From: Rusty Russell <rusty@rustcorp.com.au>
To: Davide Libenzi <davidel@xmailserver.org>
Cc: Gregory Haskins <ghaskins@novell.com>,
mst@redhat.com, kvm@vger.kernel.org,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
avi@redhat.com, paulmck@linux.vnet.ibm.com,
Ingo Molnar <mingo@elte.hu>
Subject: Re: [PATCH 3/3] eventfd: add internal reference counting to fix notifier race conditions
Date: Thu, 25 Jun 2009 21:12:24 +0930 [thread overview]
Message-ID: <200906252112.24730.rusty@rustcorp.com.au> (raw)
In-Reply-To: <alpine.DEB.1.10.0906241154350.30928@makko.or.mcafeemobile.com>
On Thu, 25 Jun 2009 08:15:11 am Davide Libenzi wrote:
> On Wed, 24 Jun 2009, Rusty Russell wrote:
> > On Tue, 23 Jun 2009 03:33:22 am Davide Libenzi wrote:
> > > What you're doing there, is setting up a kernel-to-kernel (since
> > > userspace only role is to create the eventfd) communication, using a
> > > file* as accessory. That IMO is plain wrong.
> >
> > The most sensible is that userspace can use these fds; an in-kernel
> > variant is possible too, but not primary IMHO.
> >
> > It's nice that userspace create the fds; it can then use the same fd for
> > multiple event sources.
> >
> > But I didn't see anything wrong with the way eventfd used to work: you
> > have a kvm ioctl to say "attach this eventfd to this guest notification"
> > and that does the eventfd_fget. A detach ioctl does the fput (as does
> > release of the kvm fd).
> >
> > If they close the eventfd and don't do the detach ioctl, it's their
> > problem.
>
> Some components would like to know if userspace dropped the fd, and take
> proper action accordingly (release resources, drop module instances,
> etc...).
Like to know? Possibly. Need to know? Not anything I've seen so far.
If userspace creates the fd, component grab a ref and if userspace wants that
fd completely freed must close the fd *and* tell component. Simple, race free
and explicit. All wins.
As this discussion shows, doing some kind of implies non-reference is hard,
complex and racy.
> Another thing that comes in my mind (that for some components might not
> matter) is considering the effect of userspace doing things like:
>
> for (;;) {
> fd = eventfd(...);
> ioctl(xfd, XXX_ADD, fd);
> close(fd);
> }
>
> That might lead to unprivileged users drawing kernel memory w/out any
> userspace accountability, if not properly handled.
No, fget_eventfd covers this exactly as expected. Don't doubt your ability to
design sane kernel interfaces; eventfd is nice! All lguest needed was a
couple of EXPORT_SYMBOLS and it fitted in beautifully.
Thanks,
Rusty.
next prev parent reply other threads:[~2009-06-25 11:42 UTC|newest]
Thread overview: 95+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-06-16 2:29 [KVM-RFC PATCH 0/2] eventfd enhancements for irqfd/iosignalfd Gregory Haskins
2009-06-16 2:29 ` [KVM-RFC PATCH 1/2] eventfd: add an explicit srcu based notifier interface Gregory Haskins
2009-06-16 14:02 ` Michael S. Tsirkin
2009-06-16 14:11 ` Gregory Haskins
2009-06-16 14:38 ` Michael S. Tsirkin
2009-06-16 14:48 ` Gregory Haskins
2009-06-16 14:54 ` Gregory Haskins
2009-06-16 15:16 ` Michael S. Tsirkin
2009-06-16 14:55 ` Michael S. Tsirkin
2009-06-16 15:20 ` Gregory Haskins
2009-06-16 15:41 ` Michael S. Tsirkin
2009-06-16 16:17 ` Gregory Haskins
2009-06-16 16:19 ` Davide Libenzi
2009-06-16 17:01 ` Gregory Haskins
2009-06-17 16:38 ` Davide Libenzi
2009-06-17 17:28 ` Gregory Haskins
2009-06-17 17:44 ` Davide Libenzi
