ripple/minitrace: use pidfd_send_signal over kill(2)

This is slightly safer, protecting against mis-targeted kills due to
PID reuse.

Change-Id: I4800a47dfb52a49a2be1b9d7450f7f4704b8078b

1 files changed, 11 insertions, 3 deletions

diff --git a/ripple/minitrace/src/main.rs b/ripple/minitrace/src/main.rs
index 5bc6e23..2d21f8b 100644
--- a/ripple/minitrace/src/main.rs
+++ b/ripple/minitrace/src/main.rs
@@ -3,7 +3,10 @@
 // SPDX-License-Identifier: OSL-3.0
 
 use {
-	crate::syscall_abi::{AtFlags, DirFd, MapFlags, SyscallEntry},
+	crate::{
+		pidfd::PidFd,
+		syscall_abi::{AtFlags, DirFd, MapFlags, SyscallEntry},
+	},
 	anyhow::{bail, Context, Result},
 	bitflags::bitflags,
 	nix::{
@@ -12,7 +15,7 @@ use {
 			personality::{self, Persona},
 			ptrace,
 			resource::{self, Resource as HostResource},
-			signal::{kill, Signal as HostSignal},
+			signal::Signal as HostSignal,
 			wait::{waitpid, WaitPidFlag, WaitStatus},
 		},
 		unistd::Pid,
@@ -29,6 +32,7 @@ use {
 };
 
 mod maps_file;
+mod pidfd;
 mod syscall_abi;
 
 // TODO(edef): consider implementing this in terms of TID?
@@ -55,6 +59,7 @@ impl Tid {
 struct Process {
 	tgid: Tgid,
 	mem: File,
+	pidfd: PidFd,
 }
 
 impl Process {
@@ -96,15 +101,18 @@ impl Process {
 			status => bail!("unexpected child state: {status:?}"),
 		}
 
+		let pidfd = PidFd::open(tgid.as_pid()).context("Couldn't open child pidfd")?;
+
 		Ok(Process {
 			tgid,
 			mem: File::open(format!("/proc/{}/mem", tgid.0))
 				.context("Couldn't open child memory")?,
+			pidfd,
 		})
 	}
 
 	fn terminate(&self) -> Result<()> {
-		match kill(self.tgid.as_pid(), HostSignal::SIGKILL) {
+		match self.pidfd.kill(HostSignal::SIGKILL) {
 			Ok(()) | Err(nix::Error::ESRCH) => Ok(()),
 			Err(err) => Err(anyhow::Error::from(err).context("Couldn't terminate child")),
 		}