pidfd_send_signal allows to send a signal to a specific process specified by a PID file descriptor, rather than its 'traditional' process ID.
pidfd_send_signal() syscall invokes
SIGSYS on the process specified by the
pidfd argument, and optionally with additional information from the
info. Unlike the
kill() syscall, this syscall can express the relative process hierarchy by passing the PID file descriptor instead of the real PID.
The extra flags currently supported are
PIDFD_SEND_SIGNAL_OWNER, as specified in the
flags argument. The former is used to inform the process waiting on a pidfd to continue its execution, while the latter is intended to allow a parent process to prevent other users on the same machine to interfere with the process group of the PID file descriptor.
This syscall may be useful when there is a need to perform complex operations on a process or process group from a parent process. It also prevents race conditions which could occur between a child process being created and the parent process being notified of it, since the parent process can simply keep the PID trigger in a file descriptor and perform the action when signalled.
int- the file descriptor of a file with a process ID indicating the specific process the signal will be sent to.
int- the signal that will be sent to the process.
siginfo_t*[U] - Optional additional data, such as the pid of the process that sent the signal and the real uid, which is used to verify the sender's privileges.
unsigned int- Set of flags which might change the behaviour of the syscall.
- U - Originated from user space (for example, pointer to user space memory used to get it).
Kprobes + Uprobes
To handle the sending of signals.
Example Use Case¶
pidfd_send_signal syscall can be used for process synchronization techniques, where a parent process can wait on a PID file descriptor to be signalled before being notified of the completion of a child process.
This idea was inspired in part by
ptrace(2), which can be used to place a trace on a process group in order to observe its execution. However,
ptrace also provides a means of signalling and process suspension features which are not necessary or desirable in certain types of applications.
The implementation of this syscall currently has a bug which can cause some signals to be lost when sent to processes whose parent process is waiting for them.
kill()- sends the signal specified by
sigto the process specified by
getpid()- returns the process ID of the calling process.
waitpid()- suspends execution of the calling process until a child specified by
ptrace()- trace processes. It can be used to intercept, observe and manipulate the execution of process and its children.
This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.