From: "Darrick J. Wong" <djwong@kernel.org>
To: Bernd Schubert <bernd@bsbernd.com>
Cc: Miklos Szeredi <mszeredi@redhat.com>, linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH v3 6/7] fuse: alloc pqueue before installing fc
Date: Mon, 23 Mar 2026 11:45:00 -0700 [thread overview]
Message-ID: <20260323184500.GD6202@frogsfrogsfrogs> (raw)
In-Reply-To: <a32528a5-0717-43ea-bfc3-ab61eba9dae8@bsbernd.com>
On Mon, Mar 23, 2026 at 07:33:10PM +0100, Bernd Schubert wrote:
>
>
> On 3/23/26 19:22, Darrick J. Wong wrote:
> > On Mon, Mar 16, 2026 at 05:53:17PM +0100, Miklos Szeredi wrote:
> >> Prior to this patchset, fuse_dev (containing fuse_pqueue) was allocated on
> >> mount. But now fuse_dev is allocated when opening /dev/fuse, even though
> >> the queues are not needed at that time.
> >>
> >> Delay allocation of the pqueue (4k worth of list_head) just before mounting
> >> or cloning a device.
> >>
> >> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
> >
> > I wonder if this is worth the extra complexity to defer a memory
> > allocation? If the fuse server actually mount()s then we need the
> > pqueues, right? How common is it for a fuse server to open the
> > /dev/fuse when the kernel is so low on memory that the open() would fail
> > with ENOMEM on account of the pqueue allocation? And is it likely that
> > a lot of memory would be freed up by the time we get to mount/clone?
> >
> > I suppose if you had a very slow mounting fuse server this could happen,
> > but now everyone has to understand that fud->pq.processing can be NULL.
>
> I guess the issue is that people might abuse it and open /dev/fuse for fun?
Ah, right, I forget that /dev/fuse is world-writable now. Yeah, we
shouldn't let any idiot pin a bunch of kernel memory. :)
I think the commit message should include that:
"Prior to this patchset, fuse_dev (containing fuse_pqueue) was allocated
on mount. But now fuse_dev is allocated when opening /dev/fuse, even
though the queues are not needed at that time.
"Delay allocation of the pqueue (4k worth of list_head) just before
mounting or cloning a device.
"Various distributions (e.g. Debian/Fedora) configure /dev/fuse as world
writable, so the pqueue allocation should be deferred to a privileged
operation (mount) to prevent unprivileged userspace from consuming
pinned kernel memory."
With that justification,
Reviewed-by: "Darrick J. Wong" <djwong@kernel.org>
--D
next prev parent reply other threads:[~2026-03-23 18:45 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-16 16:53 [PATCH v3 0/7] fuse: fix hang with sync init Miklos Szeredi
2026-03-16 16:53 ` [PATCH v3 1/7] fuse: abort on fatal signal during " Miklos Szeredi
2026-03-16 18:48 ` Joanne Koong
2026-03-23 17:53 ` Darrick J. Wong
2026-03-17 20:19 ` Bernd Schubert
2026-03-18 9:33 ` Miklos Szeredi
2026-03-23 14:19 ` Bernd Schubert
2026-03-16 16:53 ` [PATCH v3 2/7] fuse: create fuse_dev on /dev/fuse open instead of mount Miklos Szeredi
2026-03-17 21:35 ` Bernd Schubert
2026-03-18 9:39 ` Miklos Szeredi
2026-03-16 16:53 ` [PATCH v3 3/7] fuse: add refcount to fuse_dev Miklos Szeredi
2026-03-17 22:13 ` Bernd Schubert
2026-03-18 9:50 ` Miklos Szeredi
2026-03-16 16:53 ` [PATCH v3 4/7] fuse: don't require /dev/fuse fd to be kept open during mount Miklos Szeredi
2026-03-16 19:56 ` Joanne Koong
2026-03-17 9:35 ` Miklos Szeredi
2026-03-16 16:53 ` [PATCH v3 5/7] fuse: clean up device cloning Miklos Szeredi
2026-03-17 22:51 ` Bernd Schubert
2026-03-17 23:43 ` Joanne Koong
2026-03-16 16:53 ` [PATCH v3 6/7] fuse: alloc pqueue before installing fc Miklos Szeredi
2026-03-23 18:22 ` Darrick J. Wong
2026-03-23 18:33 ` Bernd Schubert
2026-03-23 18:45 ` Darrick J. Wong [this message]
2026-03-16 16:53 ` [PATCH v3 7/7] fuse: support FSCONFIG_SET_FD for "fd" option Miklos Szeredi
2026-03-19 3:22 ` Lai, Yi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260323184500.GD6202@frogsfrogsfrogs \
--to=djwong@kernel.org \
--cc=bernd@bsbernd.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=mszeredi@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox