lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20210104131928.idjsewjzobnqkvwc@wittgenstein>
Date:   Mon, 4 Jan 2021 14:19:28 +0100
From:   Christian Brauner <christian.brauner@...ntu.com>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     Wen Yang <wenyang@...ux.alibaba.com>,
        Sasha Levin <sashal@...nel.org>,
        Xunlei Pang <xlpang@...ux.alibaba.com>,
        linux-kernel@...r.kernel.org,
        Christian Brauner <christian@...uner.io>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Jann Horn <jannh@...gle.com>, Oleg Nesterov <oleg@...hat.com>,
        Arnd Bergmann <arnd@...db.de>,
        "Eric W. Biederman" <ebiederm@...ssion.com>,
        Kees Cook <keescook@...omium.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        David Howells <dhowells@...hat.com>,
        "Michael Kerrisk (man-pages)" <mtk.manpages@...il.com>,
        Andy Lutomirsky <luto@...nel.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Aleksa Sarai <cyphar@...har.com>,
        Al Viro <viro@...iv.linux.org.uk>, stable@...r.kernel.org
Subject: Re: [PATCH 01/10] clone: add CLONE_PIDFD

On Mon, Jan 04, 2021 at 02:17:40PM +0100, Greg Kroah-Hartman wrote:
> On Mon, Jan 04, 2021 at 02:13:42PM +0100, Christian Brauner wrote:
> > On Mon, Jan 04, 2021 at 02:03:14PM +0100, Greg Kroah-Hartman wrote:
> > > On Fri, Dec 04, 2020 at 02:31:55AM +0800, Wen Yang wrote:
> > > > From: Christian Brauner <christian@...uner.io>
> > > > 
> > > > [ Upstream commit b3e5838252665ee4cfa76b82bdf1198dca81e5be ]
> > > > 
> > > > This patchset makes it possible to retrieve pid file descriptors at
> > > > process creation time by introducing the new flag CLONE_PIDFD to the
> > > > clone() system call.  Linus originally suggested to implement this as a
> > > > new flag to clone() instead of making it a separate system call.  As
> > > > spotted by Linus, there is exactly one bit for clone() left.
> > > > 
> > > > CLONE_PIDFD creates file descriptors based on the anonymous inode
> > > > implementation in the kernel that will also be used to implement the new
> > > > mount api.  They serve as a simple opaque handle on pids.  Logically,
> > > > this makes it possible to interpret a pidfd differently, narrowing or
> > > > widening the scope of various operations (e.g. signal sending).  Thus, a
> > > > pidfd cannot just refer to a tgid, but also a tid, or in theory - given
> > > > appropriate flag arguments in relevant syscalls - a process group or
> > > > session. A pidfd does not represent a privilege.  This does not imply it
> > > > cannot ever be that way but for now this is not the case.
> > > > 
> > > > A pidfd comes with additional information in fdinfo if the kernel supports
> > > > procfs.  The fdinfo file contains the pid of the process in the callers
> > > > pid namespace in the same format as the procfs status file, i.e. "Pid:\t%d".
> > > > 
> > > > As suggested by Oleg, with CLONE_PIDFD the pidfd is returned in the
> > > > parent_tidptr argument of clone.  This has the advantage that we can
> > > > give back the associated pid and the pidfd at the same time.
> > > > 
> > > > To remove worries about missing metadata access this patchset comes with
> > > > a sample program that illustrates how a combination of CLONE_PIDFD, and
> > > > pidfd_send_signal() can be used to gain race-free access to process
> > > > metadata through /proc/<pid>.  The sample program can easily be
> > > > translated into a helper that would be suitable for inclusion in libc so
> > > > that users don't have to worry about writing it themselves.
> > > > 
> > > > Suggested-by: Linus Torvalds <torvalds@...ux-foundation.org>
> > > > Signed-off-by: Christian Brauner <christian@...uner.io>
> > > > Co-developed-by: Jann Horn <jannh@...gle.com>
> > > > Signed-off-by: Jann Horn <jannh@...gle.com>
