On Sat, Mar 30, 2019 at 10:04:33AM -0700, Linus Torvalds wrote: > On Sat, Mar 30, 2019 at 9:34 AM Daniel Colascione <dancol@xxxxxxxxxx> wrote: > > > > Just to be clear, I'm not proposing granting secret access to procfs, > > and as far as I can see, nobody else is either. We've been talking > > about making it easier to avoid races when you happen to want a pidfd > > and a procfs fd that point to the same process > > So I thought that was the whole point of just opening /proc/<pid>. > Exactly because that way you can then use openat() from there on. To clarify, what the Android guys really wanted to be part of the api is a way to get race-free access to metadata associated with a given pidfd. And the idea was that *if and only if procfs is mounted* you could do: int pidfd = pidfd_open(1234, 0); int procfd = open("/proc", O_RDONLY | O_CLOEXEC); int procpidfd = ioctl(pidfd, PIDFD_TO_PROCFD, procfd); and then we internally verify that the struct pid that the pidfd is refering to, is still the same as the one that /proc/<pid> is refering to and only then do we return an fd for the process /proc/<pid> directory which would then allow you to do, e.g.: int statusfd = openat(procpidfd, "status", O_RDONLY | O_CLOEXEC); this would provide race-free access to metadat but again, only if /proc is mounted and available to the user. But if that's an instant NAK we will definitely *not* do this.