lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 Sep 2021 10:54:55 +0200 From: Christian Brauner <christian.brauner@...ntu.com> To: Mike Christie <michael.christie@...cle.com> Cc: stefanha@...hat.com, jasowang@...hat.com, mst@...hat.com, sgarzare@...hat.com, virtualization@...ts.linux-foundation.org, axboe@...nel.dk, linux-kernel@...r.kernel.org Subject: Re: [PATCH 3/8] fork: add option to not clone or dup files On Thu, Sep 16, 2021 at 04:20:46PM -0500, Mike Christie wrote: > Each vhost device gets a thread that is used to perform IO and management > operations. Instead of a thread that is accessing a device, the thread is > part of the device, so when it calls kernel_copy_process we can't dup or > clone the parent's (Qemu thread that does the VHOST_SET_OWNER ioctl) > files/FDS because it would do an extra increment on ourself. > > Later, when we do: > > Qemu process exits: > do_exit -> exit_files -> put_files_struct -> close_files > > we would leak the device's resources because of that extra refcount > on the fd or file_struct. > > This patch adds a no_files option so these worker threads can prevent > taking an extra refcount on themselves. > > Signed-off-by: Mike Christie <michael.christie@...cle.com> > --- > include/linux/sched/task.h | 3 ++- > kernel/fork.c | 14 +++++++++++--- > 2 files changed, 13 insertions(+), 4 deletions(-) > > diff --git a/include/linux/sched/task.h b/include/linux/sched/task.h > index c55f1eb69d41..d0b0872f56cc 100644 > --- a/include/linux/sched/task.h > +++ b/include/linux/sched/task.h > @@ -32,6 +32,7 @@ struct kernel_clone_args { > size_t set_tid_size; > int cgroup; > int io_thread; > + int no_files; > struct cgroup *cgrp; > struct css_set *cset; > }; > @@ -86,7 +87,7 @@ extern pid_t kernel_clone(struct kernel_clone_args *kargs); > struct task_struct *create_io_thread(int (*fn)(void *), void *arg, int node); > struct task_struct *kernel_copy_process(int (*fn)(void *), void *arg, int node, > unsigned long clone_flags, > - int io_thread); > + int io_thread, int no_files); > struct task_struct *fork_idle(int); > struct mm_struct *copy_init_mm(void); > extern pid_t kernel_thread(int (*fn)(void *), void *arg, unsigned long flags); > diff --git a/kernel/fork.c b/kernel/fork.c > index cec7b6011beb..a0468e30b27e 100644 > --- a/kernel/fork.c > +++ b/kernel/fork.c > @@ -1532,7 +1532,8 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) > return 0; > } > > -static int copy_files(unsigned long clone_flags, struct task_struct *tsk) > +static int copy_files(unsigned long clone_flags, struct task_struct *tsk, > + int no_files) > { > struct files_struct *oldf, *newf; > int error = 0; > @@ -1544,6 +1545,11 @@ static int copy_files(unsigned long clone_flags, struct task_struct *tsk) > if (!oldf) > goto out; > > + if (no_files) { > + tsk->files = NULL; > + goto out; > + } > + > if (clone_flags & CLONE_FILES) { > atomic_inc(&oldf->count); > goto out; > @@ -2179,7 +2185,7 @@ static __latent_entropy struct task_struct *copy_process( > retval = copy_semundo(clone_flags, p); > if (retval) > goto bad_fork_cleanup_security; > - retval = copy_files(clone_flags, p); > + retval = copy_files(clone_flags, p, args->no_files); > if (retval) > goto bad_fork_cleanup_semundo; > retval = copy_fs(clone_flags, p); > @@ -2539,6 +2545,7 @@ struct task_struct *create_io_thread(int (*fn)(void *), void *arg, int node) > * @node: numa node to allocate task from > * @clone_flags: CLONE flags > * @io_thread: 1 if this will be a PF_IO_WORKER else 0. > + * @no_files: Do not duplicate or copy the parent's open files. > * > * This returns a created task, or an error pointer. The returned task is > * inactive, and the caller must fire it up through wake_up_new_task(p). If > @@ -2546,7 +2553,7 @@ struct task_struct *create_io_thread(int (*fn)(void *), void *arg, int node) > */ > struct task_struct *kernel_copy_process(int (*fn)(void *), void *arg, int node, > unsigned long clone_flags, > - int io_thread) > + int io_thread, int no_files) I think that the addition of no_files together with io_thread might be a sign to introduce a set of kernel internal clone flags in kernel_clone_args.
Powered by blists - more mailing lists