Re: [PATCH v9] pidfd: add ioctl to retrieve pid info

From: Jonathan Corbet
Date: Wed Oct 09 2024 - 15:21:05 EST


luca.boccassi@xxxxxxxxx writes:

> As discussed at LPC24, add an ioctl with an extensible struct
> so that more parameters can be added later if needed. Start with
> returning pid/tgid/ppid and creds unconditionally, and cgroupid
> optionally.

I was looking this over, and a couple of questions came to mind...

> Signed-off-by: Luca Boccassi <luca.boccassi@xxxxxxxxx>
> ---

[...]

> diff --git a/fs/pidfs.c b/fs/pidfs.c
> index 80675b6bf884..15cdc7fe4968 100644
> --- a/fs/pidfs.c
> +++ b/fs/pidfs.c
> @@ -2,6 +2,7 @@
> #include <linux/anon_inodes.h>
> #include <linux/file.h>
> #include <linux/fs.h>
> +#include <linux/cgroup.h>
> #include <linux/magic.h>
> #include <linux/mount.h>
> #include <linux/pid.h>
> @@ -114,6 +115,83 @@ static __poll_t pidfd_poll(struct file *file, struct poll_table_struct *pts)
> return poll_flags;
> }
>
> +static long pidfd_info(struct task_struct *task, unsigned int cmd, unsigned long arg)
> +{
> + struct pidfd_info __user *uinfo = (struct pidfd_info __user *)arg;
> + size_t usize = _IOC_SIZE(cmd);
> + struct pidfd_info kinfo = {};
> + struct user_namespace *user_ns;
> + const struct cred *c;
> + __u64 request_mask;
> +
> + if (!uinfo)
> + return -EINVAL;
> + if (usize < sizeof(struct pidfd_info))
> + return -EINVAL; /* First version, no smaller struct possible */
> +
> + if (copy_from_user(&request_mask, &uinfo->request_mask, sizeof(request_mask)))
> + return -EFAULT;

You don't check request_mask for unrecognized flags, so user space will
not get an error if it puts random gunk there. That, in turn, can make
it harder to add new options in the future.

> + c = get_task_cred(task);
> + if (!c)
> + return -ESRCH;

[...]

> +
> + /*
> + * If userspace and the kernel have the same struct size it can just
> + * be copied. If userspace provides an older struct, only the bits that
> + * userspace knows about will be copied. If userspace provides a new
> + * struct, only the bits that the kernel knows about will be copied and
> + * the size value will be set to the size the kernel knows about.
> + */
> + if (copy_to_user(uinfo, &kinfo, min(usize, sizeof(kinfo))))
> + return -EFAULT;

Which "size value" are you referring to here; I can't see it.

If user space has a bigger struct, should you perhaps zero-fill the part
the kernel doesn't know about?

> + return 0;
> +}

Thanks,

jon