Re: [PATCH] proc: test /proc/*/fd a bit (+ PF_KTHREAD is ABI!)

From: Andrew Morton
Date: Tue May 08 2018 - 18:39:27 EST


On Sat, 5 May 2018 03:04:14 +0300 Alexey Dobriyan <adobriyan@xxxxxxxxx> wrote:

> * Test lookup in /proc/self/fd.
> "map_files" lookup story showed that lookup is not that simple.
>
> * Test that all those symlinks open the same file.
> Check with (st_dev, st_info).
>
> * Test that kernel threads do not have anything in their /proc/*/fd/
> directory.
>
> Now this is where things get interesting.
>
> First, kernel threads aren't pinned by /proc/self or equivalent,
> thus some "atomicity" is required.
>
> Second, ->comm can contain whitespace and ')'.
> No, they are not escaped.
>
> Third, the only reliable way to check if process is kernel thread
> appears to be field #9 in /proc/*/stat.
>
> This field is struct task_struct::flags in decimal!
> Check is done by testing PF_KTHREAD flags like we do in kernel.
>
> PF_KTREAD value is a part of userspace ABI !!!

erk. Well if there's a need the we could export and support some
stable interface. I wonder how ps determines this.


> Other methods for determining kernel threadness are not reliable:
> * RSS can be 0 if everything is swapped, even while reading
> from /proc/self.
>
> * ->total_vm CAN BE ZERO if process is finishing
>
> munmap(NULL, whole address space);
>
> * /proc/*/maps and similar files can be empty because unmapping
> everything works. Read returning 0 can't distinguish between
> kernel thread and such suicide process.
>