18607725477

Committed 17 Oct 2025 07:30PM UTC coverage: 72.189% (-0.2%) from 72.363%

Build # 18607725477

Build Type

push

github

Committed by

web-flow

Commit Message

Assorted coverity fixes (#39355)

Run Details

5 of 6 new or added lines in 4 files covered. (83.33%)

858 existing lines in 51 files now uncovered.

303873 of 420941 relevant lines covered (72.19%)

1152650.64 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

72.6

/src/basic/pidfd-util.c

/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include <linux/fs.h>
#include <linux/magic.h>
#include <sys/ioctl.h>
#include <threads.h>
#include <unistd.h>

#include "errno-util.h"
#include "fd-util.h"
#include "fileio.h"
#include "mountpoint-util.h"
#include "parse-util.h"
#include "pidfd-util.h"
#include "process-util.h"
#include "stat-util.h"
#include "stdio-util.h"
#include "string-util.h"
#include "unaligned.h"

static thread_local int have_pidfs = -1;

int pidfd_check_pidfs(int pid_fd) {

        /* NB: the passed fd *must* be acquired via pidfd_open(), i.e. must be a true pidfd! */

        if (have_pidfs >= 0)
                return have_pidfs;

        _cleanup_close_ int our_fd = -EBADF;
        if (pid_fd < 0) {
                our_fd = pidfd_open(getpid_cached(), /* flags = */ 0);
                if (our_fd < 0)
                        return -errno;

                pid_fd = our_fd;
        }

        return (have_pidfs = fd_is_fs_type(pid_fd, PID_FS_MAGIC));
}

int pidfd_get_namespace(int fd, unsigned long ns_type_cmd) {
        static bool cached_supported = true;

        /* Obtain the namespace fd from pidfd directly through ioctl(PIDFD_GET_*_NAMESPACE).
         *
         * Returns -EOPNOTSUPP if ioctl on pidfds are not supported, -ENOPKG if the requested namespace
         * is disabled in kernel. (The errno used are different from what kernel returns via ioctl(),
         * see below) */

        assert(fd >= 0);

        /* If we know ahead of time that pidfs is unavailable, shortcut things. But otherwise we don't
         * call pidfd_check_pidfs() here, which is kinda extraneous and our own cache is required
         * anyways (pidfs is introduced in kernel 6.9 while ioctl support there is added in 6.11). */
        if (have_pidfs == 0 || !cached_supported)
                return -EOPNOTSUPP;

        int nsfd = ioctl(fd, ns_type_cmd, 0);
        if (nsfd < 0) {
                /* Kernel returns EOPNOTSUPP if the ns type in question is disabled. Hence we need to look
                 * at precise errno instead of generic ERRNO_IS_(IOCTL_)NOT_SUPPORTED. */
                if (IN_SET(errno, ENOTTY, EINVAL)) {
                        cached_supported = false;
                        return -EOPNOTSUPP;
                }
                if (errno == EOPNOTSUPP) /* Translate to something more recognizable */
                        return -ENOPKG;

                return -errno;
        }

        return nsfd;
}

static int pidfd_get_info(int fd, struct pidfd_info *info) {
        static bool cached_supported = true;

        assert(fd >= 0);
        assert(info);

        if (have_pidfs == 0 || !cached_supported)
                return -EOPNOTSUPP;

        if (ioctl(fd, PIDFD_GET_INFO, info) < 0) {
                if (ERRNO_IS_IOCTL_NOT_SUPPORTED(errno)) {
                        cached_supported = false;
                        return -EOPNOTSUPP;
                }

                return -errno;
        }

        return 0;
}

static int pidfd_get_pid_fdinfo(int fd, pid_t *ret) {
        char path[STRLEN("/proc/self/fdinfo/") + DECIMAL_STR_MAX(int)];
        _cleanup_free_ char *p = NULL;
        int r;

        assert(fd >= 0);

        xsprintf(path, "/proc/self/fdinfo/%i", fd);

