[Devel] [PATCH RHEL7 COMMIT] copy address of proc_ns_ops into ns_common
Konstantin Khorenko
khorenko at virtuozzo.com
Thu Jun 11 19:20:05 MSK 2020
The commit is pushed to "branch-rh7-3.10.0-1127.10.1.vz7.162.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1127.10.1.vz7.162.2
------>
commit 4165a5e7ebf9b6243ffb62f2a448aec2cb67f751
Author: Al Viro <viro at zeniv.linux.org.uk>
Date: Thu Jun 11 19:20:04 2020 +0300
copy address of proc_ns_ops into ns_common
Signed-off-by: Al Viro <viro at zeniv.linux.org.uk>
(cherry picked from VZ8 commit 33c429405a2c8d9e42afb9fee88a63cfb2de1e98)
https://jira.sw.ru/browse/PSBM-102357
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
=====================
Patchset description:
port nsfs from vz8
We have problems with /proc/pid/ns/name bind-mounts in CRIU
1) Currently (without nsfs) such a bind mount have same superblock with
/proc mount, but in case of nested pid-namespaces container can have
multiple different /proc mounts and for ns-bind-mount we need to bind it
from the right pidns. So we will need to enter proper pid-namespace to
reopen ns-file fd from proper proc, it looks too complex.
If we port nsfs ns-bind-mounts will be all on the same superblock which
does not depend from procfs's we opened the ns-file on.
2) Bigger problem will come then we will wan't to migrate ns-bind-mounts
from non-nsfs to nsfs (vz8) kernel this would bring a lot of crutches,
we will need to workaround the fact that before migration mounts were
with same superblock and after migration they can't be.
To overcome those we can port nsfs to vz7 and do ns-bind-mount support in
a new world of nsfs, looks like it would be easier.
First we need to revert all patches which depend from nsfs:
8782a0069f1b proc: add a proc_show_path method to fix mountinfo
b823f8df2fcb ms/tun: Add ioctl() TUNGETDEVNETNS cmd to allow obtaining real net ns of tun device
302889fa2e3d ms/net: add an ioctl to get a socket network namespace
7cb9e7ae7041 ms/tun: Add ioctl() SIOCGSKNS cmd to allow obtaining net ns of tun device
ac08c64138ac nsfs: add ioctl to get a parent namespace
a8e0dd94d5cd nsfs: add ioctl to get an owning user namespace for ns file descriptor
93dca538d184 kernel: add a helper to get an owning user namespace for a namespace
edaecdb8adac ms/pidns: expose task pid_ns_for_children to userspace
2b151c3f8909 ms/ns: allow ns_entries to have custom symlink content
Cherry-pick nsfs from VZ8:
435d5f4bb2cc common object embedded into various struct ....ns
58be28256d98 make mntns ->get()/->put()/->install()/->inum() work with &mnt_ns->ns
ff24870f46d5 netns: switch ->get()/->put()/->install()/->inum() to working with &net->ns
3c0411846118 switch the rest of proc_ns_operations to working with &...->ns
64964528b24e make proc_ns_operations work with struct ns_common * instead of void *
6344c433a452 new helpers: ns_alloc_inum/ns_free_inum
33c429405a2c copy address of proc_ns_ops into ns_common
f77c80142e1a bury struct proc_ns in fs/proc
292662014509 dcache.c: call ->d_prune() regardless of d_unhashed()
e149ed2b805f take the targets of /proc/*/ns/* symlinks to separate fs
Cherry-pick part of reverted patches back from VZ8:
bcac25a58bfc kernel: add a helper to get an owning user namespace for a namespace
6786741dbf99 nsfs: add ioctl to get an owning user namespace for ns file descriptor
a7306ed8d94a nsfs: add ioctl to get a parent namespace
c62cce2caee5 net: add an ioctl to get a socket network namespace
25b14e92af1a ns: allow ns_entries to have custom symlink content
eaa0d190bfe1 pidns: expose task pid_ns_for_children to userspace
Cherry-pick reverted patches back from MS (we also need them to vz8):
75509fd88fbd nsfs: Add a show_path method to fix mountinfo
24dce0800baa net: Export open_related_ns()
d8d211a2a0c3 net: Make extern and export get_net_ns()
f2780d6d7475 tun: Add ioctl() SIOCGSKNS cmd to allow obtaining net ns of tun device
0c3e0e3bb623 tun: Add ioctl() TUNGETDEVNETNS cmd to allow obtaining real net ns of tun device
073c516ff735 nsfs: mark dentry with DCACHE_RCUACCESS
On this kernel I've runed zdtm, so the change should not break interfaces.
