From: Mike Christie <michael.christie@oracle.com>
To: Christian Brauner <christian.brauner@ubuntu.com>
Cc: linux-kernel@vger.kernel.org,
virtualization@lists.linux-foundation.org, mst@redhat.com,
sgarzare@redhat.com, jasowang@redhat.com, stefanha@redhat.com,
christian@brauner.io, akpm@linux-foundation.org,
peterz@infradead.org
Subject: Re: [PATCH 2/3] kernel/fork, cred.c: allow copy_process to take user
Date: Tue, 29 Jun 2021 11:53:39 -0500 [thread overview]
Message-ID: <6927dc85-6f8d-c1f5-f92d-9bcd36cce2bb@oracle.com> (raw)
In-Reply-To: <20210629130450.tvrweqy7z2hlwsbh@wittgenstein>
On 6/29/21 8:04 AM, Christian Brauner wrote:
> On Wed, Jun 23, 2021 at 10:08:03PM -0500, Mike Christie wrote:
>> This allows kthread to pass copy_process the user we want to check for the
>> RLIMIT_NPROC limit for and also charge for the new process. It will be used
>> by vhost where userspace has that driver create threads but the kthreadd
>> thread is checked/charged.
>>
>> Signed-off-by: Mike Christie <michael.christie@oracle.com>
>> ---
>> include/linux/cred.h | 3 ++-
>> kernel/cred.c | 7 ++++---
>> kernel/fork.c | 12 +++++++-----
>> 3 files changed, 13 insertions(+), 9 deletions(-)
>>
>> diff --git a/include/linux/cred.h b/include/linux/cred.h
>> index 14971322e1a0..9a2c1398cdd4 100644
>> --- a/include/linux/cred.h
>> +++ b/include/linux/cred.h
>> @@ -153,7 +153,8 @@ struct cred {
>>
>> extern void __put_cred(struct cred *);
>> extern void exit_creds(struct task_struct *);
>> -extern int copy_creds(struct task_struct *, unsigned long);
>> +extern int copy_creds(struct task_struct *, unsigned long,
>> + struct user_struct *);
>> extern const struct cred *get_task_cred(struct task_struct *);
>> extern struct cred *cred_alloc_blank(void);
>> extern struct cred *prepare_creds(void);
>> diff --git a/kernel/cred.c b/kernel/cred.c
>> index e1d274cd741b..e006aafa8f05 100644
>> --- a/kernel/cred.c
>> +++ b/kernel/cred.c
>> @@ -330,7 +330,8 @@ struct cred *prepare_exec_creds(void)
>> * The new process gets the current process's subjective credentials as its
>> * objective and subjective credentials
>> */
>> -int copy_creds(struct task_struct *p, unsigned long clone_flags)
>> +int copy_creds(struct task_struct *p, unsigned long clone_flags,
>> + struct user_struct *user)
>> {
>> struct cred *new;
>> int ret;
>> @@ -351,7 +352,7 @@ int copy_creds(struct task_struct *p, unsigned long clone_flags)
>> kdebug("share_creds(%p{%d,%d})",
>> p->cred, atomic_read(&p->cred->usage),
>> read_cred_subscribers(p->cred));
>> - atomic_inc(&p->cred->user->processes);
>> + atomic_inc(&user->processes);
>
> Hey Mike,
>
> This won't work anymore since this has moved into ucounts. So in v5.14
> atomic_inc(&p->cred->user->processes);
> will have been replaced by
> inc_rlimit_ucounts(task_ucounts(p), UCOUNT_RLIMIT_NPROC, 1);
>
Will do.
> From what I can see from your code vhost will always create this kthread
> for current. So you could e.g. add an internal flag/bitfield entry to
> struct kernel_clone_args that you can use to tell copy_creds() that you
> want to charge this thread against current's process limit.
If I understood you, I don't think a flag/bit will work. When vhost does
a kthread call we do kthread_create -> __kthread_create_on_node. This creates
a tmp kthread_create_info struct and adds it to the kthread_create_list list.
It then wakes up the kthreadd thread. kthreadd will then loop over the list,
and do the:
kernel_thread -> kernel_clone -> copy_process -> copy_creds
So copy_creds sees current == kthreadd.
I think I would have to add a task_struct pointer to kernel_clone_args
and kthread_create_info. If copy_creds sees kernel_clone_args->user_task
then it would use that.
next prev parent reply other threads:[~2021-06-29 16:54 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-24 3:08 [PATCH 0/3] kthread: pass in user and check RLIMIT_NPROC Mike Christie
2021-06-24 3:08 ` [PATCH 1/3] kthread: allow caller to pass in user_struct Mike Christie
2021-06-24 4:34 ` kernel test robot
2021-06-24 16:19 ` Mike Christie
2021-06-24 3:08 ` [PATCH 2/3] kernel/fork, cred.c: allow copy_process to take user Mike Christie
2021-06-29 13:04 ` Christian Brauner
2021-06-29 16:53 ` Mike Christie [this message]
2021-07-01 23:59 ` michael.christie
2021-06-24 3:08 ` [PATCH 3/3] vhost: pass kthread user to check RLIMIT_NPROC Mike Christie
2021-06-24 8:26 ` kernel test robot
2021-06-24 16:18 ` Mike Christie
2021-06-24 7:34 ` [PATCH 0/3] kthread: pass in user and " Michael S. Tsirkin
2021-06-24 9:40 ` Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6927dc85-6f8d-c1f5-f92d-9bcd36cce2bb@oracle.com \
--to=michael.christie@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=christian.brauner@ubuntu.com \
--cc=christian@brauner.io \
--cc=jasowang@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mst@redhat.com \
--cc=peterz@infradead.org \
--cc=sgarzare@redhat.com \
--cc=stefanha@redhat.com \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).