From: Mike Christie <michael.christie@oracle.com> To: geert@linux-m68k.org, vverma@digitalocean.com, hdanton@sina.com, hch@infradead.org, stefanha@redhat.com, jasowang@redhat.com, mst@redhat.com, sgarzare@redhat.com, virtualization@lists.linux-foundation.org, christian.brauner@ubuntu.com, axboe@kernel.dk, linux-kernel@vger.kernel.org Cc: Mike Christie <michael.christie@oracle.com>, Christoph Hellwig <hch@lst.de> Subject: [PATCH V5 03/10] fork: add KERNEL_WORKER flag to not dup/clone files Date: Sun, 21 Nov 2021 11:49:23 -0600 [thread overview] Message-ID: <20211121174930.6690-4-michael.christie@oracle.com> (raw) In-Reply-To: <20211121174930.6690-1-michael.christie@oracle.com> Each vhost device gets a thread that is used to perform IO and management operations. Instead of a thread that is accessing a device, the thread is part of the device, so when it calls the kernel_worker() function added in the next patch we can't dup or clone the parent's files/FDS because it would do an extra increment on ourself. Later, when we do: Qemu process exits: do_exit -> exit_files -> put_files_struct -> close_files we would leak the device's resources because of that extra refcount on the fd or file_struct. This patch adds a no_files option so these worker threads can prevent taking an extra refcount on themselves. Signed-off-by: Mike Christie <michael.christie@oracle.com> Acked-by: Christian Brauner <christian.brauner@ubuntu.com> Reviewed-by: Christoph Hellwig <hch@lst.de> --- include/linux/sched/task.h | 1 + kernel/fork.c | 11 +++++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/include/linux/sched/task.h b/include/linux/sched/task.h index 1ad98e31d5bc..47ede41b19c5 100644 --- a/include/linux/sched/task.h +++ b/include/linux/sched/task.h @@ -20,6 +20,7 @@ struct css_set; #define KERN_WORKER_IO BIT(0) #define KERN_WORKER_USER BIT(1) +#define KERN_WORKER_NO_FILES BIT(2) struct kernel_clone_args { u64 flags; diff --git a/kernel/fork.c b/kernel/fork.c index 8f6cd9581e2e..a1ba423eec4d 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -1529,7 +1529,8 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) return 0; } -static int copy_files(unsigned long clone_flags, struct task_struct *tsk) +static int copy_files(unsigned long clone_flags, struct task_struct *tsk, + int no_files) { struct files_struct *oldf, *newf; int error = 0; @@ -1541,6 +1542,11 @@ static int copy_files(unsigned long clone_flags, struct task_struct *tsk) if (!oldf) goto out; + if (no_files) { + tsk->files = NULL; + goto out; + } + if (clone_flags & CLONE_FILES) { atomic_inc(&oldf->count); goto out; @@ -2179,7 +2185,8 @@ static __latent_entropy struct task_struct *copy_process( retval = copy_semundo(clone_flags, p); if (retval) goto bad_fork_cleanup_security; - retval = copy_files(clone_flags, p); + retval = copy_files(clone_flags, p, + args->worker_flags & KERN_WORKER_NO_FILES); if (retval) goto bad_fork_cleanup_semundo; retval = copy_fs(clone_flags, p); -- 2.25.1
WARNING: multiple messages have this Message-ID (diff)
From: Mike Christie <michael.christie@oracle.com> To: geert@linux-m68k.org, vverma@digitalocean.com, hdanton@sina.com, hch@infradead.org, stefanha@redhat.com, jasowang@redhat.com, mst@redhat.com, sgarzare@redhat.com, virtualization@lists.linux-foundation.org, christian.brauner@ubuntu.com, axboe@kernel.dk, linux-kernel@vger.kernel.org Cc: Christoph Hellwig <hch@lst.de> Subject: [PATCH V5 03/10] fork: add KERNEL_WORKER flag to not dup/clone files Date: Sun, 21 Nov 2021 11:49:23 -0600 [thread overview] Message-ID: <20211121174930.6690-4-michael.christie@oracle.com> (raw) In-Reply-To: <20211121174930.6690-1-michael.christie@oracle.com> Each vhost device gets a thread that is used to perform IO and management operations. Instead of a thread that is accessing a device, the thread is part of the device, so when it calls the kernel_worker() function added in the next patch we can't dup or clone the parent's files/FDS because it would do an extra increment on ourself. Later, when we do: Qemu process exits: do_exit -> exit_files -> put_files_struct -> close_files we would leak the device's resources because of that extra refcount on the fd or file_struct. This patch adds a no_files option so these worker