From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <libc-alpha-return-74423-listarch-libc-alpha=sources.redhat.com@sourceware.org>
Received: (qmail 17321 invoked by alias); 4 Nov 2016 16:03:57 -0000
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-alpha.sourceware.org>
List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: libc-alpha-owner@sourceware.org
Received: (qmail 17305 invoked by uid 89); 4 Nov 2016 16:03:57 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-1.4 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_NONE,RCVD_IN_SORBS_SPAM,SPF_PASS autolearn=no version=3.3.2 spammy=replied, protect
X-HELO: mail-ua0-f173.google.com
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:subject:to:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-transfer-encoding;
        bh=biTXdHSGWmxvuqJnTTWSOnZ91ijLdLfqY6/uWaxdeYU=;
        b=WXEj5D6EzqQ+wFLa2x8kzNttxRoxdZ/FE9samdfDiMXWOJ0w47T6xA7azOi0UMqmAS
         W+LvG0HKqNMEIatA1CofjfhUis+tCmazTB1WRgglahLDwzHGyVYRTnM44GhO0kVpMsCw
         Qbt6AOJrwaI9ZXB07ufPIjNJ/4uMPvL712BnkIM2ULcFN3ORf8xTNG9o13a6OUHvuWi3
         dfPlmfZ+fPzlYVEiNPN53lssPN61tJwTVxFGQZ0xF6ZVCwcuVx8bRAR9m0qRoyhRNSI3
         EEAQyg/4G4Udb+IljIlwTAQS1Fe4J7q7pJR0aC0R3VTDlkmdN32eu7N1w0/W1lDtfn4Y
         5Qlg==
X-Gm-Message-State: ABUngvd9RmQfbIBG/MzkKEYrqUmcfQxURlo+osIRGbaGCTDVYvXXDJTpHZx0P3kEvaDSHfE4
X-Received: by 10.176.82.71 with SMTP id j7mr9904890uaa.77.1478275425461;
        Fri, 04 Nov 2016 09:03:45 -0700 (PDT)
Subject: Re: Caching of PID/TID after fork
To: Florian Weimer <fweimer@redhat.com>, libc-alpha@sourceware.org
References: <CAP145pj+yVz_7ZF8_dNqZ2NE22A_O5QyT195Gy0TgvKq1j3skw@mail.gmail.com>
 <87y4202blm.fsf@mid.deneb.enyo.de>
 <CAP145phqU29-vMNkS6zzWRJn4L_F9+zHQkybiirQndBcxJGp8g@mail.gmail.com>
 <87mvidj0qw.fsf@mid.deneb.enyo.de>
 <CAP145pjSBEgWS6dQ2u741m1z0VZYZ49ydLe-yvmjj1FuC_zqpQ@mail.gmail.com>
 <ecb5be63-de88-f05c-38ad-65e20f17a274@linaro.org>
 <03127072-f944-86de-da85-cd889ce5ed76@redhat.com>
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Message-ID: <15886e77-0575-49f2-e989-dd12aba8dd97@linaro.org>
Date: Fri, 04 Nov 2016 16:03:00 -0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <03127072-f944-86de-da85-cd889ce5ed76@redhat.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-SW-Source: 2016-11/txt/msg00176.txt.bz2



On 04/11/2016 13:14, Florian Weimer wrote:
> On 10/10/2016 08:03 PM, Adhemerval Zanella wrote:
>> +  /* Some sanity checks for clone syscall: returned ppid should be currernt
> 
> Typo: “currernt”
> 
> On its own, this approach looks okay, but I am worried that it sends a message that it's okay to clone processes without additional measures to protect PRNGs and things like that.
> 
> Florian

I am not sure if you referring you to my initial RFC patch or the one 
complete I sent [1] since you replied to the original thread.

Anyway, I see that with current fixes on some algorithm (execv not
using dynamic memory allocation and various issues with posix_spawn)
clone direct usage should be really required in very specific
scanerios (mostly on new containers projects and such alike).  And 
I would expect that these very projects to know the constraints and 
limitations of using the syscall directly.

[1] https://sourceware.org/ml/libc-alpha/2016-10/msg00233.html