24 Jun, 2019

1 commit

• bee19cd8f   samples: make pidfd-metadata fail gracefully on older kernels ... Browse Code »

  Initialize pidfd to an invalid descriptor, to fail gracefully on
  those kernels that do not implement CLONE_PIDFD and leave pidfd
  unchanged.

  Signed-off-by: Dmitry V. Levin
  Signed-off-by: Christian Brauner

  Dmitry V. Levin

  2019-06-24 21:55:50 +0800  

05 Jun, 2019

1 commit

• 7c33277b9   samples: fix pidfd-metadata compilation ... Browse Code »

  Define __NR_pidfd_send_signal if it isn't to prevent a compilation error.

  To make pidfd-metadata compile on all arches, irrespective of whether
  or not syscall numbers are assigned, define the syscall number to -1.
  If it isn't defined this will cause the kernel to return -ENOSYS.

  Fixes: 43c6afee48d4 ("samples: show race-free pidfd metadata access")
  Reported-by: Arnd Bergmann
  Reported-by: Guenter Roeck
  Cc: Christian Brauner
  Signed-off-by: Guenter Roeck
  [christian@brauner.io: tweak commit message]
  Signed-off-by: Christian Brauner

  Guenter Roeck

  2019-06-05 21:06:07 +0800  

10 May, 2019

1 commit

• 8b0e1fea3   samples: add .gitignore for pidfd-metadata ... Browse Code »

  Ignore the pidfd-metadata binary so it doesn't show up in unwanted
  scenarios.

  Reported-by: Linus Torvalds
  Signed-off-by: Christian Brauner

  Christian Brauner

  2019-05-10 17:50:52 +0800  

07 May, 2019

1 commit

• 43c6afee4   samples: show race-free pidfd metadata access ... Browse Code »

  This is a sample program showing userspace how to get race-free access
  to process metadata from a pidfd. It is rather easy to do and userspace
  can actually simply reuse code that currently parses a process's status
  file in procfs.
  The program can easily be extended into a generic helper suitable for
  inclusion in a libc to make it even easier for userspace to gain metadata
  access.

  Since this came up in a discussion because this API is going to be used
  in various service managers: A lot of programs will have a whitelist
  seccomp filter that returns for all new syscalls. This
  means that programs might get confused if CLONE_PIDFD works but the
  later pidfd_send_signal() syscall doesn't. Hence, here's a ahead of
  time check that pidfd_send_signal() is supported:

  bool pidfd_send_signal_supported()
  {
  int procfd = open("/proc/self", O_DIRECTORY | O_RDONLY | O_CLOEXEC);
  if (procfd < 0)
  return false;

  /*
  * A process is always allowed to signal itself so
  * pidfd_send_signal() should never fail this test. If it does
  * it must mean it is not available, blocked by an LSM, seccomp,
  * or other.
  */
  return pidfd_send_signal(procfd, 0, NULL, 0) == 0;
  }

  Signed-off-by: Christian Brauner
  Co-developed-by: Jann Horn
  Signed-off-by: Jann Horn
  Reviewed-by: Oleg Nesterov
  Cc: Arnd Bergmann
  Cc: "Eric W. Biederman"
  Cc: Kees Cook
  Cc: Thomas Gleixner
  Cc: David Howells
  Cc: "Michael Kerrisk (man-pages)"
  Cc: Andy Lutomirsky
  Cc: Andrew Morton
  Cc: Aleksa Sarai
  Cc: Linus Torvalds
  Cc: Al Viro

  Christian Brauner

  2019-05-07 20:31:04 +0800