2009-06-17 19:17 ` Gregory Haskins
2009-06-17 19:50 ` Davide Libenzi
2009-06-17 21:48 ` Gregory Haskins
2009-06-17 23:21 ` Davide Libenzi
2009-06-18 6:23 ` Michael S. Tsirkin
2009-06-18 17:52 ` Davide Libenzi
2009-06-18 14:01 ` Gregory Haskins
2009-06-18 17:44 ` Davide Libenzi
2009-06-18 19:04 ` Gregory Haskins
2009-06-18 22:03 ` Davide Libenzi
2009-06-18 22:47 ` Gregory Haskins
2009-06-19 18:51 ` Gregory Haskins
2009-06-19 18:51 ` [PATCH 1/3] eventfd: Allow waiters to be notified about the eventfd file* going away Gregory Haskins
2009-06-19 18:51 ` [PATCH 2/3] eventfd: add generalized notifier interface Gregory Haskins
2009-06-19 18:51 ` [PATCH 3/3] eventfd: add internal reference counting to fix notifier race conditions Gregory Haskins
2009-06-19 19:10 ` Davide Libenzi
2009-06-19 21:16 ` Gregory Haskins
2009-06-19 21:26 ` Davide Libenzi
2009-06-19 21:49 ` Gregory Haskins
2009-06-19 21:54 ` Davide Libenzi
2009-06-19 22:47 ` Davide Libenzi
2009-06-20 2:09 ` Gregory Haskins
2009-06-20 21:17 ` Davide Libenzi
2009-06-20 22:11 ` Davide Libenzi
2009-06-20 23:48 ` Davide Libenzi
2009-06-21 1:14 ` Gregory Haskins
2009-06-21 16:51 ` Davide Libenzi
2009-06-21 18:39 ` Gregory Haskins
2009-06-21 23:54 ` Davide Libenzi
2009-06-22 16:05 ` Gregory Haskins
2009-06-22 17:01 ` Davide Libenzi
2009-06-22 17:43 ` Gregory Haskins
2009-06-22 18:03 ` Davide Libenzi
2009-06-22 18:31 ` Gregory Haskins
2009-06-22 18:40 ` Davide Libenzi
2009-06-22 18:41 ` Michael S. Tsirkin
2009-06-22 18:51 ` Davide Libenzi
2009-06-22 19:05 ` Michael S. Tsirkin
2009-06-22 19:26 ` Gregory Haskins
2009-06-22 19:29 ` Davide Libenzi
2009-06-22 20:06 ` Gregory Haskins
2009-06-22 22:53 ` Davide Libenzi
2009-06-23 1:03 ` Gregory Haskins
2009-06-23 1:17 ` Davide Libenzi
2009-06-23 1:26 ` Gregory Haskins
2009-06-23 14:29 ` Davide Libenzi
2009-06-23 14:37 ` Gregory Haskins
2009-06-23 14:35 ` Davide Libenzi
2009-06-23 14:42 ` Gregory Haskins
2009-06-23 15:04 ` Michael S. Tsirkin
2009-06-22 20:28 ` Michael S. Tsirkin
2009-06-22 19:16 ` Gregory Haskins
2009-06-22 19:54 ` Davide Libenzi
2009-06-24 3:25 ` Rusty Russell
2009-06-24 22:45 ` Davide Libenzi
2009-06-25 11:42 ` Rusty Russell [this message]
2009-06-25 16:34 ` Davide Libenzi
2009-06-25 17:32 ` Gregory Haskins
2009-06-25 18:26 ` Michael S. Tsirkin
2009-06-25 18:41 ` Gregory Haskins
2009-06-26 11:23 ` Michael S. Tsirkin
2009-06-23 3:25 ` Rusty Russell
2009-06-23 14:31 ` Davide Libenzi
2009-06-25 0:19 ` Davide Libenzi
2009-06-21 1:05 ` Gregory Haskins
2009-06-16 17:54 ` [KVM-RFC PATCH 1/2] eventfd: add an explicit srcu based notifier interface Michael S. Tsirkin
2009-06-16 18:09 ` Gregory Haskins
2009-06-17 14:45 ` Michael S. Tsirkin
2009-06-17 15:02 ` Gregory Haskins
2009-06-17 16:25 ` Michael S. Tsirkin
2009-06-17 16:41 ` Gregory Haskins
2009-06-16 14:17 ` Gregory Haskins
2009-06-16 14:22 ` Gregory Haskins
2009-06-16 14:40 ` Gregory Haskins
2009-06-16 14:46 ` Michael S. Tsirkin
2009-06-18 9:03 ` Avi Kivity
2009-06-18 11:43 ` Gregory Haskins
2009-06-16 2:30 ` [KVM-RFC PATCH 2/2] eventfd: add module reference counting support for registered notifiers Gregory Haskins
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200906252112.24730.rusty@rustcorp.com.au \
--to=rusty@rustcorp.com.au \
--cc=avi@redhat.com \
--cc=davidel@xmailserver.org \
--cc=ghaskins@novell.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=mst@redhat.com \
--cc=paulmck@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox