Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revive RFC: Change Process to use directory fd #171

Merged
merged 14 commits into from
Apr 5, 2022
Merged

Revive RFC: Change Process to use directory fd #171

merged 14 commits into from
Apr 5, 2022

Conversation

sunfishcode
Copy link
Contributor

This updates and polishes the patch from #127, which seems to be abandoned, as the author is listed as @ghost. It uses openat and readlinkat to protect against PID reuse.

This also makes two additional changes: it adds a dependency on rustix, which provides safe APIs for openat, readlinkat, and so on, and it bumps the MSRV to 1.48. I know you just recently bumped the MSRV to 1.42, but 1.48 is worth considering, as it's the version of Rust currently in Debian stable, it's newer than the version in the oldest still-supported Fedora release, and it eliminates the need for special instructions for the hex and bitflags dependencies. That said, people have different needs, and of course it's your call as to whether these changes are appropriate for procfs.

Fixes #125.

sunfishcode and others added 5 commits March 15, 2022 08:01
@sunfishcode
Update the MSRV to 1.48.
c69bb94
@sunfishcode
Fix clippy lints, now that MSRV is 1.48.
c97b390
@sunfishcode
Fix more clippy lints.
bd1651f
@sunfishcode
Port to rustix.
d23fe24
@sunfishcode
Change Process to use directory fd
804717f 
All data accessors now use openat and readlinkat when reading procfs
entries, to prevent PID reuse.

Co-authored-by: Jason Francis <zxzax@protonmail.com>
@eminence
Copy link
Owner

Hey, this is pretty neat, thanks for the PR. There's a lot to unpack (and to review) here, so please bear with me...

I took a quick skim and despite the large diff, everything is pretty readable. But I do want to spend some more time looking at all the changes. A few brief comments for now:

  • I think I'm fine bumping the MSRV to 1.48, given what you said about the versions currently shipping in Debian and Fedora (thanks for those details). 1.48 is already more than 1 year old, and if anyone really needs to use something older, I'm OK asking them to stay on v0.12 (if merged, this PR would be part of a v0.13 release).
  • The change to use openat and friends looks nice. In particular, the simplification of Process::is_alive is a good demonstration of the benefits of this approach, I like it.
  • I'm not opposed to the port to rustix, but I do want to study it a bit more. In particular, a small number of rustix types are exposed as part of the public API of this crate, so the port to rustix is not quite an entirely internal implementation details.

@sunfishcode
Make the fd members of Process and Task private.
79515e4 
These are implementation details that don't need to be part of the public API.
@sunfishcode
Replace Process::metadata with Process::uid in the public API.
5fdcb2e 
This avoids exposing `rustix::fs::Stat` in the public API, and makes the
main obvious use case simpler.
@sunfishcode
Make FDInfo::from_process_at private.
7ff9a62 
This hides the use of `BorrowedFd` to hold a procfs directory
file descriptor from the public API.
@sunfishcode
Remove the impl From<rustix::io::Error> for ProcError.
afeeb30 
This `impl` is visible in the public API, so hide it, and just manually
convert error types as needed.
@sunfishcode
Represent FDPermissions as a u16.
211c0d6 
This takes the rustix `RawMode` type out of the public API, and it uses
fewer bits.
@sunfishcode
Update to rustix 0.34.0.
3bfcc25
@sunfishcode
Copy link
Contributor Author 

* I'm not opposed to the port to `rustix`, but I do want to study it a bit more.  In particular, a small number of `rustix` types are exposed as part of the public API of this crate, so the port to `rustix` is not quite an entirely internal implementation details.

Some of those things were APIs which don't actually need to be public, and others were things that could be avoided. I've now fixed them, so rustix doesn't appear in the public API at all.

@eminence
Copy link
Owner

Thanks, I appreciate that

eminence
eminence approved these changes Mar 17, 2022
View reviewed changes
@eminence eminence mentioned this pull request Mar 18, 2022
Merged
@sunfishcode
Copy link
Contributor Author

Is there anything else you'd like to see in this PR?

@eminence
Copy link
Owner

eminence commented Apr 4, 2022

No, sorry for my delinquency here. I did spend some time trying to update a project to using this new version, and I will say that the fact that Process is no longer clone and the fact that there is no longer a pre-populated stat field was surprisingly annoying. I think I'm going to want to think about a new quality-of-life APIs before releasing this.

But that of course doesn't need to help up this PR.

One final question for you: How closely should I be following rustix versions? Do you think the current minimum version of 0.34.0 will be fine for the foreseeable future?

@sunfishcode
Copy link
Contributor Author

Yeah, 0.34.0 should be good for a while. There will likely be a 0.35 at some point over the next few months, to synchronize rustix with the io_safety API in Rust as it stabilizes, but I'm expecting to backport any important bug fixes to 0.34 point releases.

@eminence eminence merged commit 8c4949c into eminence:master Apr 5, 2022
@sunfishcode sunfishcode mentioned this pull request Apr 5, 2022
Closed
@sunfishcode sunfishcode deleted the sunfishcode/rustix branch April 5, 2022 11:37
sunfishcode added a commit to sunfishcode/procfs that referenced this pull request Jul 11, 2022
@sunfishcode
Re-introduce all_processes_with_root.
37c44c6 
It apppears I accidentally removed `all_processes_with_root` in eminence#171.
This PR reintroduces it.
@sunfishcode sunfishcode mentioned this pull request Jul 11, 2022
Merged
@obaudys obaudys mentioned this pull request Jul 22, 2022
Closed
eminence added a commit that referenced this pull request Aug 20, 2022
@eminence
Don't consider Zombies to be alive
20b1182 
This fixes a regression that was introduced in #171

Closes #197
@eminence eminence mentioned this pull request Aug 20, 2022
Merged
eminence added a commit that referenced this pull request Aug 20, 2022
@eminence
Don't consider Zombies to be alive
94457d0 
This fixes a regression that was introduced in #171

Closes #197

(cherry picked from commit 20b1182)
eminence added a commit that referenced this pull request Aug 20, 2022
@eminence
Don't consider Zombies to be alive
84c6c24 
This fixes a regression that was introduced in #171

Closes #197

(cherry picked from commit 20b1182)
eminence added a commit that referenced this pull request Aug 21, 2022
@eminence
Don't consider Zombies to be alive
f8356f0 
This fixes a regression that was introduced in #171

Closes #197

(cherry picked from commit 20b1182)
ludo-c pushed a commit to ludo-c/procfs that referenced this pull request Sep 18, 2022
@eminence @ludo-c
Don't consider Zombies to be alive
4d8521c 
This fixes a regression that was introduced in eminence#171

Closes eminence#197
ludo-c pushed a commit to ludo-c/procfs that referenced this pull request Oct 7, 2022
@eminence @ludo-c
Don't consider Zombies to be alive
d71b9f5 
This fixes a regression that was introduced in eminence#171

Closes eminence#197
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eminence eminence eminence approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Process struct should carry an fd and use openat
2 participants
@sunfishcode @eminence