From: Mike Christie <michael.christie@oracle.com>
To: geert@linux-m68k.org, vverma@digitalocean.com, hdanton@sina.com,
hch@infradead.org, stefanha@redhat.com, jasowang@redhat.com,
mst@redhat.com, sgarzare@redhat.com,
virtualization@lists.linux-foundation.org,
christian.brauner@ubuntu.com, axboe@kernel.dk,
linux-kernel@vger.kernel.org
Subject: [PATCH V4 3/8] fork: add option to not clone or dup files
Date: Thu, 7 Oct 2021 16:44:43 -0500 [thread overview]
Message-ID: <20211007214448.6282-4-michael.christie@oracle.com> (raw)
In-Reply-To: <20211007214448.6282-1-michael.christie@oracle.com>
Each vhost device gets a thread that is used to perform IO and management
operations. Instead of a thread that is accessing a device, the thread is
part of the device, so when it calls the kernel_worker() function added in
the next patch we can't dup or clone the parent's files/FDS because it
would do an extra increment on ourself.
Later, when we do:
Qemu process exits:
do_exit -> exit_files -> put_files_struct -> close_files
we would leak the device's resources because of that extra refcount
on the fd or file_struct.
This patch adds a no_files option so these worker threads can prevent
taking an extra refcount on themselves.
Signed-off-by: Mike Christie <michael.christie@oracle.com>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
---
include/linux/sched/task.h | 1 +
kernel/fork.c | 11 +++++++++--
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/include/linux/sched/task.h b/include/linux/sched/task.h
index 53599a99d7e0..1153f9e5d10e 100644
--- a/include/linux/sched/task.h
+++ b/include/linux/sched/task.h
@@ -20,6 +20,7 @@ struct css_set;
#define KERN_WORKER_IO BIT(0)
#define KERN_WORKER_USER BIT(1)
+#define KERN_WORKER_NO_FILES BIT(2)
struct kernel_clone_args {
u64 flags;
diff --git a/kernel/fork.c b/kernel/fork.c
index 4f780424de46..3161edac1236 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1532,7 +1532,8 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk)
return 0;
}
-static int copy_files(unsigned long clone_flags, struct task_struct *tsk)
+static int copy_files(unsigned long clone_flags, struct task_struct *tsk,
+ int no_files)
{
struct files_struct *oldf, *newf;
int error = 0;
@@ -1544,6 +1545,11 @@ static int copy_files(unsigned long clone_flags, struct task_struct *tsk)
if (!oldf)
goto out;
+ if (no_files) {
+ tsk->files = NULL;
+ goto out;
+ }
+
if (clone_flags & CLONE_FILES) {
atomic_inc(&oldf->count);
goto out;
@@ -2181,7 +2187,8 @@ static __latent_entropy struct task_struct *copy_process(
retval = copy_semundo(clone_flags, p);
if (retval)
goto bad_fork_cleanup_security;
- retval = copy_files(clone_flags, p);
+ retval = copy_files(clone_flags, p,
+ args->worker_flags & KERN_WORKER_NO_FILES);
if (retval)
goto bad_fork_cleanup_semundo;
retval = copy_fs(clone_flags, p);
--
2.25.1
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
WARNING: multiple messages have this Message-ID (diff)
From: Mike Christie <michael.christie@oracle.com>
To: geert@linux-m68k.org, vverma@digitalocean.com, hdanton@sina.com,
hch@infradead.org, stefanha@redhat.com, jasowang@redhat.com,
mst@redhat.com, sgarzare@redhat.com,
virtualization@lists.linux-foundation.org,
christian.brauner@ubuntu.com, axboe@kernel.dk,
linux-kernel@vger.kernel.org
Cc: Mike Christie <michael.christie@oracle.com>
Subject: [PATCH V4 3/8] fork: add option to not clone or dup files
Date: Thu, 7 Oct 2021 16:44:43 -0500 [thread overview]
Message-ID: <20211007214448.6282-4-michael.christie@oracle.com> (raw)
In-Reply-To: <20211007214448.6282-1-michael.christie@oracle.com>
Each vhost device gets a thread that is used to perform IO and management
operations. Instead of a thread that is accessing a device, the thread is
part of the device, so when it calls the kernel_worker() function added in
the next patch we can't dup or clone the parent's files/FDS because it
would do an extra increment on ourself.
Later, when we do:
Qemu process exits:
do_exit -> exit_files -> put_files_struct -> close_files
we would leak the device's resources because of that extra refcount
on the fd or file_struct.
This patch adds a no_files option so these worker threads can prevent
taking an extra refcount on themselves.
