From: "Michael S. Tsirkin" <mst@redhat.com> To: michael.christie@oracle.com Cc: target-devel@vger.kernel.org, linux-scsi@vger.kernel.org, stefanha@redhat.com, pbonzini@redhat.com, jasowang@redhat.com, sgarzare@redhat.com, virtualization@lists.linux-foundation.org Subject: Re: [PATCH V3 11/11] vhost: allow userspace to create workers Date: Sat, 23 Oct 2021 16:11:07 -0400 [thread overview] Message-ID: <20211023160838-mutt-send-email-mst@kernel.org> (raw) In-Reply-To: <28250f62-ff38-901f-6014-9e975381d523@oracle.com> On Fri, Oct 22, 2021 at 01:17:26PM -0500, michael.christie@oracle.com wrote: > On 10/22/21 11:12 AM, michael.christie@oracle.com wrote: > > On 10/22/21 5:47 AM, Michael S. Tsirkin wrote: > >>> diff --git a/include/uapi/linux/vhost.h b/include/uapi/linux/vhost.h > >>> index c998860d7bbc..e5c0669430e5 100644 > >>> --- a/include/uapi/linux/vhost.h > >>> +++ b/include/uapi/linux/vhost.h > >>> @@ -70,6 +70,17 @@ > >>> #define VHOST_VRING_BIG_ENDIAN 1 > >>> #define VHOST_SET_VRING_ENDIAN _IOW(VHOST_VIRTIO, 0x13, struct vhost_vring_state) > >>> #define VHOST_GET_VRING_ENDIAN _IOW(VHOST_VIRTIO, 0x14, struct vhost_vring_state) > >>> +/* By default, a device gets one vhost_worker created during VHOST_SET_OWNER > >>> + * that its virtqueues share. This allows userspace to create a vhost_worker > >>> + * and map a virtqueue to it or map a virtqueue to an existing worker. > >>> + * > >>> + * If pid > 0 and it matches an existing vhost_worker thread it will be bound > >>> + * to the vq. If pid is VHOST_VRING_NEW_WORKER, then a new worker will be > >>> + * created and bound to the vq. > >>> + * > >>> + * This must be called after VHOST_SET_OWNER and before the vq is active. > >>> + */ > >> > >> A couple of things here: > >> it's probably a good idea not to make it match pid exactly, > >> if for no other reason than I'm not sure we want to > >> commit this being a pid. Let's just call it an id? > > > > Ok. > > > >> And maybe byteswap it or xor with some value > >> just to make sure userspace does not begin abusing it anyway. > >> > >> Also, interaction with pid namespace is unclear to me. > >> Can you document what happens here? > > > > This current patchset only allows the vhost_dev owner to > > create/bind workers for devices it owns, so namespace don't come > > I made a mistake here. The patches do restrict VHOST_SET_VRING_WORKER > to the same owner like I wrote. However, it looks like we could have 2 > threads with the same mm pointer so vhost_dev_check_owner returns true, > but they could be in different namespaces. > > Even though we are not going to pass the pid_t between user/kernel > space, should I add a pid namespace check when I repost the patches? Um it's part of the ioctl. How you are not going to pass it around? So if we do worry about this, I would just make it a 64 bit integer, rename it "id" and increment each time a thread is created. > > > into play. If a thread from another namespace tried to create/bind > > a worker we would hit the owner checks in vhost_dev_ioctl which is > > done before vhost_vring_ioctl normally (for vdpa we hit the use_worker > > check and fail there). > > > > However, with the kernel worker API changes the worker threads will > > now be in the vhost dev owner's namespace and not the kthreadd/default > > one, so in the future we are covered if we want to do something more > > advanced. For example, I've seen people working on an API to export the > > worker pids: > > > > https://lore.kernel.org/netdev/20210507154332.hiblsd6ot5wzwkdj@steredhat/T/ > > > > and in the future for interfaces that export that info we could restrict > > access to root or users from the same namespace or I guess add interfaces > > to allow different namespaces to see the workers and share them. > > > > > >> No need to fix funky things like moving the fd between > >> pid namespaces while also creating/destroying workers, but let's > >> document it's not supported. > > > > Ok. I'll add a comment. > >
