From: "Michael S. Tsirkin" <mst@redhat.com>
To: Cindy Lu <lulu@redhat.com>
Cc: jasowang@redhat.com, michael.christie@oracle.com,
sgarzare@redhat.com, linux-kernel@vger.kernel.org,
virtualization@lists.linux-foundation.org,
netdev@vger.kernel.org
Subject: Re: [PATCH v3 7/9] vhost: Add new UAPI to support change to task mode
Date: Wed, 6 Nov 2024 02:31:31 -0500 [thread overview]
Message-ID: <20241106022630-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <20241105072642.898710-8-lulu@redhat.com>
On Tue, Nov 05, 2024 at 03:25:26PM +0800, Cindy Lu wrote:
> Add a new UAPI to enable setting the vhost device to task mode.
> The userspace application can use VHOST_SET_INHERIT_FROM_OWNER
> to configure the mode if necessary.
> This setting must be applied before VHOST_SET_OWNER, as the worker
> will be created in the VHOST_SET_OWNER function
>
> Signed-off-by: Cindy Lu <lulu@redhat.com>
> ---
> drivers/vhost/vhost.c | 15 ++++++++++++++-
> include/uapi/linux/vhost.h | 2 ++
> 2 files changed, 16 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
> index c17dc01febcc..70c793b63905 100644
> --- a/drivers/vhost/vhost.c
> +++ b/drivers/vhost/vhost.c
> @@ -2274,8 +2274,9 @@ long vhost_dev_ioctl(struct vhost_dev *d, unsigned int ioctl, void __user *argp)
> {
> struct eventfd_ctx *ctx;
> u64 p;
> - long r;
> + long r = 0;
> int i, fd;
> + bool inherit_owner;
>
> /* If you are not the owner, you can become one */
> if (ioctl == VHOST_SET_OWNER) {
> @@ -2332,6 +2333,18 @@ long vhost_dev_ioctl(struct vhost_dev *d, unsigned int ioctl, void __user *argp)
> if (ctx)
> eventfd_ctx_put(ctx);
> break;
> + case VHOST_SET_INHERIT_FROM_OWNER:
> + /*inherit_owner can only be modified before owner is set*/
bad coding style
> + if (vhost_dev_has_owner(d))
> + break;
is this silently failing? should return EBUSY or something like this.
> +
> + if (copy_from_user(&inherit_owner, argp,
> + sizeof(inherit_owner))) {
not good,
> + r = -EFAULT;
> + break;
> + }
> + d->inherit_owner = inherit_owner;
> + break;
> default:
> r = -ENOIOCTLCMD;
> break;
This means any task can break out of jail
and steal root group system time by setting inherit_owner to 0
even if system is configured to inherit by default.
we need a modparam to block this.
> diff --git a/include/uapi/linux/vhost.h b/include/uapi/linux/vhost.h
> index b95dd84eef2d..1e192038633d 100644
> --- a/include/uapi/linux/vhost.h
> +++ b/include/uapi/linux/vhost.h
> @@ -235,4 +235,6 @@
> */
> #define VHOST_VDPA_GET_VRING_SIZE _IOWR(VHOST_VIRTIO, 0x82, \
> struct vhost_vring_state)
> +
> +#define VHOST_SET_INHERIT_FROM_OWNER _IOW(VHOST_VIRTIO, 0x83, bool)
do not put bool in interfaces. something like u8 and validate it is 0 or
1.
> #endif
> --
> 2.45.0
next prev parent reply other threads:[~2024-11-06 7:32 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-05 7:25 [PATCH v3 0/9] vhost: Add support of kthread API Cindy Lu
2024-11-05 7:25 ` [PATCH v3 1/9] vhost: Add a new parameter to allow user select kthread Cindy Lu
2024-11-05 9:32 ` Jason Wang
2024-11-05 7:25 ` [PATCH v3 2/9] vhost: Add the vhost_worker to support kthread Cindy Lu
2024-11-05 7:25 ` [PATCH v3 3/9] vhost: Add the cgroup related function Cindy Lu
2024-11-25 15:22 ` Mike Christie
2024-11-27 6:44 ` Cindy Lu
2024-11-05 7:25 ` [PATCH v3 4/9] vhost: Add kthread support in function vhost_worker_create Cindy Lu
2024-11-05 9:36 ` Jason Wang
2024-11-06 9:21 ` Cindy Lu
2024-11-26 21:19 ` michael.christie
2024-11-27 6:43 ` Cindy Lu
2024-11-05 7:25 ` [PATCH v3 5/9] vhost: Add kthread support in function vhost_worker_queue() Cindy Lu
2024-11-05 9:37 ` Jason Wang
2024-11-07 10:38 ` Dan Carpenter
2024-11-07 11:12 ` Dan Carpenter
2024-11-05 7:25 ` [PATCH v3 6/9] vhost: Add kthread support in function vhost_worker_destroy() Cindy Lu
2024-11-07 11:24 ` Dan Carpenter
2024-11-05 7:25 ` [PATCH v3 7/9] vhost: Add new UAPI to support change to task mode Cindy Lu
2024-11-05 9:39 ` Jason Wang
2024-11-25 15:19 ` Mike Christie
2024-11-05 10:31 ` Stefano Garzarella
2024-11-07 7:12 ` Cindy Lu
2024-11-07 10:03 ` Stefano Garzarella
2024-11-07 11:50 ` Cindy Lu
2024-11-06 7:31 ` Michael S. Tsirkin [this message]
2024-11-06 7:33 ` Michael S. Tsirkin
2024-11-05 7:25 ` [PATCH v3 8/9] vhost_scsi: Add check for inherit_owner status Cindy Lu
2024-11-25 15:00 ` Mike Christie
2024-11-05 7:25 ` [PATCH v3 9/9] vhost: Expose the modparam inherit_owner_default Cindy Lu
2024-12-10 11:09 ` [PATCH v3 0/9] vhost: Add support of kthread API Lei Yang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241106022630-mutt-send-email-mst@kernel.org \
--to=mst@redhat.com \
--cc=jasowang@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lulu@redhat.com \
--cc=michael.christie@oracle.com \
--cc=netdev@vger.kernel.org \
--cc=sgarzare@redhat.com \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.