From: ebiederm@xmission.com (Eric W. Biederman)
To: Mike Christie <michael.christie@oracle.com>
Cc: axboe@kernel.dk, hdanton@sina.com, mst@redhat.com,
linux-kernel@vger.kernel.org,
virtualization@lists.linux-foundation.org, hch@infradead.org,
vverma@digitalocean.com, geert@linux-m68k.org,
stefanha@redhat.com, christian.brauner@ubuntu.com,
Christoph Hellwig <hch@lst.de>
Subject: Re: [PATCH V6 10/10] vhost: use user_worker to check RLIMITs
Date: Fri, 17 Dec 2021 13:01:51 -0600 [thread overview]
Message-ID: <87bl1fcaxs.fsf@email.froward.int.ebiederm.org> (raw)
In-Reply-To: <20211129194707.5863-11-michael.christie@oracle.com> (Mike Christie's message of "Mon, 29 Nov 2021 13:47:07 -0600")
Mike Christie <michael.christie@oracle.com> writes:
> For vhost workers we use the kthread API which inherit's its values from
> and checks against the kthreadd thread. This results in the wrong RLIMITs
> being checked. This patch has us use the user_worker helpers which will
> inherit its values/checks from the thread that owns the device similar to
> if we did a clone in userspace.
>
> Signed-off-by: Mike Christie <michael.christie@oracle.com>
> Acked-by: Michael S. Tsirkin <mst@redhat.com>
> Reviewed-by: Christoph Hellwig <hch@lst.de>
> ---
> drivers/vhost/vhost.c | 65 +++++++++++++++----------------------------
> drivers/vhost/vhost.h | 7 ++++-
> 2 files changed, 28 insertions(+), 44 deletions(-)
>
> diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
> index c9a1f706989c..8cf259d798c0 100644
> --- a/drivers/vhost/vhost.c
> +++ b/drivers/vhost/vhost.c
> @@ -22,7 +22,6 @@
> #include <linux/slab.h>
> #include <linux/vmalloc.h>
> #include <linux/kthread.h>
> -#include <linux/cgroup.h>
> #include <linux/module.h>
> #include <linux/sort.h>
> #include <linux/sched/mm.h>
> @@ -344,17 +343,14 @@ static void vhost_vq_reset(struct vhost_dev *dev,
> static int vhost_worker(void *data)
> {
> struct vhost_worker *worker = data;
> - struct vhost_dev *dev = worker->dev;
> struct vhost_work *work, *work_next;
> struct llist_node *node;
>
> - kthread_use_mm(dev->mm);
> -
> for (;;) {
> /* mb paired w/ kthread_stop */
> set_current_state(TASK_INTERRUPTIBLE);
>
> - if (kthread_should_stop()) {
> + if (test_bit(VHOST_WORKER_FLAG_STOP, &worker->flags)) {
> __set_current_state(TASK_RUNNING);
> break;
> }
> @@ -376,8 +372,9 @@ static int vhost_worker(void *data)
> schedule();
> }
> }
> - kthread_unuse_mm(dev->mm);
> - return 0;
> +
> + complete(worker->exit_done);
> + do_exit(0);
This code worries me.
It has the potential for a caller to do:
vhost_worker_stop()
module_put();
Then the exiting work thread tries to do:
do_exit()
Except the code that calls do_exit has already been removed from the
kernel. Maybe the vhost code can never be removed from the kernel
but otherwise I expect that is possible.
Eric
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
WARNING: multiple messages have this Message-ID (diff)
From: ebiederm@xmission.com (Eric W. Biederman)
To: Mike Christie <michael.christie@oracle.com>
Cc: geert@linux-m68k.org, vverma@digitalocean.com, hdanton@sina.com,
hch@infradead.org, stefanha@redhat.com, jasowang@redhat.com,
mst@redhat.com, sgarzare@redhat.com,
virtualization@lists.linux-foundation.org,
christian.brauner@ubuntu.com, axboe@kernel.dk,
linux-kernel@vger.kernel.org, Christoph Hellwig <hch@lst.de>
Subject: Re: [PATCH V6 10/10] vhost: use user_worker to check RLIMITs
Date: Fri, 17 Dec 2021 13:01:51 -0600 [thread overview]
Message-ID: <87bl1fcaxs.fsf@email.froward.int.ebiederm.org> (raw)
In-Reply-To: <20211129194707.5863-11-michael.christie@oracle.com> (Mike Christie's message of "Mon, 29 Nov 2021 13:47:07 -0600")
Mike Christie <michael.christie@oracle.com> writes:
> For vhost workers we use the kthread API which inherit's its values from
> and checks against the kthreadd thread. This results in the wrong RLIMITs
> being checked. This patch has us use the user_worker helpers which will
> inherit its values/checks from the thread that owns the device similar to
> if we did a clone in userspace.
