lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 28 Mar 2023 11:00:26 +0200
From:   Jan Kara <jack@...e.cz>
To:     Christian Brauner <brauner@...nel.org>
Cc:     linux-fsdevel@...r.kernel.org, Jan Kara <jack@...e.cz>,
        Amir Goldstein <amir73il@...il.com>,
        Matthew Bobrowski <repnop@...gle.com>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/3] pid: add pidfd_prepare()

On Mon 27-03-23 20:22:51, Christian Brauner wrote:
> Add a new helper that allows to reserve a pidfd and allocates a new
> pidfd file that stashes the provided struct pid. This will allow us to
> remove places that either open code this function or that call
> pidfd_create() but then have to call close_fd() because there are still
> failure points after pidfd_create() has been called.
> 
> Signed-off-by: Christian Brauner <brauner@...nel.org>

Looks good to me. Feel free to add:

Reviewed-by: Jan Kara <jack@...e.cz>

								Honza

> ---
>  include/linux/pid.h |  1 +
>  kernel/pid.c        | 69 +++++++++++++++++++++++++++++++++++++++++++----------
>  2 files changed, 58 insertions(+), 12 deletions(-)
> 
> diff --git a/include/linux/pid.h b/include/linux/pid.h
> index 343abf22092e..b75de288a8c2 100644
> --- a/include/linux/pid.h
> +++ b/include/linux/pid.h
> @@ -80,6 +80,7 @@ extern struct pid *pidfd_pid(const struct file *file);
>  struct pid *pidfd_get_pid(unsigned int fd, unsigned int *flags);
>  struct task_struct *pidfd_get_task(int pidfd, unsigned int *flags);
>  int pidfd_create(struct pid *pid, unsigned int flags);
> +int pidfd_prepare(struct pid *pid, unsigned int flags, struct file **ret);
>  
>  static inline struct pid *get_pid(struct pid *pid)
>  {
> diff --git a/kernel/pid.c b/kernel/pid.c
> index 3fbc5e46b721..95e7e01574c8 100644
> --- a/kernel/pid.c
> +++ b/kernel/pid.c
> @@ -576,6 +576,56 @@ struct task_struct *pidfd_get_task(int pidfd, unsigned int *flags)
>  	return task;
>  }
>  
> +/**
> + * pidfd_prepare - allocate a new pidfd_file and reserve a pidfd
> + * @pid:   the struct pid for which to create a pidfd
> + * @flags: flags of the new @pidfd
> + * @pidfd: the pidfd to return
> + *
> + * Allocate a new file that stashes @pid and reserve a new pidfd number in the
> + * caller's file descriptor table. The pidfd is reserved but not installed yet.
> + *
> + * If this function returns successfully the caller is responsible to either
> + * call fd_install() passing the returned pidfd and pidfd file as arguments in
> + * order to install the pidfd into its file descriptor table or they must use
> + * put_unused_fd() and fput() on the returned pidfd and pidfd file
> + * respectively.
> + *
> + * This function is useful when a pidfd must already be reserved but there
> + * might still be points of failure afterwards and the caller wants to ensure
> + * that no pidfd is leaked into its file descriptor table.
> + *
> + * Return: On success, a reserved pidfd is returned from the function and a new
> + *         pidfd file is returned in the last argument to the function. On
> + *         error, a negative error code is returned from the function and the
> + *         last argument remains unchanged.
> + */
> +int pidfd_prepare(struct pid *pid, unsigned int flags, struct file **ret)
> +{
> +	int pidfd;
> +	struct file *pidfd_file;
> +
> +	if (!pid || !pid_has_task(pid, PIDTYPE_TGID))
> +		return -EINVAL;
> +
> +	if (flags & ~(O_NONBLOCK | O_RDWR | O_CLOEXEC))
> +		return -EINVAL;
> +
> +	pidfd = get_unused_fd_flags(O_RDWR | O_CLOEXEC);
> +	if (pidfd < 0)
> +		return pidfd;
> +
> +	pidfd_file = anon_inode_getfile("[pidfd]", &pidfd_fops, pid,
> +					flags | O_RDWR | O_CLOEXEC);
> +	if (IS_ERR(pidfd_file)) {
> +		put_unused_fd(pidfd);
> +		return PTR_ERR(pidfd_file);
> +	}
> +	get_pid(pid); /* held by pidfd_file now */
> +	*ret = pidfd_file;
> +	return pidfd;
> +}
> +
>  /**
>   * pidfd_create() - Create a new pid file descriptor.
>   *
> @@ -594,20 +644,15 @@ struct task_struct *pidfd_get_task(int pidfd, unsigned int *flags)
>   */
>  int pidfd_create(struct pid *pid, unsigned int flags)
>  {
> -	int fd;
> +	int pidfd;
> +	struct file *pidfd_file;
>  
> -	if (!pid || !pid_has_task(pid, PIDTYPE_TGID))
> -		return -EINVAL;
> -
> -	if (flags & ~(O_NONBLOCK | O_RDWR | O_CLOEXEC))
> -		return -EINVAL;
> -
> -	fd = anon_inode_getfd("[pidfd]", &pidfd_fops, get_pid(pid),
> -			      flags | O_RDWR | O_CLOEXEC);
> -	if (fd < 0)
> -		put_pid(pid);
> +	pidfd = pidfd_prepare(pid, flags, &pidfd_file);
> +	if (pidfd < 0)
> +		return pidfd;
>  
> -	return fd;
> +	fd_install(pidfd, pidfd_file);
> +	return pidfd;
>  }
>  
>  /**
> 
> -- 
> 2.34.1
> 
-- 
Jan Kara <jack@...e.com>
SUSE Labs, CR

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