https://jira.sw.ru/browse/PSBM-102357
Al Viro (10):
ms: common object embedded into various struct ....ns
make mntns ->get()/->put()/->install()/->inum() work with &mnt_ns->ns
netns: switch ->get()/->put()/->install()/->inum() to working with
&net->ns
switch the rest of proc_ns_operations to working with &...->ns
make proc_ns_operations work with struct ns_common * instead of void *
new helpers: ns_alloc_inum/ns_free_inum
copy address of proc_ns_ops into ns_common
bury struct proc_ns in fs/proc
dcache.c: call ->d_prune() regardless of d_unhashed()
take the targets of /proc/*/ns/* symlinks to separate fs
Andrey Vagin (4):
kernel: add a helper to get an owning user namespace for a namespace
nsfs: add ioctl to get an owning user namespace for ns file descriptor
nsfs: add ioctl to get a parent namespace
net: add an ioctl to get a socket network namespace
Cong Wang (1):
nsfs: mark dentry with DCACHE_RCUACCESS
Eric W. Biederman (1):
nsfs: Add a show_path method to fix mountinfo
Kirill Tkhai (6):
ns: allow ns_entries to have custom symlink content
pidns: expose task pid_ns_for_children to userspace
net: Export open_related_ns()
net: Make extern and export get_net_ns()
tun: Add ioctl() SIOCGSKNS cmd to allow obtaining net ns of tun device
tun: Add ioctl() TUNGETDEVNETNS cmd to allow obtaining real net ns of
tun device
Pavel Tikhomirov (10):
Revert "proc: add a proc_show_path method to fix mountinfo"
Revert "ms/tun: Add ioctl() TUNGETDEVNETNS cmd to allow obtaining real
net ns of tun device"
Revert "ms/net: add an ioctl to get a socket network namespace"
Revert "ms/tun: Add ioctl() SIOCGSKNS cmd to allow obtaining net ns of
tun device"
Revert "nsfs: add ioctl to get a parent namespace"
Revert "nsfs: add ioctl to get an owning user namespace for ns file
descriptor"
Revert "kernel: add a helper to get an owning user namespace for a
namespace"
Revert "ms/pidns: expose task pid_ns_for_children to userspace"
Revert "ms/ns: allow ns_entries to have custom symlink content"
userns: move EXPORT_SYMBOL closer to current_in_userns
---
fs/namespace.c | 1 +
fs/proc/inode.c | 6 ++----
include/linux/ns_common.h | 3 +++
init/version.c | 3 +++
ipc/msgutil.c | 3 +++
ipc/namespace.c | 1 +
kernel/nsproxy.c | 8 ++++----
kernel/pid.c | 3 +++
kernel/pid_namespace.c | 1 +
kernel/user.c | 3 +++
kernel/user_namespace.c | 1 +
kernel/utsname.c | 2 ++
net/core/net_namespace.c | 9 +++++++--
13 files changed, 34 insertions(+), 10 deletions(-)
diff --git a/fs/namespace.c b/fs/namespace.c
index 6a6d9ccf3bde8..7cbc7c13a58e4 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -3291,6 +3291,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
dec_mnt_namespaces(ucounts);
return ERR_PTR(ret);
}
+ new_ns->ns.ops = &mntns_operations;
new_ns->seq = atomic64_add_return(1, &mnt_ns_seq);
atomic_set(&new_ns->count, 1);
new_ns->root = NULL;
diff --git a/fs/proc/inode.c b/fs/proc/inode.c
index 8b0445574fe78..8918cf3060a88 100644