threads can prevent taking an extra refcount on themselves. Signed-off-by: Mike Christie <michael.christie@oracle.com> Acked-by: Christian Brauner <christian.brauner@ubuntu.com> Reviewed-by: Christoph Hellwig <hch@lst.de> --- include/linux/sched/task.h | 1 + kernel/fork.c | 11 +++++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/include/linux/sched/task.h b/include/linux/sched/task.h index 1ad98e31d5bc..47ede41b19c5 100644 --- a/include/linux/sched/task.h +++ b/include/linux/sched/task.h @@ -20,6 +20,7 @@ struct css_set; #define KERN_WORKER_IO BIT(0) #define KERN_WORKER_USER BIT(1) +#define KERN_WORKER_NO_FILES BIT(2) struct kernel_clone_args { u64 flags; diff --git a/kernel/fork.c b/kernel/fork.c index 8f6cd9581e2e..a1ba423eec4d 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -1529,7 +1529,8 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) return 0; } -static int copy_files(unsigned long clone_flags, struct task_struct *tsk) +static int copy_files(unsigned long clone_flags, struct task_struct *tsk, + int no_files) { struct files_struct *oldf, *newf; int error = 0; @@ -1541,6 +1542,11 @@ static int copy_files(unsigned long clone_flags, struct task_struct *tsk) if (!oldf) goto out; + if (no_files) { + tsk->files = NULL; + goto out; + } + if (clone_flags & CLONE_FILES) { atomic_inc(&oldf->count); goto out; @@ -2179,7 +2185,8 @@ static __latent_entropy struct task_struct *copy_process( retval = copy_semundo(clone_flags, p); if (retval) goto bad_fork_cleanup_security; - retval = copy_files(clone_flags, p); + retval = copy_files(clone_flags, p, + args->worker_flags & KERN_WORKER_NO_FILES); if (retval) goto bad_fork_cleanup_semundo; retval = copy_fs(clone_flags, p); -- 2.25.1 _______________________________________________ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization
next prev parent reply other threads:[~2021-11-21 17:50 UTC|newest] Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-11-21 17:49 [PATCH V5 00/10] Use copy_process/create_io_thread in vhost layer Mike Christie 2021-11-21 17:49 ` Mike Christie 2021-11-21 17:49 ` [PATCH V5 01/10] fork: Make IO worker options flag based Mike Christie 2021-11-21 17:49 ` Mike Christie 2021-11-21 17:49 ` [PATCH V5 02/10] fork/vm: Move common PF_IO_WORKER behavior to new flag Mike Christie 2021-11-21 17:49 ` Mike Christie 2021-11-22 8:08 ` Geert Uytterhoeven 2021-11-22 8:08 ` Geert Uytterhoeven 2021-11-21 17:49 ` Mike Christie [this message] 2021-11-21 17:49 ` [PATCH V5 03/10] fork: add KERNEL_WORKER flag to not dup/clone files Mike Christie 2021-11-21 17:49 ` [PATCH V5 04/10] fork: Add KERNEL_WORKER flag to ignore signals Mike Christie 2021-11-21 17:49 ` Mike Christie 2021-11-21 17:49 ` [PATCH V5 05/10] signal: Perfom autoreap for PF_USER_WORKER Mike Christie 2021-11-21 17:49 ` Mike Christie 2021-11-21 17:49 ` [PATCH V5 06/10] fork: add helper to clone a process Mike Christie 2021-11-21 17:49 ` Mike Christie 2021-11-21 17:49 ` [PATCH V5 07/10] io_uring: switch to kernel_worker Mike Christie 2021-11-21 17:49 ` Mike Christie 2021-11-21 18:17 ` Jens Axboe 2021-11-21 18:17 ` Jens Axboe 2021-11-22 10:02 ` Christian Brauner 2021-11-22 14:20 ` Jens Axboe 2021-11-22 14:20 ` Jens Axboe 2021-11-22 16:47 ` michael.christie 2021-11-22 16:47 ` michael.christie 2021-11-23 14:23 ` Christian Brauner 2021-11-21 17:49 ` [PATCH V5 08/10] fork: remove create_io_thread Mike Christie 2021-11-21 17:49 ` Mike Christie 2021-11-21 17:49 ` [PATCH V5 09/10] vhost: move worker thread fields to new struct Mike Christie 2021-11-21 17:49 ` Mike Christie 2021-11-21 17:49 ` [PATCH V5 10/10] vhost: use kernel_worker to check RLIMITs Mike Christie 2021-11-21 17:49 ` Mike Christie
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20211121174930.6690-4-michael.christie@oracle.com \ --to=michael.christie@oracle.com \ --cc=axboe@kernel.dk \ --cc=christian.brauner@ubuntu.com \ --cc=geert@linux-m68k.org \ --cc=hch@infradead.org \ --cc=hch@lst.de \ --cc=hdanton@sina.com \ --cc=jasowang@redhat.com \ --cc=linux-kernel@vger.kernel.org \ --cc=mst@redhat.com \ --cc=sgarzare@redhat.com \ --cc=stefanha@redhat.com \ --cc=virtualization@lists.linux-foundation.org \ --cc=vverma@digitalocean.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.