> > > > Reviewed-by: Oleg Nesterov <oleg@...hat.com>
> > > > Cc: Arnd Bergmann <arnd@...db.de>
> > > > Cc: "Eric W. Biederman" <ebiederm@...ssion.com>
> > > > Cc: Kees Cook <keescook@...omium.org>
> > > > Cc: Thomas Gleixner <tglx@...utronix.de>
> > > > Cc: David Howells <dhowells@...hat.com>
> > > > Cc: "Michael Kerrisk (man-pages)" <mtk.manpages@...il.com>
> > > > Cc: Andy Lutomirsky <luto@...nel.org>
> > > > Cc: Andrew Morton <akpm@...ux-foundation.org>
> > > > Cc: Aleksa Sarai <cyphar@...har.com>
> > > > Cc: Linus Torvalds <torvalds@...ux-foundation.org>
> > > > Cc: Al Viro <viro@...iv.linux.org.uk>
> > > > Cc: <stable@...r.kernel.org> # 4.9.x
> > > > (clone: fix up cherry-pick conflicts for b3e583825266)
> > > > Signed-off-by: Wen Yang <wenyang@...ux.alibaba.com>
> > > > ---
> > > >  include/linux/pid.h        |   1 +
> > > >  include/uapi/linux/sched.h |   1 +
> > > >  kernel/fork.c              | 119 +++++++++++++++++++++++++++++++++++++++++++--
> > > >  3 files changed, 117 insertions(+), 4 deletions(-)
> > > > 
> > > > diff --git a/include/linux/pid.h b/include/linux/pid.h
> > > > index 97b745d..7599a78 100644
> > > > --- a/include/linux/pid.h
> > > > +++ b/include/linux/pid.h
> > > > @@ -73,6 +73,7 @@ struct pid_link
> > > >  	struct hlist_node node;
> > > >  	struct pid *pid;
> > > >  };
> > > > +extern const struct file_operations pidfd_fops;
> > > >  
> > > >  static inline struct pid *get_pid(struct pid *pid)
> > > >  {
> > > > diff --git a/include/uapi/linux/sched.h b/include/uapi/linux/sched.h
> > > > index 5f0fe01..ed6e31d 100644
> > > > --- a/include/uapi/linux/sched.h
> > > > +++ b/include/uapi/linux/sched.h
> > > > @@ -9,6 +9,7 @@
> > > >  #define CLONE_FS	0x00000200	/* set if fs info shared between processes */
> > > >  #define CLONE_FILES	0x00000400	/* set if open files shared between processes */
> > > >  #define CLONE_SIGHAND	0x00000800	/* set if signal handlers and blocked signals shared */
> > > > +#define CLONE_PIDFD	0x00001000	/* set if a pidfd should be placed in parent */
> > > >  #define CLONE_PTRACE	0x00002000	/* set if we want to let tracing continue on the child too */
> > > >  #define CLONE_VFORK	0x00004000	/* set if the parent wants the child to wake it up on mm_release */
> > > >  #define CLONE_PARENT	0x00008000	/* set if we want to have the same parent as the cloner */
> > > > diff --git a/kernel/fork.c b/kernel/fork.c
> > > > index b64efec..076297a 100644
> > > > --- a/kernel/fork.c
> > > > +++ b/kernel/fork.c
> > > > @@ -11,7 +11,22 @@
> > > >   * management can be a bitch. See 'mm/memory.c': 'copy_page_range()'
> > > >   */
> > > >  
> > > > +#include <linux/anon_inodes.h>
> > > >  #include <linux/slab.h>
> > > > +#if 0
> > > > +#include <linux/sched/autogroup.h>
> > > > +#include <linux/sched/mm.h>
> > > > +#include <linux/sched/coredump.h>
> > > > +#include <linux/sched/user.h>
> > > > +#include <linux/sched/numa_balancing.h>
> > > > +#include <linux/sched/stat.h>
> > > > +#include <linux/sched/task.h>
> > > > +#include <linux/sched/task_stack.h>
> > > > +#include <linux/sched/cputime.h>
> > > > +#include <linux/seq_file.h>
> > > > +#include <linux/rtmutex.h>
> > > > +>>>>>>> b3e58382... clone: add CLONE_PIDFD
> > > > +#endif
> > > 
> > > That looks odd :(
> > > 
> > > Can you please refresh this patch series, and make sure it is correct
> > > and resend it?
> > 
> > Uhm, this patch series has been merged at least a year ago so this looks
> > like an accidental send.
> > This probably isn't meant for upstream but for some alibaba specific
> > kernel I'd reckon.
> 
> This was ment for the 4.19.y kernel to solve a problem reported in patch
> 00/XX of the series.

Ah, ok. Then just as an fyi: the Cc line seems to indicate 4.9 and not
4.19.

Christian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