[Devel] [PATCH RHEL7 COMMIT] ve: Implement current_user_ns_initial() helper

Konstantin Khorenko khorenko at virtuozzo.com
Wed Oct 7 03:47:01 PDT 2015


The commit is pushed to "branch-rh7-3.10.0-229.7.2.vz7.8.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-229.7.2.vz7.8.3
------>
commit ad166c6dbc2b669ad1fe11e30316c05daf134d0c
Author: Kirill Tkhai <ktkhai at odin.com>
Date:   Wed Oct 7 14:47:00 2015 +0400

    ve: Implement current_user_ns_initial() helper
    
    Add a helper which checks if current user_ns is
    the same as ve init_cred's. Will be used in next
    patch.
    
    Signed-off-by: Kirill Tkhai <ktkhai at odin.com>
    Acked-by: Vladimir Davydov <vdavydov at virtuozzo.com>
---
 include/linux/ve.h |  6 ++++++
 kernel/ve/ve.c     | 16 ++++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/include/linux/ve.h b/include/linux/ve.h
index 10c150a..86b95c3 100644
--- a/include/linux/ve.h
+++ b/include/linux/ve.h
@@ -214,6 +214,8 @@ void ve_stop_ns(struct pid_namespace *ns);
 void ve_exit_ns(struct pid_namespace *ns);
 int ve_start_container(struct ve_struct *ve);
 
+extern bool current_user_ns_initial(void);
+
 #ifdef CONFIG_TTY
 extern struct tty_driver *vtty_driver(dev_t dev, int *index);
 extern struct tty_driver *vtty_console_driver(int *index);
@@ -236,6 +238,10 @@ static inline int vz_security_protocol_check(struct net *net, int protocol) { re
 static inline void ve_stop_ns(struct pid_namespace *ns) { }
 static inline void ve_exit_ns(struct pid_namespace *ns) { }
 
+static inline bool current_user_ns_initial(void)
+{
+	return current_user_ns() == init_cred.user_ns;
+}
 #define kthread_create_on_node_ve(ve, threadfn, data, node, namefmt...)	\
 	kthread_create_on_node_ve(threadfn, data, node, namefmt...)
 
diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c
index aff3b03..12cfa33 100644
--- a/kernel/ve/ve.c
+++ b/kernel/ve/ve.c
@@ -238,6 +238,21 @@ int vz_security_protocol_check(struct net *net, int protocol)
 }
 EXPORT_SYMBOL_GPL(vz_security_protocol_check);
 
+/* Check if current user_ns is initial for current ve */
+bool current_user_ns_initial(void)
+{
+	struct ve_struct *ve = get_exec_env();
+	bool ret = false;
+
+	rcu_read_lock();
+	if (ve->ve_ns && ve->init_cred->user_ns == current_user_ns())
+		ret = true;
+	rcu_read_unlock();
+
+	return ret;
+}
+EXPORT_SYMBOL(current_user_ns_initial);
+
 int nr_threads_ve(struct ve_struct *ve)
 {
 	return cgroup_task_count(ve->css.cgroup);
@@ -408,6 +423,7 @@ static void ve_drop_context(struct ve_struct *ve)
 	put_net(ve->ve_netns);
 	ve->ve_netns = NULL;
 
+	/* Allows to dereference init_cred if ve_ns is set */
 	rcu_assign_pointer(ve->ve_ns, NULL);
 	synchronize_rcu();
 	put_nsproxy(ve_ns);



More information about the Devel mailing list