        r = get_proc_field(path, "Pid", &p);
        if (r == -ENOENT)
                return -EBADF;
        if (r == -ENODATA) /* not a pidfd? */
                return -ENOTTY;
        if (r < 0)
                return r;

        if (streq(p, "0"))
                return -EREMOTE; /* PID is in foreign PID namespace? */
        if (streq(p, "-1"))
                return -ESRCH;   /* refers to reaped process? */

        return parse_pid(p, ret);
}

static int pidfd_get_pid_ioctl(int fd, pid_t *ret) {
        struct pidfd_info info = { .mask = PIDFD_INFO_PID };
        int r;

        assert(fd >= 0);

        r = pidfd_get_info(fd, &info);
        if (r < 0)
                return r;

        assert(FLAGS_SET(info.mask, PIDFD_INFO_PID));

        if (ret)
                *ret = info.pid;
        return 0;
}

int pidfd_get_pid(int fd, pid_t *ret) {
        int r;

        /* Converts a pidfd into a pid. We try ioctl(PIDFD_GET_INFO) (kernel 6.13+) first,
         * /proc/self/fdinfo/ as fallback. Well known errors:
         *
         *    -EBADF   → fd invalid
         *    -ESRCH   → fd valid, but process is already reaped
         *
         * pidfd_get_pid_fdinfo() might additionally fail for other reasons:
         *
         *    -ENOSYS  → /proc/ not mounted
         *    -ENOTTY  → fd valid, but not a pidfd
         *    -EREMOTE → fd valid, but pid is in another namespace we cannot translate to the local one
         *               (when using PIDFD_GET_INFO this is indistinguishable from -ESRCH)
         */

        assert(fd >= 0);

        r = pidfd_get_pid_ioctl(fd, ret);
        if (r != -EOPNOTSUPP)
                return r;

        return pidfd_get_pid_fdinfo(fd, ret);
}

int pidfd_verify_pid(int pidfd, pid_t pid) {
        pid_t current_pid;
        int r;

        assert(pidfd >= 0);
        assert(pid > 0);

        r = pidfd_get_pid(pidfd, &current_pid);
        if (r < 0)
                return r;

        return current_pid != pid ? -ESRCH : 0;
}

int pidfd_get_ppid(int fd, pid_t *ret) {
        struct pidfd_info info = { .mask = PIDFD_INFO_PID };
        int r;

        assert(fd >= 0);

        r = pidfd_get_info(fd, &info);
        if (r < 0)
                return r;

        assert(FLAGS_SET(info.mask, PIDFD_INFO_PID));

        if (info.ppid == 0) /* See comments in pid_get_ppid() */
                return -EADDRNOTAVAIL;

        if (ret)
                *ret = info.ppid;
        return 0;
}

int pidfd_get_uid(int fd, uid_t *ret) {
        struct pidfd_info info = { .mask = PIDFD_INFO_CREDS };
        int r;

        assert(fd >= 0);

        r = pidfd_get_info(fd, &info);
        if (r < 0)
                return r;

        assert(FLAGS_SET(info.mask, PIDFD_INFO_CREDS));

        if (ret)
                *ret = info.ruid;
        return 0;
}

int pidfd_get_cgroupid(int fd, uint64_t *ret) {
        struct pidfd_info info = { .mask = PIDFD_INFO_CGROUPID };
        int r;

        assert(fd >= 0);

        r = pidfd_get_info(fd, &info);
        if (r < 0)
                return r;

        assert(FLAGS_SET(info.mask, PIDFD_INFO_CGROUPID));

        if (ret)
                *ret = info.cgroupid;
        return 0;
}

int pidfd_get_inode_id_impl(int fd, uint64_t *ret) {
        static thread_local bool file_handle_supported = true;
        int r;

        assert(fd >= 0);

