From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ot1-x32d.google.com (mail-ot1-x32d.google.com [IPv6:2607:f8b0:4864:20::32d]) by sourceware.org (Postfix) with ESMTPS id 040743858C2B for ; Thu, 24 Aug 2023 17:10:48 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 040743858C2B Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org Received: by mail-ot1-x32d.google.com with SMTP id 46e09a7af769-6bd8639e7e5so69570a34.1 for ; Thu, 24 Aug 2023 10:10:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1692897046; x=1693501846; h=content-transfer-encoding:in-reply-to:organization:from:references :cc:to:content-language:subject:user-agent:mime-version:date :message-id:from:to:cc:subject:date:message-id:reply-to; bh=ydQInz/U8qBNn0sZQGf59yy36qDAjhnlA+ppEatcCYY=; b=VELoi5i7usuKZ4VGJ02FF2w4o8HjMNsPh3eJDktFwQ9jxQ/ALCz+HuuVCWZQYTXfAV R0w26+s23iQBP5z1MeOxl6mnHAtXFptxDzi/3yWLb+qXoYHyplCngnZEEvx5YU7cgcwI ggG4lyyHg/5vod4CkSEOlHWfdkascSRWgIMPUH2fJZGUIcODqn6g6h7njJQEgG4mvGvI 8LsgLFJ5O94rJVA+maG3XmibtZJh0veTgCWmqbPWkLEavy2bbsYAlfJzFuk1qp5AJnyk gFujnWWYvIDqMgEl+ovmk1aNjUekJMwM+CXOTuokTvV2XJwbGBQPRTPW2QwcTwbVSe7I grMg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692897046; x=1693501846; h=content-transfer-encoding:in-reply-to:organization:from:references :cc:to:content-language:subject:user-agent:mime-version:date :message-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ydQInz/U8qBNn0sZQGf59yy36qDAjhnlA+ppEatcCYY=; b=DojFQzhwgAA4j3nwOETZwe70b8GBOCxnV5VtTSAwh2cxnJIsHdGVFdm168BKifWksQ nKRR9jocrX8UQfGEzQ+Ac1xsRNjBIA3sLw2iilv2zb8XhQ76I7Txx7z538GbjJb03Xx6 mEbFi5STSSIfP+Bb/1HcvwTgjx6hdhfY9IFxk9jIZj4TnTxr1nahiww7HcW4WQw5lpGu eP/Z3R8qBXJ7cuK9CNx9afHIay3wpIXaryaX/0aBPdB6tDjhxrZNxcusWUQO4qdcPQJp HiBsuk/ZNUlI1Eyl0NQFTRgcgumCkV9NoyuKzuui+yk7hgxzQr3G0LhoclO2NefemI6W e2Uw== X-Gm-Message-State: AOJu0YxmiJ1EMJIOO/FRloMo8UbpydHIRKxEuYG/7xpadSxp1JaJtFYX HdmfAb4X9OvIk0xQDM1mFKe8Rw== X-Google-Smtp-Source: AGHT+IHVYx/lf87QgTzq+zRZBlwaGAZ95ZajbnXj4ZpW9323G4etMbWrAwYikO9gfadJhgqNHDnwig== X-Received: by 2002:a05:6870:41cf:b0:1cc:c744:d320 with SMTP id z15-20020a05687041cf00b001ccc744d320mr306679oac.53.1692897046192; Thu, 24 Aug 2023 10:10:46 -0700 (PDT) Received: from ?IPV6:2804:1b3:a7c2:c275:d8f:2562:4517:f8f5? ([2804:1b3:a7c2:c275:d8f:2562:4517:f8f5]) by smtp.gmail.com with ESMTPSA id b25-20020a9d6b99000000b006bee51de9f6sm1794otq.18.2023.08.24.10.10.44 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 24 Aug 2023 10:10:45 -0700 (PDT) Message-ID: <1e10dacc-d714-b1e5-3284-ddaf8c795900@linaro.org> Date: Thu, 24 Aug 2023 14:10:41 -0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.14.0 Subject: Re: [PATCH v8 5/7] posix: Add pidfd_spawn and pidfd_spawnp (BZ 30349) Content-Language: en-US To: Florian Weimer Cc: libc-alpha@sourceware.org References: <20230818140642.1623571-1-adhemerval.zanella@linaro.org> <20230818140642.1623571-6-adhemerval.zanella@linaro.org> <875y5429r4.fsf@oldenburg.str.redhat.com> <095993ea-8773-fafd-7d0c-4750517c76e9@linaro.org> <87a5ugz889.fsf@oldenburg.str.redhat.com> From: Adhemerval Zanella Netto Organization: Linaro In-Reply-To: <87a5ugz889.fsf@oldenburg.str.redhat.