>
> Signed-off-by: Mike Christie <michael.christie@oracle.com>
> Acked-by: Michael S. Tsirkin <mst@redhat.com>
> Reviewed-by: Christoph Hellwig <hch@lst.de>
> ---
> drivers/vhost/vhost.c | 65 +++++++++++++++----------------------------
> drivers/vhost/vhost.h | 7 ++++-
> 2 files changed, 28 insertions(+), 44 deletions(-)
>
> diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
> index c9a1f706989c..8cf259d798c0 100644
> --- a/drivers/vhost/vhost.c
> +++ b/drivers/vhost/vhost.c
> @@ -22,7 +22,6 @@
> #include <linux/slab.h>
> #include <linux/vmalloc.h>
> #include <linux/kthread.h>
> -#include <linux/cgroup.h>
> #include <linux/module.h>
> #include <linux/sort.h>
> #include <linux/sched/mm.h>
> @@ -344,17 +343,14 @@ static void vhost_vq_reset(struct vhost_dev *dev,
> static int vhost_worker(void *data)
> {
> struct vhost_worker *worker = data;
> - struct vhost_dev *dev = worker->dev;
> struct vhost_work *work, *work_next;
> struct llist_node *node;
>
> - kthread_use_mm(dev->mm);
> -
> for (;;) {
> /* mb paired w/ kthread_stop */
> set_current_state(TASK_INTERRUPTIBLE);
>
> - if (kthread_should_stop()) {
> + if (test_bit(VHOST_WORKER_FLAG_STOP, &worker->flags)) {
> __set_current_state(TASK_RUNNING);
> break;
> }
> @@ -376,8 +372,9 @@ static int vhost_worker(void *data)
> schedule();
> }
> }
> - kthread_unuse_mm(dev->mm);
> - return 0;
> +
> + complete(worker->exit_done);
> + do_exit(0);
This code worries me.
It has the potential for a caller to do:
vhost_worker_stop()
module_put();
Then the exiting work thread tries to do:
do_exit()
Except the code that calls do_exit has already been removed from the
kernel. Maybe the vhost code can never be removed from the kernel
but otherwise I expect that is possible.
Eric
next prev parent reply other threads:[~2021-12-17 19:02 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-29 19:46 [PATCH V6 01/10] Use copy_process in vhost layer Mike Christie
2021-11-29 19:46 ` Mike Christie
2021-11-29 19:46 ` [PATCH V6 01/10] fork: Make IO worker options flag based Mike Christie
2021-11-29 19:46 ` Mike Christie
2021-11-29 19:46 ` [PATCH V6 02/10] fork/vm: Move common PF_IO_WORKER behavior to new flag Mike Christie
2021-11-29 19:46 ` Mike Christie
2021-11-29 19:47 ` [PATCH V6 03/10] fork: add USER_WORKER flag to not dup/clone files Mike Christie
2021-11-29 19:47 ` Mike Christie
2021-11-29 19:47 ` [PATCH V6 04/10] fork: Add USER_WORKER flag to ignore signals Mike Christie
2021-11-29 19:47 ` Mike Christie
2021-11-29 19:47 ` [PATCH V6 05/10] signal: Perfom autoreap for PF_USER_WORKER Mike Christie
2021-11-29 19:47 ` Mike Christie
2021-12-17 18:42 ` Eric W. Biederman
2021-12-17 18:42 ` Eric W. Biederman
2021-11-29 19:47 ` [PATCH V6 06/10] fork: add helpers to clone a process for kernel use Mike Christie
2021-11-29 19:47 ` Mike Christie
2021-12-17 18:53 ` Eric W. Biederman
2021-12-17 18:53 ` Eric W. Biederman
2021-11-29 19:47 ` [PATCH V6 07/10] io_uring: switch to user_worker Mike Christie
2021-11-29 19:47 ` Mike Christie
2021-11-29 19:47 ` [PATCH V6 08/10] fork: remove create_io_thread Mike Christie
2021-11-29 19:47 ` Mike Christie
2021-11-29 19:47 ` [PATCH V6 09/10] vhost: move worker thread fields to new struct Mike Christie
2021-11-29 19:47 ` Mike Christie
2021-11-29 19:47 ` [PATCH V6 10/10] vhost: use user_worker to check RLIMITs Mike Christie
2021-11-29 19:47 ` Mike Christie
2021-12-17 19:01 ` Eric W. Biederman [this message]
2021-12-17 19:01 ` Eric W. Biederman
2021-12-08 20:34 ` [PATCH V6 01/10] Use copy_process in vhost layer Michael S. Tsirkin
2021-12-08 20:34 ` Michael S. Tsirkin
2021-12-08 22:13 ` michael.christie
2021-12-08 22:13 ` michael.christie
2021-12-09 9:32 ` Christian Brauner
2021-12-17 19:26 ` Eric W. Biederman
2021-12-17 19:26 ` Eric W. Biederman
2021-12-17 22:08 ` michael.christie
2021-12-17 22:08 ` michael.christie
2021-12-22 0:20 ` Eric W. Biederman
2021-12-22 0:20 ` Eric W. Biederman
2021-12-22 17:32 ` Mike Christie
2021-12-22 17:32 ` Mike Christie
2021-12-22 18:24 ` Eric W. Biederman
2021-12-22 18:24 ` Eric W. Biederman
2021-12-22 20:25 ` Michael S. Tsirkin
2021-12-22 20:25 ` Michael S. Tsirkin
2022-01-17 16:41 ` Mike Christie
2022-01-17 16:41 ` Mike Christie
2022-01-17 17:31 ` Eric W. Biederman
2022-01-17 17:31 ` Eric W. Biederman
2022-01-18 18:51 ` Mike Christie
2022-01-18 18:51 ` Mike Christie
2022-01-18 19:00 ` Mike Christie
2022-01-18 19:00 ` Mike Christie
2022-01-18 19:12 ` Eric W. Biederman
2022-01-18 19:12 ` Eric W. Biederman
2022-02-02 21:02 ` Mike Christie
2022-02-02 21:02 ` Mike Christie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87bl1fcaxs.fsf@email.froward.int.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=axboe@kernel.dk \
--cc=christian.brauner@ubuntu.com \
--cc=geert@linux-m68k.org \
--cc=hch@infradead.org \
--cc=hch@lst.de \
--cc=hdanton@sina.com \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.christie@oracle.com \
--cc=mst@redhat.com \
--cc=stefanha@redhat.com \
--cc=virtualization@lists.linux-foundation.org \
--cc=vverma@digitalocean.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.