Re: pidfd design
From: Linus Torvalds
Date: Mon Mar 25 2019 - 13:45:52 EST
On Fri, Mar 22, 2019 at 11:34 AM Michael Tirado <mtirado418@xxxxxxxxx> wrote:
>
> On Wed, Mar 20, 2019 at 8:08 PM Alexey Dobriyan <adobriyan@xxxxxxxxx> wrote:
> >
> > pidfd code should be backed out immediately. Forget about /proc.
>
> Seems like Torvalds just merges this sort of "stuff" without reading
> it now, or there's something that auto accepted pull request to RC tree?
There is no auto-accept.
But there also didn't seem to be any valid arguments against it, and
the android people had arguments for it.
Arguing against it based on "I don't like /proc" is pointless. The
fact is, /proc is our system interface for a lot of things.
Arguing against it based on "I worry about the _other_
non-signal-sending things that could be done with this" is also
pointless. What other things? The only thing that got merged was the
signalling.
Now, arguing that signalling should use the open-time credentials
might make sense, but this isn't read/write. You can't fool some suid
program to do magic randon system calls for you, and if you can, then
arguing about pidfd is kind of pointless.
So the model of using a file descriptor instead of a 'pid' for signal
handling is actually very unix-like. Maybe that's how pid's should
have worked to begin with. Remember that whole "everything is a file"
thing?
Now, the fact that fork() and clone() return a pid obviously means
that pidfd isn't the primary model (not to decades of just history),
but that doesn't make pidfd wrong.
And namespace issues etc are all also kind of irrelevant. If you open
random files in /proc and randomly do pidfd_send_signal() on those,
you get random results. If that worries you, then DON'T DO THAT THEN,
for chrissake! That's not a sane model to begin with, but it's not the
usage model for this, so it's another completely specious argument.
So yes, I thought about the pidfd pull (which was why it happened at
the very end of the merge window), and I found the arguments against
it bad.
Linus