| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Initialize pidfd to an invalid descriptor, to fail gracefully on
those kernels that do not implement CLONE_PIDFD and leave pidfd
unchanged.
Signed-off-by: Dmitry V. Levin <[email protected]>
Signed-off-by: Christian Brauner <[email protected]>
|
|
Define __NR_pidfd_send_signal if it isn't to prevent a compilation error.
To make pidfd-metadata compile on all arches, irrespective of whether
or not syscall numbers are assigned, define the syscall number to -1.
If it isn't defined this will cause the kernel to return -ENOSYS.
Fixes: 43c6afee48d4 ("samples: show race-free pidfd metadata access")
Reported-by: Arnd Bergmann <[email protected]>
Reported-by: Guenter Roeck <[email protected]>
Cc: Christian Brauner <[email protected]>
Signed-off-by: Guenter Roeck <[email protected]>
[[email protected]: tweak commit message]
Signed-off-by: Christian Brauner <[email protected]>
|
|
Ignore the pidfd-metadata binary so it doesn't show up in unwanted
scenarios.
Reported-by: Linus Torvalds <[email protected]>
Signed-off-by: Christian Brauner <[email protected]>
|
|
This is a sample program showing userspace how to get race-free access
to process metadata from a pidfd. It is rather easy to do and userspace
can actually simply reuse code that currently parses a process's status
file in procfs.
The program can easily be extended into a generic helper suitable for
inclusion in a libc to make it even easier for userspace to gain metadata
access.
Since this came up in a discussion because this API is going to be used
in various service managers: A lot of programs will have a whitelist
seccomp filter that returns <some-errno> for all new syscalls. This
means that programs might get confused if CLONE_PIDFD works but the
later pidfd_send_signal() syscall doesn't. Hence, here's a ahead of
time check that pidfd_send_signal() is supported:
bool pidfd_send_signal_supported()
{
int procfd = open("/proc/self", O_DIRECTORY | O_RDONLY | O_CLOEXEC);
if (procfd < 0)
return false;
/*
* A process is always allowed to signal itself so
* pidfd_send_signal() should never fail this test. If it does
* it must mean it is not available, blocked by an LSM, seccomp,
* or other.
*/
return pidfd_send_signal(procfd, 0, NULL, 0) == 0;
}
Signed-off-by: Christian Brauner <[email protected]>
Co-developed-by: Jann Horn <[email protected]>
Signed-off-by: Jann Horn <[email protected]>
Reviewed-by: Oleg Nesterov <[email protected]>
Cc: Arnd Bergmann <[email protected]>
Cc: "Eric W. Biederman" <[email protected]>
Cc: Kees Cook <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Cc: David Howells <[email protected]>
Cc: "Michael Kerrisk (man-pages)" <[email protected]>
Cc: Andy Lutomirsky <[email protected]>
Cc: Andrew Morton <[email protected]>
Cc: Aleksa Sarai <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: Al Viro <[email protected]>
|