11-15 7:50 ` Amir Goldstein
2024-11-14 7:02 ` [PATCH v2 0/3] " Amir Goldstein
2024-11-14 12:48 ` Erin Shepherd
2024-11-14 14:27 ` Christian Brauner [this message]
2024-11-28 12:33 ` [PATCH RFC 0/2] pidfs: file handle preliminaries Christian Brauner
2024-11-28 12:33 ` [PATCH RFC 1/2] pidfs: rework inode number allocation Christian Brauner
2024-11-28 17:19 ` Amir Goldstein
2024-11-28 12:33 ` [PATCH RFC 2/2] pidfs: remove 32bit inode number handling Christian Brauner
2024-11-28 17:06 ` [PATCH RFC 0/2] pidfs: file handle preliminaries Amir Goldstein
2024-11-14 16:10 ` [PATCH v2 0/3] pidfs: implement file handle support Amir Goldstein
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241114-fragt-rohre-28b21496ecbc@brauner \
--to=brauner@kernel.org \
--cc=amir73il@gmail.com \
--cc=chuck.lever@oracle.com \
--cc=erin.shepherd@e43.eu \
--cc=jack@suse.cz \
--cc=jlayton@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox