On Thu, Jun 08, 2023 at 10:26:25PM +0200, Alexander Mikhalitsyn wrote: > Implement SCM_PIDFD, a new type of CMSG type analogical to SCM_CREDENTIALS, > but it contains pidfd instead of plain pid, which allows programmers not > to care about PID reuse problem. > > We mask SO_PASSPIDFD feature if CONFIG_UNIX is not builtin because > it depends on a pidfd_prepare() API which is not exported to the kernel > modules. > > Idea comes from UAPI kernel group: > https://uapi-group.org/kernel-features/ > > Big thanks to Christian Brauner and Lennart Poettering for productive > discussions about this. > > Cc: "David S. Miller" <davem@xxxxxxxxxxxxx> > Cc: Eric Dumazet <edumazet@xxxxxxxxxx> > Cc: Jakub Kicinski <kuba@xxxxxxxxxx> > Cc: Paolo Abeni <pabeni@xxxxxxxxxx> > Cc: Leon Romanovsky <leon@xxxxxxxxxx> > Cc: David Ahern <dsahern@xxxxxxxxxx> > Cc: Arnd Bergmann <arnd@xxxxxxxx> > Cc: Kees Cook <keescook@xxxxxxxxxxxx> > Cc: Christian Brauner <brauner@xxxxxxxxxx> > Cc: Kuniyuki Iwashima <kuniyu@xxxxxxxxxx> > Cc: Lennart Poettering <mzxreary@xxxxxxxxxxx> > Cc: Luca Boccassi <bluca@xxxxxxxxxx> > Cc: linux-kernel@xxxxxxxxxxxxxxx > Cc: netdev@xxxxxxxxxxxxxxx > Cc: linux-arch@xxxxxxxxxxxxxxx > Tested-by: Luca Boccassi <bluca@xxxxxxxxxx> > Reviewed-by: Kuniyuki Iwashima <kuniyu@xxxxxxxxxx> > Reviewed-by: Christian Brauner <brauner@xxxxxxxxxx> > Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@xxxxxxxxxxxxx> > --- > arch/alpha/include/uapi/asm/socket.h | 2 ++ > arch/mips/include/uapi/asm/socket.h | 2 ++ > arch/parisc/include/uapi/asm/socket.h | 2 ++ > arch/sparc/include/uapi/asm/socket.h | 2 ++ > include/linux/net.h | 1 + > include/linux/socket.h | 1 + > include/net/scm.h | 39 +++++++++++++++++++++++-- > include/uapi/asm-generic/socket.h | 2 ++ > net/core/sock.c | 11 +++++++ > net/mptcp/sockopt.c | 1 + > net/unix/af_unix.c | 18 ++++++++---- > tools/include/uapi/asm-generic/socket.h | 2 ++ > 12 files changed, 76 insertions(+), 7 deletions(-) ... > +static __inline__ void scm_pidfd_recv(struct msghdr *msg, struct scm_cookie *scm) > +{ > + struct file *pidfd_file = NULL; > + int pidfd; > + > + /* > + * put_cmsg() doesn't return an error if CMSG is truncated, > + * that's why we need to opencode these checks here. > + */ > + if ((msg->msg_controllen <= sizeof(struct cmsghdr)) || > + (msg->msg_controllen - sizeof(struct cmsghdr)) < sizeof(int)) { > + msg->msg_flags |= MSG_CTRUNC; > + return; > + } This does not work for compat tasks since the size of struct cmsghdr (aka struct compat_cmsghdr) is differently. If the check from put_cmsg() is open-coded here, then also a different check for compat tasks needs to be added. Discovered this because I was wondering why strace compat tests fail; it seems because of this. See https://github.com/strace/strace/blob/master/tests/scm_pidfd.c For compat tasks recvmsg() returns with msg_flags=MSG_CTRUNC since the above code expects a larger buffer than is necessary.
