lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20230421-satzglied-cybernaut-b2b652a46bfa@brauner>
Date:   Fri, 21 Apr 2023 15:37:12 +0200
From:   Christian Brauner <brauner@...nel.org>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Christian Brauner <brauner@...nel.org>,
        linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
        virtualization@...ts.linux-foundation.org
Subject: [GIT PULL] fork: user workers & vhost

Hey Linus,

/* Summary */
This contains the work generalizing the ability to create a kernel
worker from a userspace process. Such user workers will run with the
same credentials as the userspace process they were created from
providing stronger security and accounting guarantees than the
traditional override_creds() approach ever could've hoped for.

The original work was heavily based and optimzed for the needs of
io_uring which was the first user. However, as it quickly turned out the
ability to create user workers inherting properties from a userspace
process is generally useful.

The vhost subsystem currently creates workers using the kthread api. The
consequences of using the kthread api are that RLIMITs don't work
correctly as they are inherited from khtreadd. This leads to bugs
where more workers are created than would be allowed by the RLIMITs of
the userspace process in lieu of which workers are created.

Problems like this disappear with user workers created from the
userspace processes for which they perform the work. In addition,
providing this api allows vhost to remove additional complexity. For
example, cgroup and mm sharing will just work out of the box with user
workers based on the relevant userspace process instead of manually
ensuring the correct cgroup and mm contexts are used.

So the vhost subsystem should simply be made to use the same mechanism
as io_uring. To this end the original mechanism used for
create_io_thread() is generalized into user workers:

* Introduce PF_USER_WORKER as a generic indicator that a given task is a
  user worker, i.e., a kernel task that was created from a userspace
  process. Now a PF_IO_WORKER thread is just a specialized version of
  PF_USER_WORKER. So io_uring io workers raise both flags.
* Make copy_process() available to core kernel code.
* Extend struct kernel_clone_args with the following bitfields allowing
  to indicate to copy_process():
  * to create a user worker (raise PF_USER_WORKER)
  * to not inherit any files from the userspace process
  * to ignore signals

After all generic changes are in place the vhost subsystem implements a
new dedicated vhost api based on user workers. Finally, vhost is
switched to rely on the new api moving it off of kthreads.

Thanks to Mike for sticking it out and making it through this rather
arduous journey.

/* Testing */
clang: Ubuntu clang version 15.0.6
gcc: (Ubuntu 12.2.0-3ubuntu1) 12.2.0

All patches are based on 6.3-rc1 and have been sitting in linux-next.
No build failures or warnings were observed. All old and new tests in
fstests, selftests, and LTP pass without regressions.

/* Conflicts */
At the time of creating this PR no merge conflicts were reported from
linux-next and no merge conflicts showed up doing a test-merge with
current mainline.

The following changes since commit fe15c26ee26efa11741a7b632e9f23b01aca4cc6:

  Linux 6.3-rc1 (2023-03-05 14:52:03 -0800)

are available in the Git repository at:

  git@...olite.kernel.org:pub/scm/linux/kernel/git/brauner/linux tags/v6.4/kernel.user_worker

for you to fetch changes up to 6e890c5d5021ca7e69bbe203fde42447874d9a82:

  vhost: use vhost_tasks for worker threads (2023-03-23 12:45:37 +0100)

Please consider pulling these changes from the signed v6.4/kernel.user_worker tag.

Thanks!
Christian

----------------------------------------------------------------
v6.4/kernel.user_worker

----------------------------------------------------------------
Mike Christie (11):
      csky: Remove kernel_thread declaration
      kernel: Allow a kernel thread's name to be set in copy_process
      kthread: Pass in the thread's name during creation
      kernel: Make io_thread and kthread bit fields
      fork/vm: Move common PF_IO_WORKER behavior to new flag
      fork: add kernel_clone_args flag to not dup/clone files
      fork: Add kernel_clone_args flag to ignore signals
      fork: allow kernel code to call copy_process
      vhost_task: Allow vhost layer to use copy_process
      vhost: move worker thread fields to new struct
      vhost: use vhost_tasks for worker threads

 MAINTAINERS                       |   2 +
 arch/csky/include/asm/processor.h |   2 -
 drivers/vhost/Kconfig             |   5 ++
 drivers/vhost/vhost.c             | 124 ++++++++++++++++++--------------------
 drivers/vhost/vhost.h             |  11 +++-
 include/linux/sched.h             |   2 +-
 include/linux/sched/task.h        |  13 +++-
 include/linux/sched/vhost_task.h  |  23 +++++++
 init/main.c                       |   2 +-
 kernel/Makefile                   |   1 +
 kernel/fork.c                     |  25 ++++++--
 kernel/kthread.c                  |  33 ++++------
 kernel/vhost_task.c               | 117 +++++++++++++++++++++++++++++++++++
 mm/vmscan.c                       |   4 +-
 14 files changed, 263 insertions(+), 101 deletions(-)
 create mode 100644 include/linux/sched/vhost_task.h
 create mode 100644 kernel/vhost_task.c

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