[Devel] [vzlin-dev] [RH7 PATCH 1/2] port diff-ext4-in-containers-treat-panic_on_errors-as-remount-ro_on_errors

Konstantin Khorenko khorenko at virtuozzo.com
Tue Jun 9 04:45:21 PDT 2015 

Dima,

1) why do we need this patch now?

Currently we have devmnt->allowed_options options which are configured via userspace and currently vzctl provides empty list.
So how it's possible that error=panic option workarounds this check?

2) if the patch is still needed, then why 2 places are required:
   a) handle_mount_opt()
   b) ext4_fill_super() - can it be called without previously calling handle_mount_opt() ?



Original patch comment:

Author: Konstantin Khlebnikov
Email: khlebnikov at openvz.org
Subject: ext4: in containers treat errors=panic as
Date: Fri, 01 Mar 2013 17:08:48 +0400

Container can explode whole node if it remounts its ploop
with option 'errors=panic' and triggers abort after that.

Signed-off-by: Konstantin Khlebnikov <khlebnikov at openvz.org>
Acked-by: Maxim V. Patlasov <mpatlasov at parallels.com>

--
Best regards,

Konstantin Khorenko,
Virtuozzo Linux Kernel Team

On 06/07/2015 09:20 PM, Dmitry Monakhov wrote:
> 
> Signed-off-by: Dmitry Monakhov <dmonakhov at openvz.org>
> ---
>  fs/ext4/super.c |   14 +++++++++++---
>  1 files changed, 11 insertions(+), 3 deletions(-)
> 
> diff --git a/fs/ext4/super.c b/fs/ext4/super.c
> index cbcc684..1ce2932 100644
> --- a/fs/ext4/super.c
> +++ b/fs/ext4/super.c
> @@ -1366,6 +1366,7 @@ static int clear_qf_name(struct super_block *sb, int qtype)
>  #define MOPT_NO_EXT2	0x0100
>  #define MOPT_NO_EXT3	0x0200
>  #define MOPT_EXT4_ONLY	(MOPT_NO_EXT2 | MOPT_NO_EXT3)
> +#define MOPT_WANT_SYS_ADMIN	0x0400
>  
>  static const struct mount_opts {
>  	int	token;
> @@ -1394,7 +1395,7 @@ static const struct mount_opts {
>  				    EXT4_MOUNT_JOURNAL_CHECKSUM),
>  	 MOPT_EXT4_ONLY | MOPT_SET},
>  	{Opt_noload, EXT4_MOUNT_NOLOAD, MOPT_NO_EXT2 | MOPT_SET},
> -	{Opt_err_panic, EXT4_MOUNT_ERRORS_PANIC, MOPT_SET | MOPT_CLEAR_ERR},
> +	{Opt_err_panic, EXT4_MOUNT_ERRORS_PANIC, MOPT_SET | MOPT_CLEAR_ERR|MOPT_WANT_SYS_ADMIN},
>  	{Opt_err_ro, EXT4_MOUNT_ERRORS_RO, MOPT_SET | MOPT_CLEAR_ERR},
>  	{Opt_err_cont, EXT4_MOUNT_ERRORS_CONT, MOPT_SET | MOPT_CLEAR_ERR},
>  	{Opt_data_err_abort, EXT4_MOUNT_DATA_ERR_ABORT,
> @@ -1535,6 +1536,9 @@ static int handle_mount_opt(struct super_block *sb, char *opt, int token,
>  		set_opt2(sb, EXPLICIT_DELALLOC);
>  	if (m->flags & MOPT_CLEAR_ERR)
>  		clear_opt(sb, ERRORS_MASK);
> +	if (m->flags & MOPT_WANT_SYS_ADMIN && !capable(CAP_SYS_ADMIN))
> +		return 1;
> +
>  	if (token == Opt_noquota && sb_any_quota_loaded(sb)) {
>  		ext4_msg(sb, KERN_ERR, "Cannot change quota "
>  			 "options when quota turned on");
> @@ -3575,8 +3579,12 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
>  	else if ((def_mount_opts & EXT4_DEFM_JMODE) == EXT4_DEFM_JMODE_WBACK)
>  		set_opt(sb, WRITEBACK_DATA);
>  
> -	if (le16_to_cpu(sbi->s_es->s_errors) == EXT4_ERRORS_PANIC)
> -		set_opt(sb, ERRORS_PANIC);
> +	if (le16_to_cpu(sbi->s_es->s_errors) == EXT4_ERRORS_PANIC) {
> +		if (capable(CAP_SYS_ADMIN))
> +			set_opt(sb, ERRORS_PANIC);
> +		else
> +			set_opt(sb, ERRORS_RO);
> +	}
>  	else if (le16_to_cpu(sbi->s_es->s_errors) == EXT4_ERRORS_CONTINUE)
>  		set_opt(sb, ERRORS_CONT);
>  	else
>

More information about the Devel mailing list