Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20190506111415.mjznjwqzidvouqmj@brauner.io>
Date: Mon, 6 May 2019 13:14:16 +0200
From: Christian Brauner <christian@...uner.io>
To: Jann Horn <jannh@...gle.com>
Cc: Solar Designer <solar@...nwall.com>,
	Kernel Hardening <kernel-hardening@...ts.openwall.com>
Subject: Re: race-free process signaling

On Mon, May 06, 2019 at 12:45:14PM +0200, Jann Horn wrote:
> +cc Christian Brauner (author of pidfd code)
> 
> On Mon, May 6, 2019 at 12:22 PM Solar Designer <solar@...nwall.com> wrote:
> > I totally missed the recent work in this area (I'm not on LKML),
> 
> FWIW, you don't usually need to actually read LKML to see when major
> developments happen - I read LWN, which seems to work pretty well for
> that purpose.
> 
> > and am
> > now wondering whether the solution that got in ("use /proc/<pid> fds as
> > stable handles on struct pid"):
> >
> > https://lwn.net/Articles/773459/
> > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a9dce6679d736cb3d612af39bab9f31f8db66f9b
> >
> > is better or worse than what I had proposed in 1999 and 2005 ("locking"
> > of pids for the caller's own visibility only):
> >
> > https://marc.info/?l=linux-kernel&m=112784189115058
> >
> > [Subject starts with "PID reuse safety for userspace apps", in case MARC
> > is ever gone and someone wants to look this up in another archive.
> 
> (The kernel people now have lore.kernel.org as an email archive, which
> is much nicer to use IMO - it has search, it has a nice thread view,
> and you can download raw mbox files if you want to reply to a mail:
> <https://lore.kernel.org/lkml/20050927172048.GA3423@openwall.com/>)
> 
> > I proposed a lockpid syscall back then, but I'd use a mere prctl now.]
> >
> > I still like my proposal much better - no dependency on procfs, much

This has always been the goal and with the new CLONE_PIDFD flag we make
this possible. I'm about to send the PR for this merge window.
/proc/<pid> fds stay behind as a convenience for pidfd_send_signal()
only with no new features added to them.
There is some (tedious) historical context why it came to be that way.
My original implementation was already different. 
pidfd_send_signal() was basically based on /proc/<pid> fd because some
developers had opposed other solutions since the /proc/<pid> idea seemed
so "simple".
The truth is it gets very very problematic when you think about
returning fds at process creation time. This is why pidfds will be anon
inodes.

> > simpler implementation - but perhaps I'm missing the context here.
> 
> Actually, there is ongoing development of pidfd stuff, including
> procfs-less pidfds. You may want to look through
> <https://lore.kernel.org/lkml/?q=f%3Abrauner>, or something like that.
> 
> The following series adds anon-inode-based pidfds that can be returned
> from sys_clone():
> "[PATCH v3 2/4] clone: add CLONE_PIDFD"
> <https://lore.kernel.org/lkml/20190419120904.27502-2-christian@brauner.io/>
> "[PATCH v3 3/4] signal: support CLONE_PIDFD with pidfd_send_signal"
> <https://lore.kernel.org/lkml/20190419120904.27502-4-christian@brauner.io/>
> 
> This patch adds process exit notifications that can be received
> through the normal file polling syscalls (epoll/poll/select/...):
> "[PATCH v2 1/2] Add polling support to pidfd"
> <https://lore.kernel.org/lkml/20190430162154.61314-1-joel@joelfernandes.org/>
> 
> > Maybe I should have sent a patch back then.  Oh well.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.