On Tue, Oct 10, 2023, Al Viro wrote: > On Mon, Oct 09, 2023 at 02:26:36PM -0700, Sean Christopherson wrote: > > On Mon, Oct 09, 2023, Al Viro wrote: > > > On Mon, Oct 09, 2023 at 01:20:06PM -0700, Sean Christopherson wrote: > > > > On Mon, Oct 09, 2023, Al Viro wrote: > > > > > On Mon, Oct 09, 2023 at 07:32:48AM -0700, Sean Christopherson wrote: > > > > > > > > > > > Yeah, we found that out the hard way. Is using the "secure" variant to get a > > > > > > per-file inode a sane approach, or is that abuse that's going to bite us too? > > > > > > > > > > > > /* > > > > > > * Use the so called "secure" variant, which creates a unique inode > > > > > > * instead of reusing a single inode. Each guest_memfd instance needs > > > > > > * its own inode to track the size, flags, etc. > > > > > > */ > > > > > > file = anon_inode_getfile_secure(anon_name, &kvm_gmem_fops, gmem, > > > > > > O_RDWR, NULL); > > > > > > > > > > Umm... Is there any chance that your call site will ever be in a module? > > > > > If not, you are probably OK with that variant. > > > > > > > > Yes, this code can be compiled as a module. I assume there issues with the inode > > > > outliving the module? > > > > > > The entire file, actually... If you are using that mechanism in a module, you > > > need to initialize kvm_gmem_fops.owner to THIS_MODULE; AFAICS, you don't have > > > that done. > > > > Ah, that's handled indirectly handled by a chain of refcounted objects. Every > > VM that KVM creates gets a reference to the module, and each guest_memfd instance > > gets a reference to its owning VM. > > Umm... what's the usual call chain leading to final drop of refcount of that > module? If the last reference is effectively held by guest_memfd, it would be: kvm_gmem_release(), a.k.a. file_operations.release() | -> kvm_put_kvm() | -> kvm_destroy_vm() | -> module_put(kvm_chardev_ops.owner);