mbox series

[net-next,0/3] Add SCM_PIDFD and SO_PEERPIDFD

Message ID 20230316131526.283569-1-aleksandr.mikhalitsyn@canonical.com (mailing list archive)
Headers show
Series Add SCM_PIDFD and SO_PEERPIDFD | expand

Message

Alexander Mikhalitsyn March 16, 2023, 1:15 p.m. UTC
1. Implement SCM_PIDFD, a new type of CMSG type analogical to SCM_CREDENTIALS,
but it contains pidfd instead of plain pid, which allows programmers not
to care about PID reuse problem.

2. Add SO_PEERPIDFD which allows to get pidfd of peer socket holder pidfd.
This thing is direct analog of SO_PEERCRED which allows to get plain PID.

3. Add SCM_PIDFD / SO_PEERPIDFD kselftest

Idea comes from UAPI kernel group:
https://uapi-group.org/kernel-features/

Big thanks to Christian Brauner and Lennart Poettering for productive
discussions about this.

Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: Leon Romanovsky <leon@kernel.org>
Cc: David Ahern <dsahern@kernel.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Kees Cook <keescook@chromium.org>
Cc: Christian Brauner <brauner@kernel.org>

Alexander Mikhalitsyn (3):
  scm: add SO_PASSPIDFD and SCM_PIDFD
  net: core: add getsockopt SO_PEERPIDFD
  selftests: net: add SCM_PIDFD / SO_PEERPIDFD test

 arch/alpha/include/uapi/asm/socket.h          |   3 +
 arch/mips/include/uapi/asm/socket.h           |   3 +
 arch/parisc/include/uapi/asm/socket.h         |   3 +
 arch/sparc/include/uapi/asm/socket.h          |   3 +
 include/linux/net.h                           |   1 +
 include/linux/socket.h                        |   1 +
 include/net/scm.h                             |  16 +-
 include/uapi/asm-generic/socket.h             |   3 +
 net/core/sock.c                               |  35 ++
 net/mptcp/sockopt.c                           |   1 +
 net/unix/af_unix.c                            |  18 +-
 tools/include/uapi/asm-generic/socket.h       |   3 +
 tools/testing/selftests/net/.gitignore        |   1 +
 tools/testing/selftests/net/af_unix/Makefile  |   3 +-
 .../testing/selftests/net/af_unix/scm_pidfd.c | 336 ++++++++++++++++++
 15 files changed, 423 insertions(+), 7 deletions(-)
 create mode 100644 tools/testing/selftests/net/af_unix/scm_pidfd.c

Comments

Luca Boccassi March 20, 2023, 2:35 p.m. UTC | #1
On Thu, 2023-03-16 at 14:15 +0100, Alexander Mikhalitsyn wrote:
> 1. Implement SCM_PIDFD, a new type of CMSG type analogical to SCM_CREDENTIALS,
> but it contains pidfd instead of plain pid, which allows programmers not
> to care about PID reuse problem.
> 
> 2. Add SO_PEERPIDFD which allows to get pidfd of peer socket holder pidfd.
> This thing is direct analog of SO_PEERCRED which allows to get plain PID.
> 
> 3. Add SCM_PIDFD / SO_PEERPIDFD kselftest
> 
> Idea comes from UAPI kernel group:
> https://uapi-group.org/kernel-features/
> 
> Big thanks to Christian Brauner and Lennart Poettering for productive
> discussions about this.
> 
> Cc: "David S. Miller" <davem@davemloft.net>
> Cc: Eric Dumazet <edumazet@google.com>
> Cc: Jakub Kicinski <kuba@kernel.org>
> Cc: Paolo Abeni <pabeni@redhat.com>
> Cc: Leon Romanovsky <leon@kernel.org>
> Cc: David Ahern <dsahern@kernel.org>
> Cc: Arnd Bergmann <arnd@arndb.de>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Christian Brauner <brauner@kernel.org>
> 
> Alexander Mikhalitsyn (3):
>   scm: add SO_PASSPIDFD and SCM_PIDFD
>   net: core: add getsockopt SO_PEERPIDFD
>   selftests: net: add SCM_PIDFD / SO_PEERPIDFD test

I've implemented support for this in dbus-daemon:

https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/398

It's working very well. I am also working on the dbus-broker and polkit
side of things, will share the links here once they are in a reviewable
state. But the dbus-daemon implementation is enough to meaningfully
test this.

For the series:

Tested-by: Luca Boccassi <bluca@debian.org>
Luca Boccassi March 27, 2023, 11:18 a.m. UTC | #2
On Mon, 20 Mar 2023 at 14:35, Luca Boccassi <bluca@debian.org> wrote:
>
> On Thu, 2023-03-16 at 14:15 +0100, Alexander Mikhalitsyn wrote:
> > 1. Implement SCM_PIDFD, a new type of CMSG type analogical to SCM_CREDENTIALS,
> > but it contains pidfd instead of plain pid, which allows programmers not
> > to care about PID reuse problem.
> >
> > 2. Add SO_PEERPIDFD which allows to get pidfd of peer socket holder pidfd.
> > This thing is direct analog of SO_PEERCRED which allows to get plain PID.
> >
> > 3. Add SCM_PIDFD / SO_PEERPIDFD kselftest
> >
> > Idea comes from UAPI kernel group:
> > https://uapi-group.org/kernel-features/
> >
> > Big thanks to Christian Brauner and Lennart Poettering for productive
> > discussions about this.
> >
> > Cc: "David S. Miller" <davem@davemloft.net>
> > Cc: Eric Dumazet <edumazet@google.com>
> > Cc: Jakub Kicinski <kuba@kernel.org>
> > Cc: Paolo Abeni <pabeni@redhat.com>
> > Cc: Leon Romanovsky <leon@kernel.org>
> > Cc: David Ahern <dsahern@kernel.org>
> > Cc: Arnd Bergmann <arnd@arndb.de>
> > Cc: Kees Cook <keescook@chromium.org>
> > Cc: Christian Brauner <brauner@kernel.org>
> >
> > Alexander Mikhalitsyn (3):
> >   scm: add SO_PASSPIDFD and SCM_PIDFD
> >   net: core: add getsockopt SO_PEERPIDFD
> >   selftests: net: add SCM_PIDFD / SO_PEERPIDFD test
>
> I've implemented support for this in dbus-daemon:
>
> https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/398
>
> It's working very well. I am also working on the dbus-broker and polkit
> side of things, will share the links here once they are in a reviewable
> state. But the dbus-daemon implementation is enough to meaningfully
> test this.
>
> For the series:
>
> Tested-by: Luca Boccassi <bluca@debian.org>

Polkit changes:

https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/154