search for: vhost_task_create

vhost_task_create is supposed to return the vhost_task or NULL on failure. This fixes it to return the correct value when the allocation of the struct fails. Fixes: 77feab3c4156 ("vhost_task: Allow vhost layer to use copy_process") # mainline only Reported-by: syzbot+6b27b2d2aba1c80cc13b at syzkaller.apps...

...0000000215d4000 CR4: 00000000003506f0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > Call Trace: > <TASK> > vhost_worker_create drivers/vhost/vhost.c:580 [inline] The return value from vhost_task_create is incorrect if the kzalloc fails. Christian, here is a fix for what's in your tree. Do you want me to submit a follow up patch like this or a replacement patch for: commit 77feab3c4156 ("vhost_task: Allow vhost layer to use copy_process") with the fix rolled into it? >From 0...

.... > > ignoring send-fd/clone issues, can we assume that the final fput/release > should always come from vhost_worker's sub-thread (which shares mm/etc) ? I think I'm misunderstanding the sub-thread term. - Is it the task_struct's context that we did the kernel/vhost_taskc.c:vhost_task_create() from? Below it would be the thread we did VHOST_SET_OWNER from. If so, then yes. - Is it the task_struct that gets created by kernel/vhost_taskc.c:vhost_task_create()? If so, then the answer is no. vhost_task_create has set the no_files arg on kernel_clone_args, so copy_files() sets task_struc...

...0400, Michael S. Tsirkin wrote: > > On Thu, Mar 23, 2023 at 11:44:45AM +0100, Christian Brauner wrote: > > > On Thu, Mar 23, 2023 at 03:37:19AM -0400, Michael S. Tsirkin wrote: > > > > On Wed, Mar 22, 2023 at 01:56:05PM -0500, Mike Christie wrote: > > > > > vhost_task_create is supposed to return the vhost_task or NULL on > > > > > failure. This fixes it to return the correct value when the allocation > > > > > of the struct fails. > > > > > > > > > > Fixes: 77feab3c4156 ("vhost_task: Allow vhost layer t...

...d/clone issues, can we assume that the final fput/release > > should always come from vhost_worker's sub-thread (which shares mm/etc) ? > > I think I'm misunderstanding the sub-thread term. > > - Is it the task_struct's context that we did the > kernel/vhost_taskc.c:vhost_task_create() from? Below it would be the > thread we did VHOST_SET_OWNER from. Yes, > So it works like if we were using a kthread still: > > 1. Userapce thread0 opens /dev/vhost-$something. > 2. thread0 does VHOST_SET_OWNER ioctl. This calls vhost_task_create() to > create the task_struct...

...assume that the final fput/release >>> should always come from vhost_worker's sub-thread (which shares mm/etc) ? >> >> I think I'm misunderstanding the sub-thread term. >> >> - Is it the task_struct's context that we did the >> kernel/vhost_taskc.c:vhost_task_create() from? Below it would be the >> thread we did VHOST_SET_OWNER from. > > Yes, > >> So it works like if we were using a kthread still: >> >> 1. Userapce thread0 opens /dev/vhost-$something. >> 2. thread0 does VHOST_SET_OWNER ioctl. This calls vhost_task_creat...

Hi Mike, sorry, but somehow I can't understand this patch... I'll try to read it with a fresh head on Weekend, but for example, On 06/01, Mike Christie wrote: > > static int vhost_task_fn(void *data) > { > struct vhost_task *vtsk = data; > - int ret; > + bool dead = false; > + > + for (;;) { > + bool did_work; > + > + /* mb paired w/

...f _LINUX_VHOST_TASK_H #define _LINUX_VHOST_TASK_H -#include <linux/completion.h> -struct task_struct; +struct vhost_task; -struct vhost_task { - int (*fn)(void *data); - void *data; - struct completion exited; - unsigned long flags; - struct task_struct *task; -}; - -struct vhost_task *vhost_task_create(int (*fn)(void *), void *arg, +struct vhost_task *vhost_task_create(bool (*fn)(void *), void *arg, const char *name); void vhost_task_start(struct vhost_task *vtsk); void vhost_task_stop(struct vhost_task *vtsk); -bool vhost_task_should_stop(struct vhost_task *vtsk); +void vhost_task_wa...