        if (file_handle_supported) {
                union {
                        struct file_handle file_handle;
                        uint8_t space[offsetof(struct file_handle, f_handle) + sizeof(uint64_t)];
                } fh = {
                        .file_handle.handle_bytes = sizeof(uint64_t),
                        .file_handle.handle_type = FILEID_KERNFS,
                };
                int mnt_id;

                r = RET_NERRNO(name_to_handle_at(fd, "", &fh.file_handle, &mnt_id, AT_EMPTY_PATH));
                if (r >= 0) {
                        if (ret)
                                /* Note, "struct file_handle" is 32bit aligned usually, but we need to read a 64bit value from it */
                                *ret = unaligned_read_ne64(fh.file_handle.f_handle);
                        return 0;
                }
                assert(r != -EOVERFLOW);
                if (is_name_to_handle_at_fatal_error(r))
                        return r;

                file_handle_supported = false;
        }

#if SIZEOF_INO_T == 8
        struct stat st;
        if (fstat(fd, &st) < 0)
                return -errno;

        if (ret)
                *ret = (uint64_t) st.st_ino;
        return 0;

#elif SIZEOF_INO_T == 4
        /* On 32-bit systems (where sizeof(ino_t) == 4), the inode id returned by fstat() cannot be used to
         * reliably identify the process, nor can we communicate the origin of the id with the clients.
         * Hence let's just refuse to acquire pidfdid through fstat() here. All clients shall also insist on
         * the 64-bit id from name_to_handle_at(). */
        return -EOPNOTSUPP;
#else
#  error Unsupported ino_t size
#endif
}

int pidfd_get_inode_id(int fd, uint64_t *ret) {
        int r;

        assert(fd >= 0);

        r = pidfd_check_pidfs(fd);
        if (r < 0)
                return r;
        if (r == 0)
                return -EOPNOTSUPP;

        return pidfd_get_inode_id_impl(fd, ret);
}

int pidfd_get_inode_id_self_cached(uint64_t *ret) {
        static thread_local uint64_t cached = 0;
        static thread_local pid_t initialized = 0; /* < 0: cached error; == 0: invalid; > 0: valid and pid that was current */
        int r;

        assert(ret);

        if (initialized == getpid_cached()) {
                *ret = cached;
                return 0;
        }
        if (initialized < 0)
                return initialized;

        _cleanup_close_ int fd = pidfd_open(getpid_cached(), 0);
        if (fd < 0)
                return -errno;

        r = pidfd_get_inode_id(fd, &cached);
        if (ERRNO_IS_NEG_NOT_SUPPORTED(r))
                return (initialized = -EOPNOTSUPP);
        if (r < 0)
                return r;

