lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 1 Mar 2016 17:08:13 +0100
From:	Michal Hocko <mhocko@...nel.org>
To:	"Michael S. Tsirkin" <mst@...hat.com>
Cc:	Vladimir Davydov <vdavydov@...tuozzo.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>,
	David Rientjes <rientjes@...gle.com>, linux-mm@...ck.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] exit: clear TIF_MEMDIE after exit_task_work

On Tue 01-03-16 17:57:04, Michael S. Tsirkin wrote:
> On Tue, Mar 01, 2016 at 04:52:12PM +0100, Michal Hocko wrote:
> > [CCing vhost-net maintainer]
> > 
> > On Mon 29-02-16 20:02:09, Vladimir Davydov wrote:
> > > An mm_struct may be pinned by a file. An example is vhost-net device
> > > created by a qemu/kvm (see vhost_net_ioctl -> vhost_net_set_owner ->
> > > vhost_dev_set_owner).
> > 
> > The more I think about that the more I am wondering whether this is
> > actually OK and correct. Why does the driver have to pin the address
> > space? Nothing really prevents from parallel tearing down of the address
> > space anyway so the code cannot expect all the vmas to stay. Would it be
> > enough to pin the mm_struct only?
> 
> I'll need to research this. It's a fact that as long as the
> device is not stopped, vhost can attempt to access
> the address space.

But does it expect any specific parts of the address space to be mapped?
E.g. proc needs to keep the mm allocated as well for some files but it
doesn't pin the address space (mm_users) but rather mm_count (see
proc_mem_open).

> > I am not sure I understand the code properly but what prevents from
> > the situation when a VHOST_SET_OWNER caller dies without calling
> > VHOST_RESET_OWNER and so the mm would be pinned indefinitely?
> > 
> > [Keeping the reset of the email for reference]
> 
> We have:
> 
> static const struct file_operations vhost_net_fops = {
>         .owner          = THIS_MODULE,
>         .release        = vhost_net_release,
> ...
> };
> 
> When caller dies and after fds are closed,
> vhost_net_release calls vhost_dev_cleanup and that
> drops the mm reference.

Can another process have the device open as well and prevent from
destruction?
-- 
Michal Hocko
SUSE Labs

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