...t; On 6/6/23 7:16 AM, Oleg Nesterov wrote: > > On 06/05, Mike Christie wrote: > > > >> So it works like if we were using a kthread still: > >> > >> 1. Userapce thread0 opens /dev/vhost-$something. > >> 2. thread0 does VHOST_SET_OWNER ioctl. This calls vhost_task_create() to > >> create the task_struct which runs the vhost_worker() function which handles > >> the work->fns. > >> 3. If userspace now does a SIGKILL or just exits without doing a close() on > >> /dev/vhost-$something, then when thread0 does exit_files() that will...

...gt;worker = worker; - worker->kcov_handle = kcov_common_handle(); - init_llist_head(&worker->work_list); + dev->worker.kcov_handle = kcov_common_handle(); + init_llist_head(&dev->worker.work_list); snprintf(name, sizeof(name), "vhost-%d", current->pid); - vtsk = vhost_task_create(vhost_worker, worker, name); + vtsk = vhost_task_create(vhost_worker, &dev->worker, name); if (!vtsk) { ret = -ENOMEM; goto free_worker; } - worker->vtsk = vtsk; + WRITE_ONCE(dev->worker.vtsk, vtsk); vhost_task_start(vtsk); return 0; free_worker: - kfree(worker); - d...

...ACCOUNT); - if (!worker) - return -ENOMEM; - dev->worker = worker; - worker->kcov_handle = kcov_common_handle(); - init_llist_head(&worker->work_list); + init_llist_head(&dev->worker.work_list); snprintf(name, sizeof(name), "vhost-%d", current->pid); - vtsk = vhost_task_create(vhost_worker, worker, name); - if (!vtsk) { - ret = -ENOMEM; - goto free_worker; - } + vtsk = vhost_task_create(vhost_worker, &dev->worker, name); + if (!vtsk) + return -ENOMEM; - worker->vtsk = vtsk; + dev->worker.kcov_handle = kcov_common_handle(); + dev->worker.vtsk = vtsk;...

...ACCOUNT); - if (!worker) - return -ENOMEM; - dev->worker = worker; - worker->kcov_handle = kcov_common_handle(); - init_llist_head(&worker->work_list); + init_llist_head(&dev->worker.work_list); snprintf(name, sizeof(name), "vhost-%d", current->pid); - vtsk = vhost_task_create(vhost_worker, worker, name); - if (!vtsk) { - ret = -ENOMEM; - goto free_worker; - } + vtsk = vhost_task_create(vhost_worker, &dev->worker, name); + if (!vtsk) + return -ENOMEM; - worker->vtsk = vtsk; + dev->worker.kcov_handle = kcov_common_handle(); + dev->worker.vtsk = vtsk;...

...turn -ENOMEM; > >- dev->worker = worker; >- worker->kcov_handle = kcov_common_handle(); >- init_llist_head(&worker->work_list); >+ init_llist_head(&dev->worker.work_list); > snprintf(name, sizeof(name), "vhost-%d", current->pid); > >- vtsk = vhost_task_create(vhost_worker, worker, name); >- if (!vtsk) { >- ret = -ENOMEM; >- goto free_worker; >- } >+ vtsk = vhost_task_create(vhost_worker, &dev->worker, name); >+ if (!vtsk) >+ return -ENOMEM; > >- worker->vtsk = vtsk; >+ dev->worker.kcov_handle = kcov_common_h...