WARNING: multiple messages have this Message-ID (diff)
From: "Michael S. Tsirkin" <mst@redhat.com> To: michael.christie@oracle.com Cc: linux-scsi@vger.kernel.org, virtualization@lists.linux-foundation.org, target-devel@vger.kernel.org, stefanha@redhat.com, pbonzini@redhat.com Subject: Re: [PATCH V3 11/11] vhost: allow userspace to create workers Date: Sat, 23 Oct 2021 16:11:07 -0400 [thread overview] Message-ID: <20211023160838-mutt-send-email-mst@kernel.org> (raw) In-Reply-To: <28250f62-ff38-901f-6014-9e975381d523@oracle.com> On Fri, Oct 22, 2021 at 01:17:26PM -0500, michael.christie@oracle.com wrote: > On 10/22/21 11:12 AM, michael.christie@oracle.com wrote: > > On 10/22/21 5:47 AM, Michael S. Tsirkin wrote: > >>> diff --git a/include/uapi/linux/vhost.h b/include/uapi/linux/vhost.h > >>> index c998860d7bbc..e5c0669430e5 100644 > >>> --- a/include/uapi/linux/vhost.h > >>> +++ b/include/uapi/linux/vhost.h > >>> @@ -70,6 +70,17 @@ > >>> #define VHOST_VRING_BIG_ENDIAN 1 > >>> #define VHOST_SET_VRING_ENDIAN _IOW(VHOST_VIRTIO, 0x13, struct vhost_vring_state) > >>> #define VHOST_GET_VRING_ENDIAN _IOW(VHOST_VIRTIO, 0x14, struct vhost_vring_state) > >>> +/* By default, a device gets one vhost_worker created during VHOST_SET_OWNER > >>> + * that its virtqueues share. This allows userspace to create a vhost_worker > >>> + * and map a virtqueue to it or map a virtqueue to an existing worker. > >>> + * > >>> + * If pid > 0 and it matches an existing vhost_worker thread it will be bound > >>> + * to the vq. If pid is VHOST_VRING_NEW_WORKER, then a new worker will be > >>> + * created and bound to the vq. > >>> + * > >>> + * This must be called after VHOST_SET_OWNER and before the vq is active. > >>> + */ > >> > >> A couple of things here: > >> it's probably a good idea not to make it match pid exactly, > >> if for no other reason than I'm not sure we want to > >> commit this being a pid. Let's just call it an id? > > > > Ok. > > > >> And maybe byteswap it or xor with some value > >> just to make sure userspace does not begin abusing it anyway. > >> > >> Also, interaction with pid namespace is unclear to me. > >> Can you document what happens here? > > > > This current patchset only allows the vhost_dev owner to > > create/bind workers for devices it owns, so namespace don't come > > I made a mistake here. The patches do restrict VHOST_SET_VRING_WORKER > to the same owner like I wrote. However, it looks like we could have 2 > threads with the same mm pointer so vhost_dev_check_owner returns true, > but they could be in different namespaces. > > Even though we are not going to pass the pid_t between user/kernel > space, should I add a pid namespace check when I repost the patches? Um it's part of the ioctl. How you are not going to pass it around? So if we do worry about this, I would just make it a 64 bit integer, rename it "id" and increment each time a thread is created. > > > into play. If a thread from another namespace tried to create/bind > > a worker we would hit the owner checks in vhost_dev_ioctl which is > > done before vhost_vring_ioctl normally (for vdpa we hit the use_worker > > check and fail there). > > > > However, with the kernel worker API changes the worker threads will > > now be in the vhost dev owner's namespace and not the kthreadd/default > > one, so in the future we are covered if we want to do something more > > advanced. For example, I've seen people working on an API to export the > > worker pids: > > > > https://lore.kernel.org/netdev/20210507154332.hiblsd6ot5wzwkdj@steredhat/T/ > > > > and in the future for interfaces that export that info we could restrict > > access to root or users from the same namespace or I guess add interfaces > > to allow different namespaces to see the workers and share them. > > > > > >> No need to fix funky things like moving the fd between > >> pid namespaces while also creating/destroying workers, but let's > >> document it's not supported. > > > > Ok. I'll add a comment. > > _______________________________________________ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization
next prev parent reply other threads:[~2021-10-23 20:11 UTC|newest] Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-10-22 5:18 [PATCH V3 00/11] vhost: multiple worker support Mike Christie 2021-10-22 5:18 ` Mike Christie 2021-10-22 5:19 ` [PATCH] QEMU vhost-scsi: add support for VHOST_SET_VRING_WORKER Mike Christie 2021-10-22 5:19 ` Mike Christie 2021-10-22 5:19 ` [PATCH V3 01/11] vhost: add vhost_worker pointer to vhost_virtqueue Mike Christie 2021-10-22 5:19 ` Mike Christie 2021-10-22 5:19 ` [PATCH V3 02/11] vhost, vhost-net: add helper to check if vq has work Mike Christie 2021-10-22 5:19 ` Mike Christie 2021-10-22 5:19 ` [PATCH V3 03/11] vhost: take worker or vq instead of dev for queueing Mike Christie 2021-10-22 5:19 ` Mike Christie 2021-10-22 5:19 ` [PATCH V3 04/11] vhost: take worker or vq instead of dev for flushing Mike Christie 2021-10-22 5:19 ` Mike Christie 2021-10-22 5:19 ` [PATCH V3 05/11] vhost: convert poll work to be vq based Mike Christie 2021-10-22 5:19 ` Mike Christie 2021-10-22 5:19 ` [PATCH V3 06/11] vhost-sock: convert to vq helpers Mike Christie 2021-10-22 5:19 ` Mike Christie 2021-10-25 9:08 ` Stefano Garzarella 2021-10-25 9:08 ` Stefano Garzarella 2021-10-25 16:09 ` michael.christie 2021-10-25 16:09 ` michael.christie 2021-10-22 5:19 ` [PATCH V3 07/11] vhost-scsi: make SCSI cmd completion per vq Mike Christie 2021-10-22 5:19 ` Mike Christie 2021-10-22 5:19 ` [PATCH V3 08/11] vhost-scsi: convert to vq helpers Mike Christie 2021-10-22 5:19 ` Mike Christie 2021-10-22 5:19 ` [PATCH V3 09/11] vhost-scsi: flush IO vqs then send TMF rsp Mike Christie 2021-10-22 5:19 ` Mike Christie 2021-10-22 5:19 ` [PATCH V3 10/11] vhost: remove device wide queu/flushing helpers Mike Christie 2021-10-22 5:19 ` Mike Christie 2021-10-22 5:19 ` [PATCH V3 11/11] vhost: allow userspace to create workers Mike Christie 2021-10-22 5:19 ` Mike Christie 2021-10-22 10:47 ` Michael S. Tsirkin 2021-10-22 10:47 ` Michael S. Tsirkin 2021-10-22 16:12 ` michael.christie 2021-10-22 16:12 ` michael.christie 2021-10-22 18:17 ` michael.christie 2021-10-22 18:17 ` michael.christie 2021-10-23 20:11 ` Michael S. Tsirkin [this message] 2021-10-23 20:11 ` Michael S. Tsirkin 2021-10-25 16:04 ` michael.christie 2021-10-25 16:04 ` michael.christie 2021-10-25 17:14 ` Michael S. Tsirkin 2021-10-25 17:14 ` Michael S. Tsirkin 2021-10-26 5:37 ` Jason Wang 2021-10-26 5:37 ` Jason Wang 2021-10-26 13:09 ` Michael S. Tsirkin 2021-10-26 13:09 ` Michael S. Tsirkin 2021-10-26 16:36 ` Stefan Hajnoczi 2021-10-26 16:36 ` Stefan Hajnoczi 2021-10-26 15:44 ` Stefan Hajnoczi 2021-10-26 15:44 ` Stefan Hajnoczi 2021-10-27 2:55 ` Jason Wang 2021-10-27 2:55 ` Jason Wang 2021-10-27 9:01 ` Stefan Hajnoczi 2021-10-27 9:01 ` Stefan Hajnoczi 2021-10-26 16:49 ` michael.christie 2021-10-26 16:49 ` michael.christie 2021-10-27 6:02 ` Jason Wang 2021-10-27 6:02 ` Jason Wang 2021-10-27 9:03 ` Stefan Hajnoczi 2021-10-27 9:03 ` Stefan Hajnoczi 2021-10-26 15:22 ` Stefan Hajnoczi 2021-10-26 15:22 ` Stefan Hajnoczi 2021-10-26 15:24 ` Stefan Hajnoczi 2021-10-26 15:24 ` Stefan Hajnoczi 2021-10-22 6:02 ` [PATCH V3 00/11] vhost: multiple worker support michael.christie 2021-10-22 6:02 ` michael.christie 2021-10-22 9:49 ` Michael S. Tsirkin 2021-10-22 9:49 ` Michael S. Tsirkin 2021-10-22 9:48 ` Michael S. Tsirkin 2021-10-22 9:48 ` Michael S. Tsirkin 2021-10-22 15:54 ` michael.christie 2021-10-22 15:54 ` michael.christie 2021-10-23 20:12 ` Michael S. Tsirkin 2021-10-23 20:12 ` Michael S. Tsirkin
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20211023160838-mutt-send-email-mst@kernel.org \ --to=mst@redhat.com \ --cc=jasowang@redhat.com \ --cc=linux-scsi@vger.kernel.org \ --cc=michael.christie@oracle.com \ --cc=pbonzini@redhat.com \ --cc=sgarzare@redhat.com \ --cc=stefanha@redhat.com \ --cc=target-devel@vger.kernel.org \ --cc=virtualization@lists.linux-foundation.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.