From: Mike Christie <michael.christie@oracle.com> To: geert@linux-m68k.org, vverma@digitalocean.com, hdanton@sina.com, hch@infradead.org, stefanha@redhat.com, jasowang@redhat.com, mst@redhat.com, sgarzare@redhat.com, virtualization@lists.linux-foundation.org, christian.brauner@ubuntu.com, axboe@kernel.dk, linux-kernel@vger.kernel.org Subject: [PATCH V4 3/8] fork: add option to not clone or dup files Date: Thu, 7 Oct 2021 16:44:43 -0500 [thread overview] Message-ID: <20211007214448.6282-4-michael.christie@oracle.com> (raw) In-Reply-To: <20211007214448.6282-1-michael.christie@oracle.com> Each vhost device gets a thread that is used to perform IO and management operations. Instead of a thread that is accessing a device, the thread is part of the device, so when it calls the kernel_worker() function added in the next patch we can't dup or clone the parent's files/FDS because it would do an extra increment on ourself. Later, when we do: Qemu process exits: do_exit -> exit_files -> put_files_struct -> close_files we would leak the device's resources because of that extra refcount on the fd or file_struct. This patch adds a no_files option so these worker threads can prevent taking an extra refcount on themselves. Signed-off-by: Mike Christie <michael.christie@oracle.com> Acked-by: Christian Brauner <christian.brauner@ubuntu.com> --- include/linux/sched/task.h | 1 + kernel/fork.c | 11 +++++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/include/linux/sched/task.h b/include/linux/sched/task.h index 53599a99d7e0..1153f9e5d10e 100644 --- a/include/linux/sched/task.h +++ b/include/linux/sched/task.h @@ -20,6 +20,7 @@ struct css_set; #define KERN_WORKER_IO BIT(0) #define KERN_WORKER_USER BIT(1) +#define KERN_WORKER_NO_FILES BIT(2) struct kernel_clone_args { u64 flags; diff --git a/kernel/fork.c b/kernel/fork.c index 4f780424de46..3161edac1236 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -1532,7 +1532,8 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) return 0; } -static int copy_files(unsigned long clone_flags, struct task_struct *tsk) +static int copy_files(unsigned long clone_flags, struct task_struct *tsk, + int no_files) { struct files_struct *oldf, *newf; int error = 0; @@ -1544,6 +1545,11 @@ static int copy_files(unsigned long clone_flags, struct task_struct *tsk) if (!oldf) goto out; + if (no_files) { + tsk->files = NULL; + goto out; + } + if (clone_flags & CLONE_FILES) { atomic_inc(&oldf->count); goto out; @@ -2181,7 +2187,8 @@ static __latent_entropy struct task_struct *copy_process( retval = copy_semundo(clone_flags, p); if (retval) goto bad_fork_cleanup_security; - retval = copy_files(clone_flags, p); + retval = copy_files(clone_flags, p, + args->worker_flags & KERN_WORKER_NO_FILES); if (retval) goto bad_fork_cleanup_semundo; retval = copy_fs(clone_flags, p); -- 2.25.1 _______________________________________________ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization
WARNING: multiple messages have this Message-ID (diff)
From: Mike Christie <michael.christie@oracle.com> To: geert@linux-m68k.org, vverma@digitalocean.com, hdanton@sina.com, hch@infradead.org, stefanha@redhat.com, jasowang@redhat.com, mst@redhat.com, sgarzare@redhat.com, virtualization@lists.linux-foundation.org, christian.brauner@ubuntu.com, axboe@kernel.dk, linux-kernel@vger.kernel.org Cc: Mike Christie <michael.christie@oracle.com> Subject: [PATCH V4 3/8] fork: add option to not clone or dup files Date: Thu, 7 Oct 2021 16:44:43 -0500 [thread overview] Message-ID: <20211007214448.6282-4-michael.christie@oracle.com> (raw) In-Reply-To: <20211007214448.6282-1-michael.christie@oracle.com> Each vhost device gets a thread that is used to perform IO and management operations. Instead of a thread that is accessing a device, the thread is part of the device, so when it calls the kernel_worker() function added in the next patch we can't dup or clone the parent's files/FDS because it would do an extra increment on ourself. Later, when we do: Qemu process exits: do_exit -> exit_files -> put_files_struct -> close_files we would leak