lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250322-vfs-pidfs-99964e3e4c66@brauner>
Date: Sat, 22 Mar 2025 11:13:37 +0100
From: Christian Brauner <brauner@...nel.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Christian Brauner <brauner@...nel.org>,
	linux-fsdevel@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: [GIT PULL] vfs pidfs

Hey Linus,

/* Summary */

This contains updates for pidfs:

- Allow retrieving exit information after a process has been reaped
  through pidfds via the new PIDFD_INTO_EXIT extension for the
  PIDFD_GET_INFO ioctl. Various tools need access to information about a
  process/task even after it has already been reaped.

  Pidfd polling allows waiting on either task exit or for a task to have
  been reaped. The contract for PIDFD_INFO_EXIT is simply that EPOLLHUP
  must be observed before exit information can be retrieved, i.e., exit
  information is only provided once the task has been reaped and then
  can be retrieved as long as the pidfd is open.

- Add PIDFD_SELF_{THREAD,THREAD_GROUP} sentinels allowing userspace to forgo
  allocating a file descriptor for their own process. This is useful in
  scenarios where users want to act on their own process through pidfds and is
  akin to AT_FDCWD.

- Improve premature thread-group leader and subthread exec behavior when
  polling on pidfds:

  (1) During a multi-threaded exec by a subthread, i.e., non-thread-group
      leader thread, all other threads in the thread-group including the
      thread-group leader are killed and the struct pid of the
      thread-group leader will be taken over by the subthread that called
      exec. IOW, two tasks change their TIDs.

  (2) A premature thread-group leader exit means that the thread-group
      leader exited before all of the other subthreads in the thread-group
      have exited.

  Both cases lead to inconsistencies for pidfd polling with PIDFD_THREAD.
  Any caller that holds a PIDFD_THREAD pidfd to the current thread-group
  leader may or may not see an exit notification on the file descriptor
  depending on when poll is performed. If the poll is performed before the
  exec of the subthread has concluded an exit notification is generated
  for the old thread-group leader. If the poll is performed after the exec
  of the subthread has concluded no exit notification is generated for the
  old thread-group leader.

  The correct behavior is to simply not generate an exit notification on
  the struct pid of a subhthread exec because the struct pid is taken
  over by the subthread and thus remains alive.

  But this is difficult to handle because a thread-group may exit
  premature as mentioned in (2). In that case an exit notification is
  reliably generated but the subthreads may continue to run for an
  indeterminate amount of time and thus also may exec at some point.

  After this pull no exit notifications will be generated for a
  PIDFD_THREAD pidfd for a thread-group leader until all subthreads have
  been reaped. If a subthread should exec before no exit notification
  will be generated until that task exits or it creates subthreads and
  repeates the cycle.

  This means an exit notification indicates the ability for the father
  to reap the child.

/* Testing */

gcc version 14.2.0 (Debian 14.2.0-6)
Debian clang version 16.0.6 (27+b1)

No build failures or warnings were observed.

/* Conflicts */

Merge conflicts with mainline
=============================

No known conflicts.

Merge conflicts with other trees
================================

No known conflicts.

The following changes since commit 2014c95afecee3e76ca4a56956a936e23283f05b:

  Linux 6.14-rc1 (2025-02-02 15:39:26 -0800)

are available in the Git repository at:

  git@...olite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs tags/vfs-6.15-rc1.pidfs

for you to fetch changes up to d40dc30c7b7c80db2100b73ac26d39c362643a39:

  Merge patch series "pidfs: handle multi-threaded exec and premature thread-group leader exit" (2025-03-20 15:32:51 +0100)

Please consider pulling these changes from the signed vfs-6.15-rc1.pidfs tag.

Thanks!
Christian

----------------------------------------------------------------
vfs-6.15-rc1.pidfs

----------------------------------------------------------------
Christian Brauner (25):
      selftests/pidfd: add new PIDFD_SELF* defines
      Merge patch series "introduce PIDFD_SELF* sentinels"
      pidfs: switch to copy_struct_to_user()
      pidfd: rely on automatic cleanup in __pidfd_prepare()
      pidfs: move setting flags into pidfs_alloc_file()
      pidfs: use private inode slab cache
      pidfs: record exit code and cgroupid at exit
      pidfs: allow to retrieve exit information
      selftests/pidfd: fix header inclusion
      pidfs/selftests: ensure correct headers for ioctl handling
      selftests/pidfd: expand common pidfd header
      selftests/pidfd: add first PIDFD_INFO_EXIT selftest
      selftests/pidfd: add second PIDFD_INFO_EXIT selftest
      selftests/pidfd: add third PIDFD_INFO_EXIT selftest
      selftests/pidfd: add fourth PIDFD_INFO_EXIT selftest
      selftests/pidfd: add fifth PIDFD_INFO_EXIT selftest
      selftests/pidfd: add sixth PIDFD_INFO_EXIT selftest
      selftests/pidfd: add seventh PIDFD_INFO_EXIT selftest
      Merge patch series "pidfs: provide information after task has been reaped"
      pidfs: ensure that PIDFS_INFO_EXIT is available
      pidfs: improve multi-threaded exec and premature thread-group leader exit polling
      selftests/pidfd: first test for multi-threaded exec polling
      selftests/pidfd: second test for multi-threaded exec polling
      selftests/pidfd: third test for multi-threaded exec polling
      Merge patch series "pidfs: handle multi-threaded exec and premature thread-group leader exit"

Lorenzo Stoakes (3):
      pidfd: add PIDFD_SELF* sentinels to refer to own thread/process
      selftests/pidfd: add tests for PIDFD_SELF_*
      selftests/mm: use PIDFD_SELF in guard pages test

 fs/internal.h                                     |   1 +
 fs/libfs.c                                        |   4 +-
 fs/pidfs.c                                        | 247 +++++++-
 include/linux/pidfs.h                             |   1 +
 include/uapi/linux/pidfd.h                        |  31 +-
 kernel/exit.c                                     |   8 +-
 kernel/fork.c                                     |  22 +-
 kernel/pid.c                                      |  24 +-
 kernel/signal.c                                   | 108 ++--
 tools/testing/selftests/mm/guard-pages.c          |  16 +-
 tools/testing/selftests/pidfd/.gitignore          |   2 +
 tools/testing/selftests/pidfd/Makefile            |   4 +-
 tools/testing/selftests/pidfd/pidfd.h             | 109 ++++
 tools/testing/selftests/pidfd/pidfd_exec_helper.c |  12 +
 tools/testing/selftests/pidfd/pidfd_fdinfo_test.c |   1 +
 tools/testing/selftests/pidfd/pidfd_info_test.c   | 692 ++++++++++++++++++++++
 tools/testing/selftests/pidfd/pidfd_open_test.c   |  30 +-
 tools/testing/selftests/pidfd/pidfd_setns_test.c  |  45 --
 tools/testing/selftests/pidfd/pidfd_test.c        |  76 ++-
 19 files changed, 1241 insertions(+), 192 deletions(-)
 create mode 100644 tools/testing/selftests/pidfd/pidfd_exec_helper.c
 create mode 100644 tools/testing/selftests/pidfd/pidfd_info_test.c

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