Skip to content

add pidfd_open(2) and pidfd_send_signal(2)#2748

Open
CobaltCause wants to merge 2 commits into
nix-rust:masterfrom
CobaltCause:push-mnqrpwlrmprs
Open

add pidfd_open(2) and pidfd_send_signal(2)#2748
CobaltCause wants to merge 2 commits into
nix-rust:masterfrom
CobaltCause:push-mnqrpwlrmprs

Conversation

@CobaltCause
Copy link
Copy Markdown

@CobaltCause CobaltCause commented Mar 8, 2026
edited
Loading

What does this PR do

It adds pidfd_open(2) and pidfd_send_signal(2). I personally don't have an immediate need for pidfd_getfd(2) so it's not included in this PR. It's particularly important to me that the pidfd_open(2) implementation is async-signal-safe, so that it can be used between fork and exec to achieve race-free PIDFD acquisition without violating any libc's invariants; see the conversation at rust-lang/rust#89522 (comment) for details on that topic.

See #1868 for prior art; review comments there have been addressed here.

Checklist:

  • I have read CONTRIBUTING.md
  • I have written necessary tests and rustdoc comments
  • A change log has been added if this PR modifies nix's API

@CobaltCause CobaltCause force-pushed the push-mnqrpwlrmprs branch 2 times, most recently from 3c6a7e6 to 757d1b4 Compare March 8, 2026 21:27
@CobaltCause
Copy link
Copy Markdown
Author

CobaltCause commented Mar 8, 2026
edited
Loading

CI / cross (arm-unknown-linux-gnueabi) (pull_request) and CI / cross (armv7-unknown-linux-gnueabihf) (pull_request) are failing because they don't have the syscalls, don't know what to do about that. CI / cross (powerpc64le-unknown-linux-gnu) (pull_request) seems to be stuck in the test for pidfd_send_signal(2), don't know what to do about that either1. CI / redox (pull_request) and FreeBSD 14 amd64 & i686 seem to be failing for unrelated reasons?

Footnotes

  1. Actually, maybe it's stuck because the parent process experienced a race with the child's PID...

@CobaltCause CobaltCause marked this pull request as ready for review March 8, 2026 21:43
@CobaltCause CobaltCause marked this pull request as draft March 9, 2026 04:06
@CobaltCause
Copy link
Copy Markdown
Author

CobaltCause commented Mar 9, 2026
edited
Loading

Changing the test to eliminate any potential races actually made it worse, CI / cross (arm-unknown-linux-gnueabi) (pull_request) and CI / cross (armv7-unknown-linux-gnueabihf) (pull_request) became stuck in addition to the one mentioned before. I don't seem to be able to manually cancel the runners and there doesn't seem to be any timeout (the previous attempt ran for about five hours before I pushed again), so I'm just going to add a commit to disable the pidfd_send_signal(2) test for now.

@CobaltCause CobaltCause force-pushed the push-mnqrpwlrmprs branch 2 times, most recently from 54275a2 to 70f234a Compare March 9, 2026 17:58
@CobaltCause
Copy link
Copy Markdown
Author

CobaltCause commented Mar 9, 2026

The common problem between all three checks that were getting stuck is that all of them returned ENOSYS for the PIDFD syscalls. The second round of deadlocks were probably from recvmsg since the corresponding sendmsg would never have been reached, but the cause of the first deadlock is still beyond me. I've reverted back to the simpler test and handled ENOSYS such that the tests explicitly pass in that case, and now the deadlocks are gone and the new tests pass as expected. But now CI / macos-aarch64 (pull_request) is also failing though this seems unrelated.

@CobaltCause CobaltCause marked this pull request as ready for review March 9, 2026 18:10
@CobaltCause
Copy link
Copy Markdown
Author

CobaltCause commented Mar 9, 2026

Hmm, pushed again and now CI / macos-aarch64 (pull_request) is passing, maybe it's just flaky?

Koriit pushed a commit to Koriit/sandboxd that referenced this pull request May 8, 2026
@claude
chore(sandbox-route-helper): cite nix-rust/nix#2748 above libc::sysca…
145e844 
…ll fallback

Follow-up to dropped todo #60. The pre-existing section header at
`sandbox-route-helper/src/main.rs:192` (`// pidfd_open — direct libc
syscall (nix 0.29 does not expose it)`) explained that nix did not
provide a wrapper but did not point at the upstream tracker, leaving
a future reader to guess whether the gap was deliberate or whether
nix had since shipped a wrapper that nobody had wired up. Add a
single-line in-tree comment immediately above the
`libc::syscall(SYS_pidfd_open, ...)` invocation referencing
`nix-rust/nix#2748` so the libc fallback reads as a deliberate gap
pending the upstream wrapper, not an oversight.

The comment shape matches the requested template:
`// nix-rust/nix#2748: pidfd_open wrapper not yet provided; using
libc::syscall as a deliberate gap.` The pre-existing header at line
192 is left untouched — the new comment is additive.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@SteveLauC
Copy link
Copy Markdown
Member

SteveLauC commented May 19, 2026

Hi, the CI failures should go away if you rebase your branch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@CobaltCause @SteveLauC