From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wr1-f41.google.com (mail-wr1-f41.google.com [209.85.221.41]) by sourceware.org (Postfix) with ESMTPS id A2C2C3858D33 for ; Mon, 28 Aug 2023 12:52:45 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org A2C2C3858D33 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=debian.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-wr1-f41.google.com with SMTP id ffacd0b85a97d-31c7912416bso2830192f8f.1 for ; Mon, 28 Aug 2023 05:52:45 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1693227164; x=1693831964; h=mime-version:user-agent:in-reply-to:date:to:from:subject:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=6DqGFe6VmLIAROE3WUqV5GEiPQK6JRusnLedvZCwXEE=; b=dnbuZaEBgUncDq4trZyZwkxau6/Ydcb4f7z8GNQYOdYYDqAboNDI50TZlM3V2gNCfr uQZtNDQGiAVjcA9cKPoA0LKiBlAnO23N/AA38YSDREjX8bv/LEglomGxCdNRtlqUChpM TiJnZURthoXMsCekhGFOk970CpXnuXNb8G5QXrrG4siQ7dyA4RUiWMKtuRDx9Z4Y0SDT w74iZhwsYhztM6FqKwFysZCgRLbNFHv2FTaVTy9hasMjvYAJ/XbrGT/5j5KFmaH/Fhfw HeWp63dHAkKA4lI3yUK1iNOAPz3VEbr6/SZQScSK/R+BkvL7l9xcWgtZpOVQn/2y9022 MevQ== X-Gm-Message-State: AOJu0YwrxoiDdQ6GbwqEgFl+i8FSuAvWD/o71vtuDtFzLdUS4QZBrslk xxbzxzyTP3RtyVUqJ7UQZsACwTYteR0msw== X-Google-Smtp-Source: AGHT+IGeINPU2YLhWGNfUAB95Jz/OvvvwY9f5ddtS7PSMW4wF8KfNoGjCApPDLZIs9mr8ex+o5QYNg== X-Received: by 2002:a5d:42cd:0:b0:317:6a07:83a7 with SMTP id t13-20020a5d42cd000000b003176a0783a7mr19750705wrr.38.1693227164212; Mon, 28 Aug 2023 05:52:44 -0700 (PDT) Received: from localhost ([2a01:4b00:d307:1000:ed06:63c6:6043:9d2d]) by smtp.gmail.com with ESMTPSA id x16-20020a5d6510000000b003143c9beeaesm10489110wru.44.2023.08.28.05.52.43 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 28 Aug 2023 05:52:43 -0700 (PDT) Message-ID: Subject: Re: [PATCH v8 0/7] Add pidfd and cgroupv2 support for process creation From: Luca Boccassi To: libc-alpha@sourceware.org Date: Mon, 28 Aug 2023 13:52:42 +0100 In-Reply-To: <401e2f03-08e0-6edf-74d2-1be94e95a79e@linaro.org> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-FzM7t+KiuzrOhlbTr8X6" User-Agent: Evolution 3.46.4-2 MIME-Version: 1.0 X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,KAM_DMARC_STATUS,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: --=-FzM7t+KiuzrOhlbTr8X6 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable > On 18/08/23 14:51, Rich Felker wrote: > > On Fri, Aug 18, 2023 at 11:06:35AM -0300, Adhemerval Zanella via > Libc-alpha wrote: > >> The glibc 2.36 added wrappers for Linux syscall pidfd_open, > pidfd_getfd, > >> and pidfd_send_signal, and exported the P_PIDFD to use along with > >> waitid. The pidfd is a race-free interface, however, the > pidfd_open is > >> subject to TOCTOU if the file descriptor is not obtained directly > from > >> the clone or clone3 syscall (there is still a small window between > the > >> clone return and the pidfd_getfd where the process can be reaped > and the > >> process ID reused). > >=20 > > Unless I'm missing something, that window is purely programmer > error. > > The pid belongs to the parent process, that called fork, > posix_spawn, > > clone, or whatever, and is responsible for not freeing it until > it's > > done using it. > >=20 > > Yes this can happen if you install a SIGCHLD handler that reaps > > anything it sees, or if you're calling wait without a pid. This is > > programming error. If you're stuck with code outside your control > that > > makes that mistake, you can already avoid it with clone by setting > the > > child exit signal to 0 rather than SIGCHLD. But it's best just not > to > > do that. > >=20 >=20 > Yes, this is the issue GNOME is having with their code base [1] and > that > motivated this new interface. Systemd also seems to be interested in > these interface, although I am not sure if it is also subject to same > issue. >=20 > I don't have a strong opinion whether this should be considered a > solid > reason to provide a new API, another option would to close BZ#30349 > [2]=20 > as wontfix with this rationale. However, this does not really > provide=20 > an workaround, and worse it will pass the idea that to fully resolve > it=20 > you will need either to allow the racy condition or issue clone > directly. These are real race conditions, that cannot be solved otherwise, characterizing them as 'programming errors' is very misleading and wrong. We very much need both of those interfaces in systemd, and fully intend to use them as soon as they are available. We are slowly moving towards using pidfds everywhere to be able to do end-to-end race-free process tracking and management, and these are fundamental pieces for this effort. From what I can read the GNOME developers feel the same way, and I wouldn't be surprised if QT followed suit too given what you mentioned in the cover letter. Surely implementing useful, core functionality for the direct and immediate benefit of 3 major Linux projects is a reason as solid as you could ever find to add a new interface. --=20 Kind regards, Luca Boccassi --=-FzM7t+KiuzrOhlbTr8X6 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEErCSqx93EIPGOymuRKGv37813JB4FAmTsmJoACgkQKGv37813 JB5wexAAt/b63GKnSwgT5eHAT6vcI+dav8Wo2NErjCB4kCmozq9TQbgKIRY9/L+2 VpjiSRYjSVFo05Rk/d+R/kxmVWk4djdjiaWvSMI6H+XyTh5MvFecA/Yb0e2j84gF 37FNtVLIacy9w7Xq9eHTGVOewBVIS97sjWyV+e0Dl7SPcBKyaRMzc/ER2qdhRsVt PILRGsVuVHJCh326586/dcSsRLx4icautkcs2QSVs4IDmHNLTY8k2O5LTm4MAu6W B++p5cQc7fov3GvvvuOrc1fzNV6ZA9wfu742qvK+JMEQ1VqjI4AWzMZaSHQekAJV wWROkaf1Btfx8lidH/g/ZQ8vQXKC4NP2KMSoLcmXzoUT9jIVH5LQxACc2LRf/T9N Is9ZRqjbkMVMCIeJKaHOOeYyFpC68Mt6su40lucOxXC1ABBbZKsL9LDEH99IgmB9 Fzdz1g+ftyp75aDBk6QZleN0jFbNvt6ARRejGlribngxsXZNg3CZ/wy6U6HbCi3J OUQUE0Wispp+T/uDMafIVHKO6QGPk8ZSdRdAkMyfv0Y7xekQFi9e1N9jNpGfDfO+ 9iJPjnVd26N82aI+NrtKx8QUNvSvlQnmIBLFr8fdZLrc4rg3CHVcRwlCdwhzb5jJ 87UY4NbNqAaq1RyMGfKKAMx6s9MzyqSXKYPZXuS1w3h//nJ3j1Y= =orRX -----END PGP SIGNATURE----- --=-FzM7t+KiuzrOhlbTr8X6--