--- a/fs/proc/inode.c
+++ b/fs/proc/inode.c
@@ -32,7 +32,6 @@ static void proc_evict_inode(struct inode *inode)
{
struct proc_dir_entry *de;
struct ctl_table_header *head;
- const struct proc_ns_operations *ns_ops;
struct ns_common *ns;
truncate_inode_pages_final(&inode->i_data);
@@ -52,10 +51,9 @@ static void proc_evict_inode(struct inode *inode)
proc_sys_evict_inode(inode, head);
}
/* Release any associated namespace */
- ns_ops = PROC_I(inode)->ns.ns_ops;
ns = PROC_I(inode)->ns.ns;
- if (ns_ops && ns)
- ns_ops->put(ns);
+ if (ns && ns->ops)
+ ns->ops->put(ns);
}
static struct kmem_cache * proc_inode_cachep;
diff --git a/include/linux/ns_common.h b/include/linux/ns_common.h
index e7db1cd540474..ce23cf4bbe690 100644
--- a/include/linux/ns_common.h
+++ b/include/linux/ns_common.h
@@ -1,7 +1,10 @@
#ifndef _LINUX_NS_COMMON_H
#define _LINUX_NS_COMMON_H
+struct proc_ns_operations;
+
struct ns_common {
+ const struct proc_ns_operations *ops;
unsigned int inum;
};
diff --git a/init/version.c b/init/version.c
index 200bf28894e66..a63d3300705f0 100644
--- a/init/version.c
+++ b/init/version.c
@@ -37,6 +37,9 @@ struct uts_namespace init_uts_ns = {
},
.user_ns = &init_user_ns,
.ns.inum = PROC_UTS_INIT_INO,
+#ifdef CONFIG_UTS_NS
+ .ns.ops = &utsns_operations,
+#endif
};
EXPORT_SYMBOL_GPL(init_uts_ns);
diff --git a/ipc/msgutil.c b/ipc/msgutil.c
index ac4d7fba7e41d..ba6cc040a5cef 100644
--- a/ipc/msgutil.c
+++ b/ipc/msgutil.c
@@ -32,6 +32,9 @@ struct ipc_namespace init_ipc_ns = {
.count = ATOMIC_INIT(1),
.user_ns = &init_user_ns,
.ns.inum = PROC_IPC_INIT_INO,
+#ifdef CONFIG_IPC_NS
+ .ns.ops = &ipcns_operations,
+#endif
};
atomic_t nr_ipc_ns = ATOMIC_INIT(1);
diff --git a/ipc/namespace.c b/ipc/namespace.c
index d3002af16e681..c8de38b0ee45f 100644
--- a/ipc/namespace.c
+++ b/ipc/namespace.c
@@ -46,6 +46,7 @@ static struct ipc_namespace *create_ipc_ns(struct user_namespace *user_ns,
err = ns_alloc_inum(&ns->ns);
if (err)
goto fail_free;
+ ns->ns.ops = &ipcns_operations;
atomic_set(&ns->count, 1);
ns->user_ns = get_user_ns(user_ns);
diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
index dad670ef38696..833bba54e7843 100644
--- a/kernel/nsproxy.c
+++ b/kernel/nsproxy.c
@@ -232,11 +232,11 @@ void exit_task_namespaces(struct task_struct *p)
SYSCALL_DEFINE2(setns, int, fd, int, nstype)
{
- const struct proc_ns_operations *ops;
struct task_struct *tsk = current;
struct nsproxy *new_nsproxy;
struct proc_ns *ei;
struct file *file;
+ struct ns_common *ns;
int err;
file = proc_ns_fget(fd);
@@ -245,8 +245,8 @@ SYSCALL_DEFINE2(setns, int, fd, int, nstype)
err = -EINVAL;
ei = get_proc_ns(file_inode(file));
- ops = ei->ns_ops;
- if (nstype && (ops->type != nstype))
+ ns = ei->ns;
+ if (nstype && (ns->ops->type != nstype))
goto out;
new_nsproxy = create_new_namespaces(0, tsk, current_user_ns(), tsk->fs);
@@ -255,7 +255,7 @@ SYSCALL_DEFINE2(setns, int, fd, int, nstype)
goto out;
}
- err = ops->install(new_nsproxy, ei->ns);