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-14.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 24/08/23 14:00, Florian Weimer wrote: > * Adhemerval Zanella Netto: > >> On 24/08/23 04:13, Florian Weimer wrote: >>> * Adhemerval Zanella: >>> >>>> Returning a pidfd allows a process to keep a race-free handle for a >>>> child process, otherwise, the caller will need to either use pidfd_open >>>> (which still might be subject to TOCTOU) or keep the old racy interface >>>> base on pid_t. >>>> >>>> The implementation makes sure that kernel must support the complete >>>> pidfd interface, meaning that waitid (P_PIDFD) should be supported >>>> (added on Linux 5.4). It ensures that a non-racy workaround is required >>>> (such as reading procfs fdinfo pid to use along with wait interfaces). >>> >>> Sorry, I don't understand the second sentence. >> >> It is indeed confusing, I will change to: >> >> To correctly use pifd_spawn, the kernel must support not only returning >> the pidfd with clone/clone3 but also waitid (P_PIDFD) (added on Linux 5.4). >> If the kernel does not support the waitid, pidfd returns ENOSYS. It avoids >> the need for racy workarounds, such as reading the procfs fdinfo to get the >> pid to use along with other wait interfaces. > > Okay. > >>>> diff --git a/sysdeps/unix/sysv/linux/spawni.c b/sysdeps/unix/sysv/linux/spawni.c >>>> index f0d4c62ae6..d4ff23d955 100644 >>>> --- a/sysdeps/unix/sysv/linux/spawni.c >>>> +++ b/sysdeps/unix/sysv/linux/spawni.c >>> >>>> internal_signal_block_all (&args.oldmask); >>>> @@ -386,13 +399,16 @@ __spawnix (pid_t * pid, const char *file, >>>> /* Unsupported flags like CLONE_CLEAR_SIGHAND will be cleared up by >>>> __clone_internal_fallback. */ >>>> .flags = (set_cgroup ? CLONE_INTO_CGROUP : 0) >>>> + | (use_pidfd ? CLONE_PIDFD : 0) >>>> | CLONE_CLEAR_SIGHAND >>>> | CLONE_VM >>>> | CLONE_VFORK, >>>> .exit_signal = SIGCHLD, >>>> .stack = (uintptr_t) stack, >>>> .stack_size = stack_size, >>>> - .cgroup = (set_cgroup ? attrp->__cgroup : 0) >>>> + .cgroup = (set_cgroup ? attrp->__cgroup : 0), >>>> + .pidfd = use_pidfd ? (uintptr_t) &args.pidfd : 0, >>>> + .parent_tid = use_pidfd ? (uintptr_t) &args.pidfd : 0, >>> >>> The .parent_tid line looks wrong? >> >> It is required for clone (and that's why you can't use CLONE_PIDFD with >> CLONE_PARENT_SETTID). It could only set parent_tid on clone fallback, >> but I think this is simpler. I will add a comment. > > Please use a separate variable, not args.pidfd, though. The current > code depends on the order the kernel sets these fields, I think. I can move out the pidfd out of posix_spawn_args, but I don't think this would change much here. It would be a stack allocated variable in both cases, and kernel will just set it if CLONE_PIDFD (afaik there is no order involved here).