Re: [PATCH v3 2/2] fanotify: allow reporting pidfds for reaped tasks

[Amir Goldstein]

On Sat, May 30, 2026 at 3:37 AM AnonymeMeow <anonymemeow@xxxxxxxxx> wrote:
>
> Fanotify used to refuse to report pidfds for reaped tasks by applying a
> pid_has_task() check before calling pidfd_prepare(). This prevented
> userspace from obtaining information about the task.
>
> Fanotify events already hold a reference to the task's pid struct, so
> the check can be safely dropped and pidfds can be reported for reaped
> tasks as well.
>

I'd add:

Suggested-by: Christian Brauner <brauner@xxxxxxxxxx>
Link: https://lore.kernel.org/linux-fsdevel/20260529-erdig-eckig-querulant-439a4ba4317d@brauner/

So when people come shouting we know who to blame ;)

> Signed-off-by: AnonymeMeow <anonymemeow@xxxxxxxxx>

Reviewed-by: Amir Goldstein <amir73il@xxxxxxxxx>

No need to post v4 just for adding those
Just add them if you happen to send v4 due some other review comments
and anyway we need to wait for Jan to wait in on this change

Thanks,
Amir.

> ---
>  fs/notify/fanotify/fanotify_user.c | 18 +++++-------------
>  1 file changed, 5 insertions(+), 13 deletions(-)
>
> diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
> index ebdd48942029..b604e3da58ad 100644
> --- a/fs/notify/fanotify/fanotify_user.c
> +++ b/fs/notify/fanotify/fanotify_user.c
> @@ -904,20 +904,12 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group,
>                 metadata.fd = fd >= 0 ? fd : FAN_NOFD;
>
>         if (pidfd_mode) {
> -               unsigned int tid_mode = FAN_GROUP_FLAG(group, FAN_REPORT_TID);
> -               enum pid_type pidtype = tid_mode ? PIDTYPE_PID : PIDTYPE_TGID;
> -               unsigned int pidfd_flags = tid_mode ? PIDFD_THREAD : 0;
> +               unsigned int pidfd_flags = PIDFD_STALE;
>
> -               /*
> -                * The pid_has_task() check for an event->pid is performed
> -                * preemptively in an attempt to catch out cases where the event
> -                * listener reads events after the event generating task has
> -                * already terminated.  Depending on flag FAN_REPORT_FD_ERROR,
> -                * report either -ESRCH or FAN_NOPIDFD to the event listener in
> -                * those cases with all other pidfd creation errors reported as
> -                * the error code itself or as FAN_EPIDFD.
> -                */
> -               if (metadata.pid && pid_has_task(event->pid, pidtype))
> +               if (FAN_GROUP_FLAG(group, FAN_REPORT_TID))
> +                       pidfd_flags |= PIDFD_THREAD;
> +
> +               if (metadata.pid)
>                         pidfd = pidfd_prepare(event->pid, pidfd_flags, &pidfd_file);
>
>                 if (!FAN_GROUP_FLAG(group, FAN_REPORT_FD_ERROR) && pidfd < 0)
> --
> 2.54.0
>