the device's resources because of that extra refcount on the fd or file_struct. This patch adds a no_files option so these worker threads can prevent taking an extra refcount on themselves. Signed-off-by: Mike Christie <michael.christie@oracle.com> Acked-by: Christian Brauner <christian.brauner@ubuntu.com> --- include/linux/sched/task.h | 1 + kernel/fork.c | 11 +++++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/include/linux/sched/task.h b/include/linux/sched/task.h index 53599a99d7e0..1153f9e5d10e 100644 --- a/include/linux/sched/task.h +++ b/include/linux/sched/task.h @@ -20,6 +20,7 @@ struct css_set; #define KERN_WORKER_IO BIT(0) #define KERN_WORKER_USER BIT(1) +#define KERN_WORKER_NO_FILES BIT(2) struct kernel_clone_args { u64 flags; diff --git a/kernel/fork.c b/kernel/fork.c index 4f780424de46..3161edac1236 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -1532,7 +1532,8 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) return 0; } -static int copy_files(unsigned long clone_flags, struct task_struct *tsk) +static int copy_files(unsigned long clone_flags, struct task_struct *tsk, + int no_files) { struct files_struct *oldf, *newf; int error = 0; @@ -1544,6 +1545,11 @@ static int copy_files(unsigned long clone_flags, struct task_struct *tsk) if (!oldf) goto out; + if (no_files) { + tsk->files = NULL; + goto out; + } + if (clone_flags & CLONE_FILES) { atomic_inc(&oldf->count); goto out; @@ -2181,7 +2187,8 @@ static __latent_entropy struct task_struct *copy_process( retval = copy_semundo(clone_flags, p); if (retval) goto bad_fork_cleanup_security; - retval = copy_files(clone_flags, p); + retval = copy_files(clone_flags, p, + args->worker_flags & KERN_WORKER_NO_FILES); if (retval) goto bad_fork_cleanup_semundo; retval = copy_fs(clone_flags, p); -- 2.25.1
next prev parent reply other threads:[~2021-10-07 21:45 UTC|newest] Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-10-07 21:44 [PATCH V4 0/8] Use copy_process/create_io_thread in vhost layer Mike Christie 2021-10-07 21:44 ` Mike Christie 2021-10-07 21:44 ` [PATCH V4 1/8] fork: Make IO worker options flag based Mike Christie 2021-10-07 21:44 ` Mike Christie 2021-10-07 21:44 ` [PATCH V4 2/8] fork: move PF_IO_WORKER's kernel frame setup to new flag Mike Christie 2021-10-07 21:44 ` Mike Christie 2021-10-08 8:21 ` Geert Uytterhoeven 2021-10-08 8:21 ` Geert Uytterhoeven 2021-10-22 9:55 ` Michael S. Tsirkin 2021-10-22 9:55 ` Michael S. Tsirkin 2021-10-07 21:44 ` Mike Christie [this message] 2021-10-07 21:44 ` [PATCH V4 3/8] fork: add option to not clone or dup files Mike Christie 2021-10-07 21:44 ` [PATCH V4 4/8] fork: Add KERNEL_WORKER flag to ignore signals Mike Christie 2021-10-07 21:44 ` Mike Christie 2021-10-07 21:44 ` [PATCH V4 5/8] fork: add helper to clone a process Mike Christie 2021-10-07 21:44 ` Mike Christie 2021-10-07 21:44 ` [PATCH V4 6/8] io_uring: switch to kernel_worker Mike Christie 2021-10-07 21:44 ` Mike Christie 2021-10-08 6:42 ` kernel test robot 2021-10-08 6:42 ` kernel test robot 2021-10-08 6:42 ` kernel test robot 2021-10-08 7:10 ` kernel test robot 2021-10-08 7:10 ` kernel test robot 2021-10-07 21:44 ` [PATCH V4 7/8] vhost: move worker thread fields to new struct Mike Christie 2021-10-07 21:44 ` Mike Christie 2021-10-07 21:44 ` [PATCH V4 8/8] vhost: use kernel_worker to check RLIMITs and inherit v2 cgroups Mike Christie 2021-10-07 21:44 ` Mike Christie 2021-10-12 6:43 ` [PATCH V4 0/8] Use copy_process/create_io_thread in vhost layer Christoph Hellwig 2021-10-12 6:43 ` Christoph Hellwig
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20211007214448.6282-4-michael.christie@oracle.com \ --to=michael.christie@oracle.com \ --cc=axboe@kernel.dk \ --cc=christian.brauner@ubuntu.com \ --cc=geert@linux-m68k.org \ --cc=hch@infradead.org \ --cc=hdanton@sina.com \ --cc=jasowang@redhat.com \ --cc=linux-kernel@vger.kernel.org \ --cc=mst@redhat.com \ --cc=sgarzare@redhat.com \ --cc=stefanha@redhat.com \ --cc=virtualization@lists.linux-foundation.org \ --cc=vverma@digitalocean.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.