Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v5.5 2019-06-24T13:55:50Z 2019-06-24T13:55:50Z Dmitry V. Levin ldv@altlinux.org 2019-06-23T11:28:00Z urn:sha1:bee19cd8f241ab3cd1bf79e03884e5371f9ef514 Initialize pidfd to an invalid descriptor, to fail gracefully on those kernels that do not implement CLONE_PIDFD and leave pidfd unchanged. Signed-off-by: Dmitry V. Levin <ldv@altlinux.org> Signed-off-by: Christian Brauner <christian@brauner.io> 2019-06-05T13:06:07Z Guenter Roeck linux@roeck-us.net 2019-05-30T11:40:47Z urn:sha1:7c33277b9a9ada187f805b41ffbebe6c51622fb6 Define __NR_pidfd_send_signal if it isn't to prevent a compilation error. To make pidfd-metadata compile on all arches, irrespective of whether or not syscall numbers are assigned, define the syscall number to -1. If it isn't defined this will cause the kernel to return -ENOSYS. Fixes: 43c6afee48d4 ("samples: show race-free pidfd metadata access") Reported-by: Arnd Bergmann <arnd@arndb.de> Reported-by: Guenter Roeck <linux@roeck-us.net> Cc: Christian Brauner <christian@brauner.io> Signed-off-by: Guenter Roeck <linux@roeck-us.net> [christian@brauner.io: tweak commit message] Signed-off-by: Christian Brauner <christian@brauner.io> 2019-05-10T09:50:52Z Christian Brauner christian@brauner.io 2019-05-08T11:02:30Z urn:sha1:8b0e1fea3056a411300fb3a2d8f3ca9af54ace44 Ignore the pidfd-metadata binary so it doesn't show up in unwanted scenarios. Reported-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Christian Brauner <christian@brauner.io> 2019-05-07T12:31:04Z Christian Brauner christian@brauner.io 2019-04-07T19:18:11Z urn:sha1:43c6afee48d4d866d5eb984d3a5dbbc7d9b4e7bf This is a sample program showing userspace how to get race-free access to process metadata from a pidfd. It is rather easy to do and userspace can actually simply reuse code that currently parses a process's status file in procfs. The program can easily be extended into a generic helper suitable for inclusion in a libc to make it even easier for userspace to gain metadata access. Since this came up in a discussion because this API is going to be used in various service managers: A lot of programs will have a whitelist seccomp filter that returns <some-errno> for all new syscalls. This means that programs might get confused if CLONE_PIDFD works but the later pidfd_send_signal() syscall doesn't. Hence, here's a ahead of time check that pidfd_send_signal() is supported: bool pidfd_send_signal_supported() { int procfd = open("/proc/self", O_DIRECTORY | O_RDONLY | O_CLOEXEC); if (procfd < 0) return false; /* * A process is always allowed to signal itself so * pidfd_send_signal() should never fail this test. If it does * it must mean it is not available, blocked by an LSM, seccomp, * or other. */ return pidfd_send_signal(procfd, 0, NULL, 0) == 0; } Signed-off-by: Christian Brauner <christian@brauner.io> Co-developed-by: Jann Horn <jannh@google.com> Signed-off-by: Jann Horn <jannh@google.com> Reviewed-by: Oleg Nesterov <oleg@redhat.com> Cc: Arnd Bergmann <arnd@arndb.de> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Kees Cook <keescook@chromium.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: David Howells <dhowells@redhat.com> Cc: "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com> Cc: Andy Lutomirsky <luto@kernel.org> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Aleksa Sarai <cyphar@cyphar.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Al Viro <viro@zeniv.linux.org.uk>