[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160301160813.GM9461@dhcp22.suse.cz>
Date: Tue, 1 Mar 2016 17:08:13 +0100
From: Michal Hocko <mhocko@...nel.org>
To: "Michael S. Tsirkin" <mst@...hat.com>
Cc: Vladimir Davydov <vdavydov@...tuozzo.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>,
David Rientjes <rientjes@...gle.com>, linux-mm@...ck.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] exit: clear TIF_MEMDIE after exit_task_work
On Tue 01-03-16 17:57:04, Michael S. Tsirkin wrote:
> On Tue, Mar 01, 2016 at 04:52:12PM +0100, Michal Hocko wrote:
> > [CCing vhost-net maintainer]
> >
> > On Mon 29-02-16 20:02:09, Vladimir Davydov wrote:
> > > An mm_struct may be pinned by a file. An example is vhost-net device
> > > created by a qemu/kvm (see vhost_net_ioctl -> vhost_net_set_owner ->
> > > vhost_dev_set_owner).
> >
> > The more I think about that the more I am wondering whether this is
> > actually OK and correct. Why does the driver have to pin the address
> > space? Nothing really prevents from parallel tearing down of the address
> > space anyway so the code cannot expect all the vmas to stay. Would it be
> > enough to pin the mm_struct only?
>
> I'll need to research this. It's a fact that as long as the
> device is not stopped, vhost can attempt to access
> the address space.
But does it expect any specific parts of the address space to be mapped?
E.g. proc needs to keep the mm allocated as well for some files but it
doesn't pin the address space (mm_users) but rather mm_count (see
proc_mem_open).
> > I am not sure I understand the code properly but what prevents from
> > the situation when a VHOST_SET_OWNER caller dies without calling
> > VHOST_RESET_OWNER and so the mm would be pinned indefinitely?
> >
> > [Keeping the reset of the email for reference]
>
> We have:
>
> static const struct file_operations vhost_net_fops = {
> .owner = THIS_MODULE,
> .release = vhost_net_release,
> ...
> };
>
> When caller dies and after fds are closed,
> vhost_net_release calls vhost_dev_cleanup and that
> drops the mm reference.
Can another process have the device open as well and prevent from
destruction?
--
Michal Hocko
SUSE Labs
Powered by blists - more mailing lists