        *ret = cached;
        initialized = getpid_cached();
        return 0;
}

1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3	#include <linux/fs.h>
4	#include <linux/magic.h>
5	#include <sys/ioctl.h>
6	#include <threads.h>
7	#include <unistd.h>
8
9	#include "errno-util.h"
10	#include "fd-util.h"
11	#include "fileio.h"
12	#include "mountpoint-util.h"
13	#include "parse-util.h"
14	#include "pidfd-util.h"
15	#include "process-util.h"
16	#include "stat-util.h"
17	#include "stdio-util.h"
18	#include "string-util.h"
19	#include "unaligned.h"
20
21	static thread_local int have_pidfs = -1;
22
23	int pidfd_check_pidfs(int pid_fd) {	27,581✔
24
25	/* NB: the passed fd must be acquired via pidfd_open(), i.e. must be a true pidfd! */
26
27	if (have_pidfs >= 0)	27,581✔
28	return have_pidfs;	27,581✔
29
30	_cleanup_close_ int our_fd = -EBADF;	27,581✔
31	if (pid_fd < 0) {	6,887✔
32	our_fd = pidfd_open(getpid_cached(), /* flags = */ 0);	1✔
33	if (our_fd < 0)	1✔
34	return -errno;	×
35
36	pid_fd = our_fd;
37	}
38
39	return (have_pidfs = fd_is_fs_type(pid_fd, PID_FS_MAGIC));	6,887✔
40	}
41
42	int pidfd_get_namespace(int fd, unsigned long ns_type_cmd) {	8,946✔
43	static bool cached_supported = true;	8,946✔
44
45	/* Obtain the namespace fd from pidfd directly through ioctl(PIDFD_GET_*_NAMESPACE).
46	*
47	* Returns -EOPNOTSUPP if ioctl on pidfds are not supported, -ENOPKG if the requested namespace
48	* is disabled in kernel. (The errno used are different from what kernel returns via ioctl(),
49	* see below) */
50
51	assert(fd >= 0);	8,946✔
52
53	/* If we know ahead of time that pidfs is unavailable, shortcut things. But otherwise we don't
54	* call pidfd_check_pidfs() here, which is kinda extraneous and our own cache is required
55	* anyways (pidfs is introduced in kernel 6.9 while ioctl support there is added in 6.11). */
56	if (have_pidfs == 0 \|\| !cached_supported)	8,946✔
57	return -EOPNOTSUPP;
58
59	int nsfd = ioctl(fd, ns_type_cmd, 0);	8,946✔
60	if (nsfd < 0) {	8,946✔
61	/* Kernel returns EOPNOTSUPP if the ns type in question is disabled. Hence we need to look
62	* at precise errno instead of generic ERRNO_IS_(IOCTL_)NOT_SUPPORTED. */
63	if (IN_SET(errno, ENOTTY, EINVAL)) {	1✔
64	cached_supported = false;	×
65	return -EOPNOTSUPP;	×
66	}
67	if (errno == EOPNOTSUPP) /* Translate to something more recognizable */	1✔
68	return -ENOPKG;
69
70	return -errno;	1✔
71	}
72
73	return nsfd;
74	}
75
76	static int pidfd_get_info(int fd, struct pidfd_info *info) {	38,712✔
77	static bool cached_supported = true;	38,712✔
78
79	assert(fd >= 0);	38,712✔
80	assert(info);	38,712✔
81
82	if (have_pidfs == 0 \|\| !cached_supported)	38,712✔
83	return -EOPNOTSUPP;
84
85	if (ioctl(fd, PIDFD_GET_INFO, info) < 0) {	38,712✔
86	if (ERRNO_IS_IOCTL_NOT_SUPPORTED(errno)) {	2,346✔
UNCOV 87	cached_supported = false;	×
UNCOV 88	return -EOPNOTSUPP;	×
89	}
90
91	return -errno;	2,346✔
92	}
93
94	return 0;
95	}
96
UNCOV 97	static int pidfd_get_pid_fdinfo(int fd, pid_t *ret) {	×
UNCOV 98	char path[STRLEN("/proc/self/fdinfo/") + DECIMAL_STR_MAX(int)];	×
UNCOV 99	_cleanup_free_ char *p = NULL;	×
UNCOV 100	int r;	×
101
