Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp4510867pxv; Tue, 29 Jun 2021 08:39:34 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxSxv/J1UUV5HyJDF5idv52L6PDjISvdYVuBLxZeFupzVLP0kBunDZeUq8PPuQPjQjpyvmT X-Received: by 2002:a5d:8994:: with SMTP id m20mr4170459iol.117.1624981174610; Tue, 29 Jun 2021 08:39:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1624981174; cv=none; d=google.com; s=arc-20160816; b=Zs/DGTJ7ZkShCRDGCXvQyQMa6sn4B9Ya1bfCNE4anpcicevRDu4zvGpCqzjZ6Lxik8 O2KxI7t/094qAUPKQ2p7nMx/k657SFGhWJ5r7WE3APAMZTu4v6GZBQLUnSWWDAtMT5rX srvDhZ9N5gG44qPW2slO2JXhq+IvrJBNSdPQeu5uBcV0g4+Kg5Zz9jl3/imFJjTyuUGU Tc0mJYDYbSdGHZfERXoslBYmYWqcHnAi+qg5QZjVXlMsYcGp4B8lIdm7h6lkVUlYlq7n EusXzmRrRwM1OlmXeNEZcHiNfy/p+pG0FaxGEVDlC34Kg5B7zBHuOqglNinSrCcCSu4I xgvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=zzRRE6lkgzGPblVNwP8Y9YVbjWvUJsRlbmJLJr6Vmn4=; b=YZE58DVGNBmASq7kv8VDNL8zQOWDavBXeOFKC/BNHvxGL/AH9rX1m9F1vzfBY+MCan 0rGp/xKa3bhR9i/jZJWwJDb6DF0bsAT4AaeSDXX5Sdua3U+kWWB+PhUAwtRBMigNsCYk eebbsSv1lOtpUMhtdUtGiSUT1UQTBdaSRGdc3Q7Fwvb/bmEaECQqOF9sAoHFLH+aZXDl XvC5/Mt/j59aVyUJGy9HSseCkMkpU4K55lMoBqqgFA73yUFvwQBQhVdrBFNVXX4+TMDg B1xp6Kr0IcTpOzl3N0vPUO4DVLZvrnowR4Wgo9DT46NBxHR5C25JcT/74CODvEK2UTLf vKTQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id p15si1483248ilo.140.2021.06.29.08.39.17; Tue, 29 Jun 2021 08:39:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233011AbhF2NHY (ORCPT + 99 others); Tue, 29 Jun 2021 09:07:24 -0400 Received: from mail.kernel.org ([198.145.29.99]:48840 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233593AbhF2NHX (ORCPT ); Tue, 29 Jun 2021 09:07:23 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 646F061CFA; Tue, 29 Jun 2021 13:04:53 +0000 (UTC) Date: Tue, 29 Jun 2021 15:04:50 +0200 From: Christian Brauner To: Mike Christie Cc: linux-kernel@vger.kernel.org, virtualization@lists.linux-foundation.org, mst@redhat.com, sgarzare@redhat.com, jasowang@redhat.com, stefanha@redhat.com, christian@brauner.io, akpm@linux-foundation.org, peterz@infradead.org Subject: Re: [PATCH 2/3] kernel/fork, cred.c: allow copy_process to take user Message-ID: <20210629130450.tvrweqy7z2hlwsbh@wittgenstein> References: <20210624030804.4932-1-michael.christie@oracle.com> <20210624030804.4932-3-michael.christie@oracle.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20210624030804.4932-3-michael.christie@oracle.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jun 23, 2021 at 10:08:03PM -0500, Mike Christie wrote: > This allows kthread to pass copy_process the user we want to check for the > RLIMIT_NPROC limit for and also charge for the new process. It will be used > by vhost where userspace has that driver create threads but the kthreadd > thread is checked/charged. > > Signed-off-by: Mike Christie > --- > include/linux/cred.h | 3 ++- > kernel/cred.c | 7 ++++--- > kernel/fork.c | 12 +++++++----- > 3 files changed, 13 insertions(+), 9 deletions(-) > > diff --git a/include/linux/cred.h b/include/linux/cred.h > index 14971322e1a0..9a2c1398cdd4 100644 > --- a/include/linux/cred.h > +++ b/include/linux/cred.h > @@ -153,7 +153,8 @@ struct cred { > > extern void __put_cred(struct cred *); > extern void exit_creds(struct task_struct *); > -extern int copy_creds(struct task_struct *, unsigned long); > +extern int copy_creds(struct task_struct *, unsigned long, > + struct user_struct *); > extern const struct cred *get_task_cred(struct task_struct *); > extern struct cred *cred_alloc_blank(void); > extern struct cred *prepare_creds(void); > diff --git a/kernel/cred.c b/kernel/cred.c > index e1d274cd741b..e006aafa8f05 100644 > --- a/kernel/cred.c > +++ b/kernel/cred.c > @@ -330,7 +330,8 @@ struct cred *prepare_exec_creds(void) > * The new process gets the current process's subjective credentials as its > * objective and subjective credentials > */ > -int copy_creds(struct task_struct *p, unsigned long clone_flags) > +int copy_creds(struct task_struct *p, unsigned long clone_flags, > + struct user_struct *user) > { > struct cred *new; > int ret; > @@ -351,7 +352,7 @@ int copy_creds(struct task_struct *p, unsigned long clone_flags) > kdebug("share_creds(%p{%d,%d})", > p->cred, atomic_read(&p->cred->usage), > read_cred_subscribers(p->cred)); > - atomic_inc(&p->cred->user->processes); > + atomic_inc(&user->processes); Hey Mike, This won't work anymore since this has moved into ucounts. So in v5.14 atomic_inc(&p->cred->user->processes); will have been replaced by inc_rlimit_ucounts(task_ucounts(p), UCOUNT_RLIMIT_NPROC, 1); From what I can see from your code vhost will always create this kthread for current. So you could e.g. add an internal flag/bitfield entry to struct kernel_clone_args that you can use to tell copy_creds() that you want to charge this thread against current's process limit. > return 0; > } > > @@ -384,7 +385,7 @@ int copy_creds(struct task_struct *p, unsigned long clone_flags) > } > #endif > > - atomic_inc(&new->user->processes); > + atomic_inc(&user->processes); > p->cred = p->real_cred = get_cred(new); > alter_cred_subscribers(new, 2); > validate_creds(new); > diff --git a/kernel/fork.c b/kernel/fork.c > index dc06afd725cb..6389aea6d3eb 100644 > --- a/kernel/fork.c > +++ b/kernel/fork.c > @@ -1860,6 +1860,7 @@ static __latent_entropy struct task_struct *copy_process( > struct file *pidfile = NULL; > u64 clone_flags = args->flags; > struct nsproxy *nsp = current->nsproxy; > + struct user_struct *user = args->user; > > /* > * Don't allow sharing the root directory with processes in a different > @@ -1976,16 +1977,17 @@ static __latent_entropy struct task_struct *copy_process( > #ifdef CONFIG_PROVE_LOCKING > DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled); > #endif > + if (!user) > + user = p->real_cred->user; > retval = -EAGAIN; > - if (atomic_read(&p->real_cred->user->processes) >= > - task_rlimit(p, RLIMIT_NPROC)) { > - if (p->real_cred->user != INIT_USER && > + if (atomic_read(&user->processes) >= task_rlimit(p, RLIMIT_NPROC)) { > + if (user != INIT_USER && > !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN)) > goto bad_fork_free; > } > current->flags &= ~PF_NPROC_EXCEEDED; > > - retval = copy_creds(p, clone_flags); > + retval = copy_creds(p, clone_flags, user); > if (retval < 0) > goto bad_fork_free; > > @@ -2385,7 +2387,7 @@ static __latent_entropy struct task_struct *copy_process( > #endif > delayacct_tsk_free(p); > bad_fork_cleanup_count: > - atomic_dec(&p->cred->user->processes); > + atomic_dec(&user->processes); > exit_creds(p); > bad_fork_free: > p->state = TASK_DEAD; > -- > 2.25.1