...ET_OWNER has been done >> like before. >> >> Fixes: 6e890c5d5021 ("vhost: use vhost_tasks for worker threads") > > We should add: > > Reported-by: syzbot+d0d442c22fa8db45ff0e at syzkaller.appspotmail.com Ok. Will do. >> -??? } >> +??? vtsk = vhost_task_create(vhost_worker, &dev->worker, name); >> +??? if (!vtsk) >> +??????? return -ENOMEM; >> >> -??? worker->vtsk = vtsk; >> +??? dev->worker.kcov_handle = kcov_common_handle(); >> +??? dev->worker.vtsk = vtsk; > > vhost_work_queue() is called by v...

...gt;> Fixes: 6e890c5d5021 ("vhost: use vhost_tasks for worker threads") > > > > We should add: > > > > Reported-by: syzbot+d0d442c22fa8db45ff0e at syzkaller.appspotmail.com > > > Ok. Will do. > > > >> -??? } > >> +??? vtsk = vhost_task_create(vhost_worker, &dev->worker, name); > >> +??? if (!vtsk) > >> +??????? return -ENOMEM; > >> > >> -??? worker->vtsk = vtsk; > >> +??? dev->worker.kcov_handle = kcov_common_handle(); > >> +??? dev->worker.vtsk = vtsk; > > &gt...

...orker->kcov_handle = kcov_common_handle(); >- init_llist_head(&worker->work_list); >+ dev->worker.kcov_handle = kcov_common_handle(); >+ init_llist_head(&dev->worker.work_list); > snprintf(name, sizeof(name), "vhost-%d", current->pid); > >- vtsk = vhost_task_create(vhost_worker, worker, name); >+ vtsk = vhost_task_create(vhost_worker, &dev->worker, name); > if (!vtsk) { > ret = -ENOMEM; > goto free_worker; > } > >- worker->vtsk = vtsk; >+ WRITE_ONCE(dev->worker.vtsk, vtsk); > vhost_task_start(vtsk); > return...

...ter this thread gets SIGKILL ? > > When we get a SIGKILL, the thread that owns the device/vhost_task will > also exit since it's the same thread group and it does: > > do_exit -> exit_files -> put_files_struct -> close_files -> fput Ah. thanks. I confused CLONE_FS in vhost_task_create() with CLONE_FILES. > > Also. Suppose that vhost_worker() dequeues SIGKILL and clears TIF_SIGPENDING. > > > > SIGSTOP, PTRACE_INTERRUPT, freezer can come and set TIF_SIGPENDING again. > > In this case the main for (;;) loop will spin without sleeping until > > vhost_t...

On Fri, May 5, 2023 at 6:40?AM Nicolas Dichtel <nicolas.dichtel at 6wind.com> wrote: > > Is this an intended behavior? > This breaks some of our scripts. It doesn't just break your scripts (which counts as a regression), I think it's really wrong. The worker threads should show up as threads of the thing that started them, not as processes. So they should show up in

...AND) && + !args->user_worker && !args->ignore_signals) return ERR_PTR(-EINVAL); /* diff --git a/kernel/vhost_task.c b/kernel/vhost_task.c index b7cbd66f889e..3700c21ea39d 100644 --- a/kernel/vhost_task.c +++ b/kernel/vhost_task.c @@ -75,7 +78,8 @@ struct vhost_task *vhost_task_create(int (*fn)(void *), void *arg, const char *name) { struct kernel_clone_args args = { - .flags = CLONE_FS | CLONE_UNTRACED | CLONE_VM, + .flags = CLONE_FS | CLONE_THREAD | CLONE_VM | + CLONE_UNTRACED, .exit_signal = 0, .fn = vhost_task_fn, .name = name,

The following patches made over Linus's tree fix the 2 bugs: 1. vhost worker task shows up as a process forked from the parent that did VHOST_SET_OWNER ioctl instead of a process under root/kthreadd. This was causing breaking scripts. 2. vhost_tasks didn't disable or add support for freeze requests. The following patches fix these issues by making the vhost_task task a thread under the