[Devel] [PATCH RHEL7 COMMIT] ve: zap ve_allow_kthreads

Tue Jun 30 07:22:07 PDT 2015

The commit is pushed to "branch-rh7-3.10.0-123.1.2-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-123.1.2.vz7.5.23
------>
commit b9f519bcef040037bbca8693bebacdba4f10b558
Author: Vladimir Davydov <vdavydov at parallels.com>
Date:   Tue Jun 30 18:22:07 2015 +0400

    ve: zap ve_allow_kthreads
    
    It seems to have been added in order to disable nfs inside ve, which, in
    turn, was needed because cpt did not support migration of containers
    with nfs. Not relevant nowadays.
    
    Signed-off-by: Vladimir Davydov <vdavydov at parallels.com>
---
 include/linux/ve.h | 2 --
 kernel/fork.c      | 9 ---------
 kernel/sysctl.c    | 7 -------
 kernel/ve/ve.c     | 2 --
 4 files changed, 20 deletions(-)

diff --git a/include/linux/ve.h b/include/linux/ve.h
index 6adeffa..5489cab 100644
--- a/include/linux/ve.h
+++ b/include/linux/ve.h
@@ -167,8 +167,6 @@ extern const void *ve_namespace(struct device *dev);
 
 extern struct kmapset_set ve_sysfs_perms;
 
-extern int ve_allow_kthreads;
-
 extern int vz_security_family_check(struct net *net, int family);
 extern int vz_security_protocol_check(struct net *net, int protocol);
 
diff --git a/kernel/fork.c b/kernel/fork.c
index 5e03c7d..77b9ce6 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1711,15 +1711,6 @@ long do_fork(unsigned long clone_flags,
  */
 pid_t kernel_thread(int (*fn)(void *), void *arg, unsigned long flags)
 {
-#ifdef CONFIG_VE
-	/* Don't allow kernel_thread() inside VE */
-	if (!ve_allow_kthreads && !ve_is_super(get_exec_env())) {
-		printk("kernel_thread call inside container\n");
-		dump_stack();
-		return -EPERM;
-	}
-#endif
-
 	return do_fork(flags|CLONE_VM|CLONE_UNTRACED, (unsigned long)fn,
 		(unsigned long)arg, NULL, NULL);
 }
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index db6c4e6..90a6443 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -826,13 +826,6 @@ static struct ctl_table kern_table[] = {
 	},
 #endif
 #ifdef CONFIG_VE
-	{
-		.procname	= "ve_allow_kthreads",
-		.data		= &ve_allow_kthreads,
-		.maxlen		= sizeof(int),
-		.mode		= 0644,
-		.proc_handler	= &proc_dointvec,
-	},
         {
 		.procname       = "ve_allow_module_load",
 		.data           = &ve_allow_module_load,
diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c
index 07c0652..191369c 100644
--- a/kernel/ve/ve.c
+++ b/kernel/ve/ve.c
@@ -56,8 +56,6 @@ struct module no_module = { .state = MODULE_STATE_GOING };
 EXPORT_SYMBOL(no_module);
 #endif
 
-int ve_allow_kthreads = 1;
-
 struct kmapset_set ve_sysfs_perms;
 
 static DEFINE_PER_CPU(struct kstat_lat_pcpu_snap_struct, ve0_lat_stats);

