On Wed, May 07, 2025 at 06:13:42PM +0200, Christian Brauner wrote:
> When a coredump connection is initiated use the socket cookie as the
> coredump cookie and store it in the pidfd. The receiver can now easily
> authenticate that the connection is coming from the kernel.
>
> Unless the coredump server expects to handle connection from
> non-crashing task it can validate that the connection has been made from
> a crashing task:
>
> fd_coredump = accept4(fd_socket, NULL, NULL, SOCK_CLOEXEC);
> getsockopt(fd_coredump, SOL_SOCKET, SO_PEERPIDFD, &fd_peer_pidfd, &fd_peer_pidfd_len);
>
> struct pidfd_info info = {
> info.mask = PIDFD_INFO_EXIT | PIDFD_INFO_COREDUMP,
> };
>
> ioctl(pidfd, PIDFD_GET_INFO, &info);
> /* Refuse connections that aren't from a crashing task. */
> if (!(info.mask & PIDFD_INFO_COREDUMP) || !(info.coredump_mask & PIDFD_COREDUMPED) )
> close(fd_coredump);
>
> /*
> * Make sure that the coredump cookie matches the connection cookie.
> * If they don't it's not the coredump connection from the kernel.
> * We'll get another connection request in a bit.
> */
> getsocketop(fd_coredump, SOL_SOCKET, SO_COOKIE, &peer_cookie, &peer_cookie_len);
> if (!info.coredump_cookie || (info.coredump_cookie != peer_cookie))
> close(fd_coredump);
>
> The kernel guarantees that by the time the connection is made the
> coredump info is available.
Nice approach to tie the coredump socket with the coredumped pidfd!
This indeed removes previous race condition.
I guess a socket's cookie is never zero?