Signed-off-by: Mike Christie <michael.christie@oracle.com>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
---
include/linux/sched/task.h | 1 +
kernel/fork.c | 11 +++++++++--
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/include/linux/sched/task.h b/include/linux/sched/task.h
index 53599a99d7e0..1153f9e5d10e 100644
--- a/include/linux/sched/task.h
+++ b/include/linux/sched/task.h
@@ -20,6 +20,7 @@ struct css_set;
#define KERN_WORKER_IO BIT(0)
#define KERN_WORKER_USER BIT(1)
+#define KERN_WORKER_NO_FILES BIT(2)
struct kernel_clone_args {
u64 flags;
diff --git a/kernel/fork.c b/kernel/fork.c
index 4f780424de46..3161edac1236 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1532,7 +1532,8 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk)
return 0;
}
-static int copy_files(unsigned long clone_flags, struct task_struct *tsk)
+static int copy_files(unsigned long clone_flags, struct task_struct *tsk,
+ int no_files)
{
struct files_struct *oldf, *newf;
int error = 0;
@@ -1544,6 +1545,11 @@ static int copy_files(unsigned long clone_flags, struct task_struct *tsk)
if (!oldf)
goto out;
+ if (no_files) {
+ tsk->files = NULL;
+ goto out;
+ }
+
if (clone_flags & CLONE_FILES) {
atomic_inc(&oldf->count);
goto out;
@@ -2181,7 +2187,8 @@ static __latent_entropy struct task_struct *copy_process(
retval = copy_semundo(clone_flags, p);
if (retval)
goto bad_fork_cleanup_security;
- retval = copy_files(clone_flags, p);
+ retval = copy_files(clone_flags, p,
+ args->worker_flags & KERN_WORKER_NO_FILES);
if (retval)
goto bad_fork_cleanup_semundo;
retval = copy_fs(clone_flags, p);
--
2.25.1
next prev parent reply other threads:[~2021-10-07 21:45 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-07 21:44 [PATCH V4 0/8] Use copy_process/create_io_thread in vhost layer Mike Christie
2021-10-07 21:44 ` Mike Christie
2021-10-07 21:44 ` [PATCH V4 1/8] fork: Make IO worker options flag based Mike Christie
2021-10-07 21:44 ` Mike Christie
2021-10-07 21:44 ` [PATCH V4 2/8] fork: move PF_IO_WORKER's kernel frame setup to new flag Mike Christie
2021-10-07 21:44 ` Mike Christie
2021-10-08 8:21 ` Geert Uytterhoeven
2021-10-08 8:21 ` Geert Uytterhoeven
2021-10-22 9:55 ` Michael S. Tsirkin
2021-10-22 9:55 ` Michael S. Tsirkin
2021-10-07 21:44 ` Mike Christie [this message]
2021-10-07 21:44 ` [PATCH V4 3/8] fork: add option to not clone or dup files Mike Christie
2021-10-07 21:44 ` [PATCH V4 4/8] fork: Add KERNEL_WORKER flag to ignore signals Mike Christie
2021-10-07 21:44 ` Mike Christie
2021-10-07 21:44 ` [PATCH V4 5/8] fork: add helper to clone a process Mike Christie
2021-10-07 21:44 ` Mike Christie
2021-10-07 21:44 ` [PATCH V4 6/8] io_uring: switch to kernel_worker Mike Christie
2021-10-07 21:44 ` Mike Christie
2021-10-08 6:42 ` kernel test robot
2021-10-08 6:42 ` kernel test robot
2021-10-08 6:42 ` kernel test robot
2021-10-08 7:10 ` kernel test robot
2021-10-08 7:10 ` kernel test robot
2021-10-07 21:44 ` [PATCH V4 7/8] vhost: move worker thread fields to new struct Mike Christie
2021-10-07 21:44 ` Mike Christie
2021-10-07 21:44 ` [PATCH V4 8/8] vhost: use kernel_worker to check RLIMITs and inherit v2 cgroups Mike Christie
2021-10-07 21:44 ` Mike Christie
2021-10-12 6:43 ` [PATCH V4 0/8] Use copy_process/create_io_thread in vhost layer Christoph Hellwig
2021-10-12 6:43 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211007214448.6282-4-michael.christie@oracle.com \
--to=michael.christie@oracle.com \
--cc=axboe@kernel.dk \
--cc=christian.brauner@ubuntu.com \
--cc=geert@linux-m68k.org \
--cc=hch@infradead.org \
--cc=hdanton@sina.com \
--cc=jasowang@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mst@redhat.com \
--cc=sgarzare@redhat.com \
--cc=stefanha@redhat.com \
--cc=virtualization@lists.linux-foundation.org \
--cc=vverma@digitalocean.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.