From Linus Torvalds <> Date Mon, 25 Mar 2019 10:45:29 -0700 Subject Re: pidfd design On Fri, Mar 22, 2019 at 11:34 AM Michael Tirado <mtirado418@gmail.com> wrote:

>

> On Wed, Mar 20, 2019 at 8:08 PM Alexey Dobriyan <adobriyan@gmail.com> wrote:

> >

> > pidfd code should be backed out immediately. Forget about /proc.

>

> Seems like Torvalds just merges this sort of "stuff" without reading

> it now, or there's something that auto accepted pull request to RC tree?



There is no auto-accept.



But there also didn't seem to be any valid arguments against it, and

the android people had arguments for it.



Arguing against it based on "I don't like /proc" is pointless. The

fact is, /proc is our system interface for a lot of things.



Arguing against it based on "I worry about the _other_

non-signal-sending things that could be done with this" is also

pointless. What other things? The only thing that got merged was the

signalling.



Now, arguing that signalling should use the open-time credentials

might make sense, but this isn't read/write. You can't fool some suid

program to do magic randon system calls for you, and if you can, then

arguing about pidfd is kind of pointless.



So the model of using a file descriptor instead of a 'pid' for signal

handling is actually very unix-like. Maybe that's how pid's should

have worked to begin with. Remember that whole "everything is a file"

thing?



Now, the fact that fork() and clone() return a pid obviously means

that pidfd isn't the primary model (not to decades of just history),

but that doesn't make pidfd wrong.



And namespace issues etc are all also kind of irrelevant. If you open

random files in /proc and randomly do pidfd_send_signal() on those,

you get random results. If that worries you, then DON'T DO THAT THEN,

for chrissake! That's not a sane model to begin with, but it's not the

usage model for this, so it's another completely specious argument.



So yes, I thought about the pidfd pull (which was why it happened at

the very end of the merge window), and I found the arguments against

it bad.



Linus



