[Devel] [vzlin-dev] [RH7 PATCH 1/2] port diff-ext4-in-containers-treat-panic_on_errors-as-remount-ro_on_errors

Wed Jun 10 02:36:24 PDT 2015

Konstantin Khorenko <khorenko at virtuozzo.com> writes:

> Dima,
>
> 1) why do we need this patch now?
AFAIU primary usage for this pathes is second ploop. Am I right?
>
> Currently we have devmnt->allowed_options options which are configured via userspace and currently vzctl provides empty list.
> So how it's possible that error=panic option workarounds this check?
Ok. If this is true. This patch is noop for (a) case. but we steel need
it for (b) 
> 2) if the patch is still needed, then why 2 places are required:
>    a) handle_mount_opt()
>    b) ext4_fill_super() - can it be called without previously calling handle_mount_opt() ?
      Second one reads options directly from disk. User can modifiy it
      via tune2fs $DEV (dev should be accessiable for write inside CT)
>
>
>
> Original patch comment:
>
> Author: Konstantin Khlebnikov
> Email: khlebnikov at openvz.org
> Subject: ext4: in containers treat errors=panic as
> Date: Fri, 01 Mar 2013 17:08:48 +0400
>
> Container can explode whole node if it remounts its ploop
> with option 'errors=panic' and triggers abort after that.
>
> Signed-off-by: Konstantin Khlebnikov <khlebnikov at openvz.org>
> Acked-by: Maxim V. Patlasov <mpatlasov at parallels.com>
>
> --
> Best regards,
>
> Konstantin Khorenko,
> Virtuozzo Linux Kernel Team
>
> On 06/07/2015 09:20 PM, Dmitry Monakhov wrote:
>> 
>> Signed-off-by: Dmitry Monakhov <dmonakhov at openvz.org>
>> ---
>>  fs/ext4/super.c |   14 +++++++++++---
>>  1 files changed, 11 insertions(+), 3 deletions(-)
>> 
>> diff --git a/fs/ext4/super.c b/fs/ext4/super.c
>> index cbcc684..1ce2932 100644
>> --- a/fs/ext4/super.c
>> +++ b/fs/ext4/super.c
>> @@ -1366,6 +1366,7 @@ static int clear_qf_name(struct super_block *sb, int qtype)
>>  #define MOPT_NO_EXT2	0x0100
>>  #define MOPT_NO_EXT3	0x0200
>>  #define MOPT_EXT4_ONLY	(MOPT_NO_EXT2 | MOPT_NO_EXT3)
>> +#define MOPT_WANT_SYS_ADMIN	0x0400
>>  
>>  static const struct mount_opts {
>>  	int	token;
>> @@ -1394,7 +1395,7 @@ static const struct mount_opts {
>>  				    EXT4_MOUNT_JOURNAL_CHECKSUM),
>>  	 MOPT_EXT4_ONLY | MOPT_SET},
>>  	{Opt_noload, EXT4_MOUNT_NOLOAD, MOPT_NO_EXT2 | MOPT_SET},
>> -	{Opt_err_panic, EXT4_MOUNT_ERRORS_PANIC, MOPT_SET | MOPT_CLEAR_ERR},
>> +	{Opt_err_panic, EXT4_MOUNT_ERRORS_PANIC, MOPT_SET | MOPT_CLEAR_ERR|MOPT_WANT_SYS_ADMIN},
>>  	{Opt_err_ro, EXT4_MOUNT_ERRORS_RO, MOPT_SET | MOPT_CLEAR_ERR},
>>  	{Opt_err_cont, EXT4_MOUNT_ERRORS_CONT, MOPT_SET | MOPT_CLEAR_ERR},
>>  	{Opt_data_err_abort, EXT4_MOUNT_DATA_ERR_ABORT,
>> @@ -1535,6 +1536,9 @@ static int handle_mount_opt(struct super_block *sb, char *opt, int token,
>>  		set_opt2(sb, EXPLICIT_DELALLOC);
>>  	if (m->flags & MOPT_CLEAR_ERR)
>>  		clear_opt(sb, ERRORS_MASK);
>> +	if (m->flags & MOPT_WANT_SYS_ADMIN && !capable(CAP_SYS_ADMIN))
>> +		return 1;
>> +
>>  	if (token == Opt_noquota && sb_any_quota_loaded(sb)) {
>>  		ext4_msg(sb, KERN_ERR, "Cannot change quota "
>>  			 "options when quota turned on");
>> @@ -3575,8 +3579,12 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
>>  	else if ((def_mount_opts & EXT4_DEFM_JMODE) == EXT4_DEFM_JMODE_WBACK)
>>  		set_opt(sb, WRITEBACK_DATA);
>>  
>> -	if (le16_to_cpu(sbi->s_es->s_errors) == EXT4_ERRORS_PANIC)
>> -		set_opt(sb, ERRORS_PANIC);
>> +	if (le16_to_cpu(sbi->s_es->s_errors) == EXT4_ERRORS_PANIC) {
>> +		if (capable(CAP_SYS_ADMIN))
>> +			set_opt(sb, ERRORS_PANIC);
>> +		else
>> +			set_opt(sb, ERRORS_RO);
>> +	}
>>  	else if (le16_to_cpu(sbi->s_es->s_errors) == EXT4_ERRORS_CONTINUE)
>>  		set_opt(sb, ERRORS_CONT);
>>  	else
>> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 472 bytes
Desc: not available
URL: <http://lists.openvz.org/pipermail/devel/attachments/20150610/da33b786/attachment-0001.sig>