From: "Darrick J. Wong" <djwong@kernel.org>
To: Bernd Schubert <bernd@bsbernd.com>
Cc: Miklos Szeredi <mszeredi@redhat.com>, linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH v3 6/7] fuse: alloc pqueue before installing fc
Date: Mon, 23 Mar 2026 11:45:00 -0700 [thread overview]
Message-ID: <20260323184500.GD6202@frogsfrogsfrogs> (raw)
In-Reply-To: <a32528a5-0717-43ea-bfc3-ab61eba9dae8@bsbernd.com>
On Mon, Mar 23, 2026 at 07:33:10PM +0100, Bernd Schubert wrote:
>
>
> On 3/23/26 19:22, Darrick J. Wong wrote:
> > On Mon, Mar 16, 2026 at 05:53:17PM +0100, Miklos Szeredi wrote:
> >> Prior to this patchset, fuse_dev (containing fuse_pqueue) was allocated on
> >> mount. But now fuse_dev is allocated when opening /dev/fuse, even though
> >> the queues are not needed at that time.
> >>
> >> Delay allocation of the pqueue (4k worth of list_head) just before mounting
> >> or cloning a device.
> >>
> >> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
> >
> > I wonder if this is worth the extra complexity to defer a memory
> > allocation? If the fuse server actually mount()s then we need the
> > pqueues, right? How common is it for a fuse server to open the
> > /dev/fuse when the kernel is so low on memory that the open() would fail
> > with ENOMEM on account of the pqueue allocation? And is it likely that
> > a lot of memory would be freed up by the time we get to mount/clone?
> >
> > I suppose if you had a very slow mounting fuse server this could happen,
> > but now everyone has to understand that fud->pq.processing can be NULL.
>
> I guess the issue is that people might abuse it and open /dev/fuse for fun?
Ah, right, I forget that /dev/fuse is world-writable now. Yeah, we
shouldn't let any idiot pin a bunch of kernel memory. :)
I think the commit message should include that:
"Prior to this patchset, fuse_dev (containing fuse_pqueue) was allocated
on mount. But now fuse_dev is allocated when opening /dev/fuse, even
though the queues are not needed at that time.
"Delay allocation of the pqueue (4k worth of list_head) just before
mounting or cloning a device.
"Various distributions (e.g. Debian/Fedora) configure /dev/fuse as world
writable, so the pqueue allocation should be deferred to a privileged
operation (mount) to prevent unprivileged userspace from consuming
pinned kernel memory."
With that justification,
Reviewed-by: "Darrick J. Wong" <djwong@kernel.org>
--D
next prev parent reply other threads:[~2026-03-23 18:45 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-16 16:53 [PATCH v3 0/7] fuse: fix hang with sync init Miklos Szeredi
2026-03-16 16:53 ` [PATCH v3 1/7] fuse: abort on fatal signal during " Miklos Szeredi
2026-03-16 18:48 ` Joanne Koong
2026-03-23 17:53 ` Darrick J. Wong
2026-03-17 20:19 ` Bernd Schubert
2026-03-18 9:33 ` Miklos Szeredi
2026-03-23 14:19 ` Bernd Schubert
2026-03-16 16:53 ` [PATCH v3 2/7] fuse: create fuse_dev on /dev/fuse open instead of mount Miklos Szeredi
2026-03-17 21:35 ` Bernd Schubert
2026-03-18 9:39 ` Miklos Szeredi
2026-03-16 16:53 ` [PATCH v3 3/7] fuse: add refcount to fuse_dev Miklos Szeredi
2026-03-17 22:13 ` Bernd Schubert
2026-03-18 9:50 ` Miklos Szeredi
2026-03-16 16:53 ` [PATCH v3 4/7] fuse: don't require /dev/fuse fd to be kept open during mount Miklos Szeredi
2026-03-16 19:56 ` Joanne Koong
2026-03-17 9:35 ` Miklos Szeredi
2026-03-16 16:53 ` [PATCH v3 5/7] fuse: clean up device cloning Miklos Szeredi
2026-03-17 22:51 ` Bernd Schubert
2026-03-17 23:43 ` Joanne Koong
2026-03-16 16:53 ` [PATCH v3 6/7] fuse: alloc pqueue before installing fc Miklos Szeredi
2026-03-23 18:22 ` Darrick J. Wong
2026-03-23 18:33 ` Bernd Schubert
2026-03-23 18:45 ` Darrick J. Wong [this message]
2026-03-16 16:53 ` [PATCH v3 7/7] fuse: support FSCONFIG_SET_FD for "fd" option Miklos Szeredi
2026-03-19 3:22 ` Lai, Yi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260323184500.GD6202@frogsfrogsfrogs \
--to=djwong@kernel.org \
--cc=bernd@bsbernd.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=mszeredi@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.