UNCOV 102	assert(fd >= 0);	×
103
UNCOV 104	xsprintf(path, "/proc/self/fdinfo/%i", fd);	×
105
UNCOV 106	r = get_proc_field(path, "Pid", &p);	×
UNCOV 107	if (r == -ENOENT)	×
108	return -EBADF;
UNCOV 109	if (r == -ENODATA) /* not a pidfd? */	×
110	return -ENOTTY;
UNCOV 111	if (r < 0)	×
112	return r;
113
UNCOV 114	if (streq(p, "0"))	×
115	return -EREMOTE; /* PID is in foreign PID namespace? */
UNCOV 116	if (streq(p, "-1"))	×
117	return -ESRCH; /* refers to reaped process? */
118
UNCOV 119	return parse_pid(p, ret);	×
120	}
121
122	static int pidfd_get_pid_ioctl(int fd, pid_t *ret) {	36,532✔
123	struct pidfd_info info = { .mask = PIDFD_INFO_PID };	36,532✔
124	int r;	36,532✔
125
126	assert(fd >= 0);	36,532✔
127
128	r = pidfd_get_info(fd, &info);	36,532✔
129	if (r < 0)	36,532✔
130	return r;	36,532✔
131
132	assert(FLAGS_SET(info.mask, PIDFD_INFO_PID));	34,186✔
133
134	if (ret)	34,186✔
135	*ret = info.pid;	34,186✔
136	return 0;
137	}
138
139	int pidfd_get_pid(int fd, pid_t *ret) {	36,532✔
140	int r;	36,532✔
141
142	/* Converts a pidfd into a pid. We try ioctl(PIDFD_GET_INFO) (kernel 6.13+) first,
143	* /proc/self/fdinfo/ as fallback. Well known errors:
144	*
145	* -EBADF → fd invalid
146	* -ESRCH → fd valid, but process is already reaped
147	*
148	* pidfd_get_pid_fdinfo() might additionally fail for other reasons:
149	*
150	* -ENOSYS → /proc/ not mounted
151	* -ENOTTY → fd valid, but not a pidfd
152	* -EREMOTE → fd valid, but pid is in another namespace we cannot translate to the local one
153	* (when using PIDFD_GET_INFO this is indistinguishable from -ESRCH)
154	*/
155
156	assert(fd >= 0);	36,532✔
157
158	r = pidfd_get_pid_ioctl(fd, ret);	36,532✔
159	if (r != -EOPNOTSUPP)	36,532✔
160	return r;
161
UNCOV 162	return pidfd_get_pid_fdinfo(fd, ret);	×
163	}
164
165	int pidfd_verify_pid(int pidfd, pid_t pid) {	18,867✔
166	pid_t current_pid;	18,867✔
167	int r;	18,867✔
168
169	assert(pidfd >= 0);	18,867✔
170	assert(pid > 0);	18,867✔
171
172	r = pidfd_get_pid(pidfd, &current_pid);	18,867✔
173	if (r < 0)	18,867✔
174	return r;	18,867✔
175
176	return current_pid != pid ? -ESRCH : 0;	16,521✔
177	}
178
179	int pidfd_get_ppid(int fd, pid_t *ret) {	2,116✔
180	struct pidfd_info info = { .mask = PIDFD_INFO_PID };	2,116✔
181	int r;	2,116✔
182
183	assert(fd >= 0);	2,116✔
184
185	r = pidfd_get_info(fd, &info);	2,116✔
186	if (r < 0)	2,116✔
187	return r;	2,116✔
188
189	assert(FLAGS_SET(info.mask, PIDFD_INFO_PID));	2,116✔
190
191	if (info.ppid == 0) /* See comments in pid_get_ppid() */	2,116✔
192	return -EADDRNOTAVAIL;
193
194	if (ret)	2,115✔
195	*ret = info.ppid;	2,115✔
196	return 0;
197	}
198
199	int pidfd_get_uid(int fd, uid_t *ret) {	64✔
200	struct pidfd_info info = { .mask = PIDFD_INFO_CREDS };	64✔
201	int r;	64✔
202
203	assert(fd >= 0);	64✔
204
205	r = pidfd_get_info(fd, &info);	64✔
206	if (r < 0)	64✔
207	return r;	64✔
208
209	assert(FLAGS_SET(info.mask, PIDFD_INFO_CREDS));	64✔
210
211	if (ret)	64✔
212	*ret = info.ruid;	64✔
213	return 0;
214	}
215
216	int pidfd_get_cgroupid(int fd, uint64_t *ret) {	×
217	struct pidfd_info info = { .mask = PIDFD_INFO_CGROUPID };	×
218	int r;	×
219
220	assert(fd >= 0);	×
221
