On Wed, May 07, 2025 at 06:13:42PM +0200, Christian Brauner wrote: > When a coredump connection is initiated use the socket cookie as the > coredump cookie and store it in the pidfd. The receiver can now easily > authenticate that the connection is coming from the kernel. > > Unless the coredump server expects to handle connection from > non-crashing task it can validate that the connection has been made from > a crashing task: > > fd_coredump = accept4(fd_socket, NULL, NULL, SOCK_CLOEXEC); > getsockopt(fd_coredump, SOL_SOCKET, SO_PEERPIDFD, &fd_peer_pidfd, &fd_peer_pidfd_len); > > struct pidfd_info info = { > info.mask = PIDFD_INFO_EXIT | PIDFD_INFO_COREDUMP, > }; > > ioctl(pidfd, PIDFD_GET_INFO, &info); > /* Refuse connections that aren't from a crashing task. */ > if (!(info.mask & PIDFD_INFO_COREDUMP) || !(info.coredump_mask & PIDFD_COREDUMPED) ) > close(fd_coredump); > > /* > * Make sure that the coredump cookie matches the connection cookie. > * If they don't it's not the coredump connection from the kernel. > * We'll get another connection request in a bit. > */ > getsocketop(fd_coredump, SOL_SOCKET, SO_COOKIE, &peer_cookie, &peer_cookie_len); > if (!info.coredump_cookie || (info.coredump_cookie != peer_cookie)) > close(fd_coredump); > > The kernel guarantees that by the time the connection is made the > coredump info is available. Nice approach to tie the coredump socket with the coredumped pidfd! This indeed removes previous race condition. I guess a socket's cookie is never zero?