[Devel] [PATCH rh7] ve/net: hide handler for netlink NETLINK_REPAIR command unless CRIU restore

Mon May 7 19:20:58 MSK 2018

The following patch to be applied to old kernels using ReadyKernel.
It makes updated "ip" working even if a Node was not rebooted.

Idea of the patch is taken from:
08dc16449a39 ("net: Change number of netlink repair")

   Mainstream has NETLINK_EXT_ACK 11, which is used by fresh
   iproute utils. We don't want these utils switch the socket
   in repair mode.

   https://jira.sw.ru/browse/PSBM-83415

   Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>

Distributives (for example Ubuntu 18.04, RHEL7) include now those
"fresh" version of "ip" utility which hangs on unpatched kernel.

Idea of the patch: we handle netlink command number 11
(NETLINK_REPAIR in VZ kernel / NETLINK_EXT_ACK in mainstream)
only in case we detect CRIU restore stage, otherwise we claim
kernel does not support it and "ip" is happy with that.

https://jira.sw.ru/browse/PSBM-84191

Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
---
 include/uapi/linux/netlink.h | 3 +++
 net/netlink/af_netlink.c     | 8 ++++++++
 2 files changed, 11 insertions(+)

diff --git a/include/uapi/linux/netlink.h b/include/uapi/linux/netlink.h
index 56ddadf14e0e..a5e6e5c4c238 100644
--- a/include/uapi/linux/netlink.h
+++ b/include/uapi/linux/netlink.h
@@ -111,7 +111,10 @@ struct nlmsgerr {
 #define NETLINK_LISTEN_ALL_NSID		8
 #define NETLINK_LIST_MEMBERSHIPS	9
 #define NETLINK_CAP_ACK			10
+
+/* intersects with mainstream NETLINK_EXT_ACK */
 #define NETLINK_REPAIR			11
+#define NETLINK_REPAIR2			127
 
 struct nl_pktinfo {
 	__u32	group;
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index d5afa0322990..5560a2736ba4 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -2196,6 +2196,14 @@ static int netlink_setsockopt(struct socket *sock, int level, int optname,
 
 	switch (optname) {
 	case NETLINK_REPAIR:
+		/* Hide the command handler unless "criu" process
+		 * resumes a Container
+		 */
+		if (likely(!get_exec_env()->is_pseudosuper ||
+			   strcmp(current->comm, "criu")))
+			return -ENOPROTOOPT;
+		/* fall through */
+	case NETLINK_REPAIR2:
 		if (val)
 			nlk->flags |= NETLINK_F_REPAIR;
 		else
-- 
2.15.1