222	r = pidfd_get_info(fd, &info);	×
223	if (r < 0)	×
224	return r;	×
225
226	assert(FLAGS_SET(info.mask, PIDFD_INFO_CGROUPID));	×
227
228	if (ret)	×
229	*ret = info.cgroupid;	×
230	return 0;
231	}
232
233	int pidfd_get_inode_id_impl(int fd, uint64_t *ret) {	27,580✔
234	static thread_local bool file_handle_supported = true;	27,580✔
235	int r;	27,580✔
236
237	assert(fd >= 0);	27,580✔
238
239	if (file_handle_supported) {	27,580✔
240	union {	27,580✔
241	struct file_handle file_handle;
242	uint8_t space[offsetof(struct file_handle, f_handle) + sizeof(uint64_t)];
243	} fh = {	27,580✔
244	.file_handle.handle_bytes = sizeof(uint64_t),
245	.file_handle.handle_type = FILEID_KERNFS,
246	};
247	int mnt_id;	27,580✔
248
249	r = RET_NERRNO(name_to_handle_at(fd, "", &fh.file_handle, &mnt_id, AT_EMPTY_PATH));	27,580✔
UNCOV 250	if (r >= 0) {	×
251	if (ret)	27,580✔
252	/* Note, "struct file_handle" is 32bit aligned usually, but we need to read a 64bit value from it */
253	*ret = unaligned_read_ne64(fh.file_handle.f_handle);	27,579✔
254	return 0;	27,580✔
255	}
UNCOV 256	assert(r != -EOVERFLOW);	×
UNCOV 257	if (is_name_to_handle_at_fatal_error(r))	×
258	return r;
259
UNCOV 260	file_handle_supported = false;	×
261	}
262
263	#if SIZEOF_INO_T == 8
UNCOV 264	struct stat st;	×
UNCOV 265	if (fstat(fd, &st) < 0)	×
266	return -errno;	×
267
UNCOV 268	if (ret)	×
UNCOV 269	*ret = (uint64_t) st.st_ino;	×
270	return 0;
271
272	#elif SIZEOF_INO_T == 4
273	/* On 32-bit systems (where sizeof(ino_t) == 4), the inode id returned by fstat() cannot be used to
274	* reliably identify the process, nor can we communicate the origin of the id with the clients.
275	* Hence let's just refuse to acquire pidfdid through fstat() here. All clients shall also insist on
276	* the 64-bit id from name_to_handle_at(). */
277	return -EOPNOTSUPP;
278	#else
279	# error Unsupported ino_t size
280	#endif
281	}
282
283	int pidfd_get_inode_id(int fd, uint64_t *ret) {	27,579✔
284	int r;	27,579✔
285
286	assert(fd >= 0);	27,579✔
287
288	r = pidfd_check_pidfs(fd);	27,579✔
289	if (r < 0)	27,579✔
290	return r;
291	if (r == 0)	27,579✔
292	return -EOPNOTSUPP;
293
294	return pidfd_get_inode_id_impl(fd, ret);	27,579✔
295	}
296
297	int pidfd_get_inode_id_self_cached(uint64_t *ret) {	27,149✔
298	static thread_local uint64_t cached = 0;	27,149✔
299	static thread_local pid_t initialized = 0; /* < 0: cached error; == 0: invalid; > 0: valid and pid that was current */	27,149✔
300	int r;	27,149✔
301
302	assert(ret);	27,149✔
303
304	if (initialized == getpid_cached()) {	27,149✔
305	*ret = cached;	4,813✔
306	return 0;	4,813✔
307	}
308	if (initialized < 0)	22,336✔
309	return initialized;
310
311	_cleanup_close_ int fd = pidfd_open(getpid_cached(), 0);	49,485✔
312	if (fd < 0)	22,336✔
313	return -errno;	×
314
315	r = pidfd_get_inode_id(fd, &cached);	22,336✔
316	if (ERRNO_IS_NEG_NOT_SUPPORTED(r))	22,336✔
317	return (initialized = -EOPNOTSUPP);	×
318	if (r < 0)	22,336✔
319	return r;
320
321	*ret = cached;	22,336✔
322	initialized = getpid_cached();	22,336✔
323	return 0;	22,336✔
324	}

systemd / systemd / 18607725477

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous