Page MenuHomeFreeBSD
Differential D31225

vmm: Destroy associated VM objects when a jail is destroyed
AcceptedPublic
Actions

Authored by cyril_freebsdfoundation.org on Jul 19 2021, 11:24 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Oct 12, 11:25 AM
Unknown Object (File)
Oct 4 2024, 11:49 AM
Unknown Object (File)
Oct 4 2024, 12:46 AM
Unknown Object (File)
Oct 2 2024, 7:51 AM
Unknown Object (File)
Oct 1 2024, 6:36 PM
Unknown Object (File)
Oct 1 2024, 3:18 PM
Unknown Object (File)
Sep 30 2024, 5:21 PM
Unknown Object (File)
Sep 30 2024, 3:12 AM
View All 64 Files
Subscribers
bcran
emaste
guest-patmaddox
imp
rgrimes

Details

Reviewers
markj
jamie
Group Reviewers
bhyve
Summary

...and also when vmm is disabled for a jail.

This revision builds off https://reviews.freebsd.org/D31156.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

cyril_freebsdfoundation.org created this revision.Jul 19 2021, 11:24 PM
Herald added a reviewer: bhyve. · View Herald TranscriptJul 19 2021, 11:24 PM
Herald added subscribers: bcran, rgrimes. · View Herald Transcript
cyril_freebsdfoundation.org requested review of this revision.Jul 19 2021, 11:24 PM
cyril_freebsdfoundation.org added a parent revision: D31156: vmm: Add credential to cdev object.
markj added a reviewer: jamie.Jul 21 2021, 2:45 PM
markj added inline comments.
sys/amd64/vmm/vmm_dev.c
1007

I would suggest asserting that vmmdev_mtx is held here.

1047

Pedantically, buflen should be a size_t.

1167

This is safe because vmmdev_destroy(), which frees sc, is called asynchronously. If that were not the case, and vmm_destroy() freed sc directly, then this would be a use-after-free, since after vmm_destroy() returns we would continue traversal by following sc->link.

I would suggest coding this a bit more defensively by using SLIST_FOREACH_SAFE to avoid referencing sc after vmm_destroy() returns, in case the implementation of vmm_destroy() changes at some point.

1195

You could get rid of vmm_disabled and just write

if (vfs_flagopt(opts, "allow.novmm", NULL, 0))
    vmmdev_prison_cleanup(pr);
tests/sys/vmm/vmm_remove_jail.sh
80

I tend to think that this file should be merged with the other test file you added in D31156, renaming it to plain vmm_jail.sh or so.

cyril_freebsdfoundation.org updated this revision to Diff 92601.Jul 21 2021, 7:12 PM

Fixed minor issues and merged test case files.

cyril_freebsdfoundation.org added a child revision: D31325: vmm: Add new device file that handles creation/destruction of VMs.Jul 27 2021, 7:01 PM
emaste added a subscriber: emaste.Jul 27 2021, 8:54 PM
jamie accepted this revision.Jul 27 2021, 11:10 PM

I'm not thrilled at the redundant call to vfs_flagopt(), which shouldn't be necessary because kern_jail_set has already looked for allow.novmm and set the permission bit accordingly. But by the time vmmdev_prison_set() is called, the old value of the permission bit is forgotten. So you're left with

  • Check the parameter directly (the current approach)
  • Check the permission bit, and call vmmdev_prison_cleanup() if it's not set (even it was already clear before and thus will have nothing to clear)
  • Going through all the effort of keeping your own state just for that one bit

Since all this happens only when jail_set(2) is called, which is hardly ever, there's no performance issue, and I guess it just comes down to what makes the code more readable (definitely not the third choice).

Just thinking out loud - I imagine you've already considered the options yourself and settled on what looked best.

This revision is now accepted and ready to land.Jul 27 2021, 11:10 PM
markj accepted this revision as: markj.Aug 18 2021, 6:33 PM
guest-patmaddox added a subscriber: guest-patmaddox.Dec 13 2023, 9:46 PM
Herald added a subscriber: imp. · View Herald TranscriptDec 13 2023, 9:46 PM

Revision Contents
Changeset List

PathSize
sys/
amd64/
vmm/
107 lines
tests/
sys/
vmm/
3 lines
81 lines

Diff 92448

View Options

sys/amd64/vmm/vmm_dev.c

Loading...
View Options

tests/sys/vmm/Makefile

Loading...
View Options

tests/sys/vmm/vmm_remove_jail.sh

Loading...