+ err = ns->ops->install(new_nsproxy, ns);
if (err) {
free_nsproxy(new_nsproxy);
goto out;
diff --git a/kernel/pid.c b/kernel/pid.c
index 48c315ff1d8d3..47f41dc1f9bee 100644
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -77,6 +77,9 @@ struct pid_namespace init_pid_ns = {
.child_reaper = &init_task,
.user_ns = &init_user_ns,
.ns.inum = PROC_PID_INIT_INO,
+#ifdef CONFIG_PID_NS
+ .ns.ops = &pidns_operations,
+#endif
};
EXPORT_SYMBOL_GPL(init_pid_ns);
diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c
index 80030a07b4857..da5c2a541f121 100644
--- a/kernel/pid_namespace.c
+++ b/kernel/pid_namespace.c
@@ -127,6 +127,7 @@ static struct pid_namespace *create_pid_namespace(struct user_namespace *user_ns
err = ns_alloc_inum(&ns->ns);
if (err)
goto out_free_map;
+ ns->ns.ops = &pidns_operations;
kref_init(&ns->kref);
ns->level = level;
diff --git a/kernel/user.c b/kernel/user.c
index 88b4eed722861..62c7d79b8cbfa 100644
--- a/kernel/user.c
+++ b/kernel/user.c
@@ -51,6 +51,9 @@ struct user_namespace init_user_ns = {
.owner = GLOBAL_ROOT_UID,
.group = GLOBAL_ROOT_GID,
.ns.inum = PROC_USER_INIT_INO,
+#ifdef CONFIG_USER_NS
+ .ns.ops = &userns_operations,
+#endif
.flags = USERNS_INIT_FLAGS,
#ifdef CONFIG_PERSISTENT_KEYRINGS
.persistent_keyring_register_sem =
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index 6f542333200ff..0208d67347b9d 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -134,6 +134,7 @@ int create_user_ns(struct cred *new)
kmem_cache_free(user_ns_cachep, ns);
return -ENOMEM;
}
+ ns->ns.ops = &userns_operations;
free_uid(new->user);
new->user = new_user;
diff --git a/kernel/utsname.c b/kernel/utsname.c
index 0ac05ebcb3db6..7ead888875b5e 100644
--- a/kernel/utsname.c
+++ b/kernel/utsname.c
@@ -75,6 +75,8 @@ static struct uts_namespace *clone_uts_ns(struct user_namespace *user_ns,
ns->ucounts = ucounts;
+ ns->ns.ops = &utsns_operations;
+
down_read(&uts_sem);
memcpy(&ns->name, &old_ns->name, sizeof(ns->name));
ns->user_ns = get_user_ns(user_ns);
diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
index 73f077d3edd3e..88cff01ed897c 100644
--- a/net/core/net_namespace.c
+++ b/net/core/net_namespace.c
@@ -565,6 +565,7 @@ struct net *get_net_ns_by_fd(int fd)
{
struct proc_ns *ei;
struct file *file;
+ struct ns_common *ns;
struct net *net;
file = proc_ns_fget(fd);
@@ -572,8 +573,9 @@ struct net *get_net_ns_by_fd(int fd)
return ERR_CAST(file);
ei = get_proc_ns(file_inode(file));
- if (ei->ns_ops == &netns_operations)
- net = get_net(container_of(ei->ns, struct net, ns));
+ ns = ei->ns;
+ if (ns->ops == &netns_operations)
+ net = get_net(container_of(ns, struct net, ns));
else
net = ERR_PTR(-EINVAL);
@@ -613,6 +615,9 @@ EXPORT_SYMBOL_GPL(get_net_ns_by_pid);
static __net_init int net_ns_net_init(struct net *net)
{
+#ifdef CONFIG_NET_NS
+ net->ns.ops = &netns_operations;
+#endif
return ns_alloc_inum(&net->ns);
}
More information about the Devel
mailing list