On Mon, Mar 25, 2019 at 06:28:53PM +0000, Jonathan Kowalski wrote:
> On Mon, Mar 25, 2019 at 4:21 PM Christian Brauner <christian@xxxxxxxxxx> wrote:
> >
> > Let pidfd_send_signal() use pidfds retrieved via pidctl(). With this patch
> > pidfd_send_signal() becomes independent of procfs. This fullfils the
> > request made when we merged the pidfd_send_signal() patchset. The
> > pidfd_send_signal() syscall is now always available allowing for it to be
> > used by users without procfs mounted or even users without procfs support
> > compiled into the kernel.
> >
> > Signed-off-by: Christian Brauner <christian@xxxxxxxxxx>
> > Reviewed-by: David Howells <dhowells@xxxxxxxxxx>
> > Acked-by: Serge Hallyn <serge@xxxxxxxxxx>
> > Cc: Arnd Bergmann <arnd@xxxxxxxx>
> > Cc: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
> > Cc: Kees Cook <keescook@xxxxxxxxxxxx>
> > Cc: Alexey Dobriyan <adobriyan@xxxxxxxxx>
> > Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
> > Cc: Jann Horn <jannh@xxxxxxxxxx
> > Cc: "Michael Kerrisk (man-pages)" <mtk.manpages@xxxxxxxxx>
> > Cc: Konstantin Khlebnikov <khlebnikov@xxxxxxxxxxxxxx>
> > Cc: Jonathan Kowalski <bl0pbl33p@xxxxxxxxx>
> > Cc: "Dmitry V. Levin" <ldv@xxxxxxxxxxxx>
> > Cc: Andy Lutomirsky <luto@xxxxxxxxxx>
> > Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
> > Cc: Oleg Nesterov <oleg@xxxxxxxxxx>
> > Cc: Nagarathnam Muthusamy <nagarathnam.muthusamy@xxxxxxxxxx>
> > Cc: Aleksa Sarai <cyphar@xxxxxxxxxx>
> > Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
> > ---
> > kernel/signal.c | 20 +++++++++-----------
> > kernel/sys_ni.c | 3 ---
> > 2 files changed, 9 insertions(+), 14 deletions(-)
> >
> > diff --git a/kernel/signal.c b/kernel/signal.c
> > index b7953934aa99..d77183be1677 100644
> > --- a/kernel/signal.c
> > +++ b/kernel/signal.c
> > @@ -3513,7 +3513,6 @@ SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
> > return kill_something_info(sig, &info, pid);
> > }
> >
> > -#ifdef CONFIG_PROC_FS
> > /*
> > * Verify that the signaler and signalee either are in the same pid namespace
> > * or that the signaler's pid namespace is an ancestor of the signalee's pid
> > @@ -3521,16 +3520,13 @@ SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
> > */
> > static bool access_pidfd_pidns(struct pid *pid)
>
> If it is agreed upon to remove the ability of using /proc/<PID> as a
> pidfd pidfd_send_signal accepts, is lifting this check acceptable?
>
> The system call as is does not allow for a process to acquire a pidfd
> without being in an ancestor namespace or the same namespace. Thus,
> there are good reasons to allow for this to work and be able to work
> around the limitations imposed by pid namespaces if userspace
> explicitly decides to do so, by passing around the pidfd to some other
> process.
The original problem with this was - I think - that we hadn't settled
what certain values in struct siginfo_t should be set to when signaling
e.g. into ancestor pid namespaces. And if we did, we need to hook into
a widely used function in the kernel (I don't have the appropriate
thread handy atm) and we decided to punt on this until userspace really
needs this feature.
>
> Also, you would need to translate this only once, when filling in the
> structure. The other process is bound to its pid ns as long as it is
> alive, therefore it would be simple without having to do anything
> fancy at read side (unlike unix sockets).
>
> > {
> > + int ret;
> > struct pid_namespace *active = task_active_pid_ns(current);
> > struct pid_namespace *p = ns_of_pid(pid);
> >
> > - for (;;) {
> > - if (!p)
> > - return false;
> > - if (p == active)
> > - break;
> > - p = p->parent;
> > - }
> > + ret = pidnscmp(active, p);
> > + if (ret < 0)
> > + return false;
> >
> > return true;
> > }
> > @@ -3581,12 +3577,15 @@ SYSCALL_DEFINE4(pidfd_send_signal, int, pidfd, int, sig,
> > if (flags)
> > return -EINVAL;
> >
> > - f = fdget_raw(pidfd);
> > + f = fdget(pidfd);
> > if (!f.file)
> > return -EBADF;
> >
> > /* Is this a pidfd? */
> > - pid = tgid_pidfd_to_pid(f.file);
> > + if (f.file->f_op == &pidfd_fops)
> > + pid = f.file->private_data;
> > + else
> > + pid = tgid_pidfd_to_pid(f.file);
> > if (IS_ERR(pid)) {
> > ret = PTR_ERR(pid);
> > goto err;
> > @@ -3625,7 +3624,6 @@ SYSCALL_DEFINE4(pidfd_send_signal, int, pidfd, int, sig,
> > fdput(f);
> > return ret;
> > }
> > -#endif /* CONFIG_PROC_FS */
> >
> > static int
> > do_send_specific(pid_t tgid, pid_t pid, int sig, struct kernel_siginfo *info)
> > diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c
> > index d21f4befaea4..4d9ae5ea6caf 100644
> > --- a/kernel/sys_ni.c
> > +++ b/kernel/sys_ni.c
> > @@ -167,9 +167,6 @@ COND_SYSCALL(syslog);
> >
> > /* kernel/sched/core.c */
> >
> > -/* kernel/signal.c */
> > -COND_SYSCALL(pidfd_send_signal);
> > -
> > /* kernel/sys.c */
> > COND_SYSCALL(setregid);
> > COND_SYSCALL(setgid);
> > --
> > 2.21.0
> >
