[Devel] [PATCH RHEL7 COMMIT] Revert "proc/pid: Don't show kernel threads inside Containers"

Vasily Averin vvs at virtuozzo.com
Wed Jan 13 13:25:28 MSK 2021 

The commit is pushed to "branch-rh7-3.10.0-1160.11.1.vz7.172.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.11.1.vz7.172.9
------>
commit 2a0d86b26795f6081c9e84f1b5120dccd933d542
Author: Vasily Averin <vvs at virtuozzo.com>
Date:   Wed Jan 13 13:25:27 2021 +0300

    Revert "proc/pid: Don't show kernel threads inside Containers"
    
    This reverts commit 685ba4589e1bea845e3234fd14ce0dce295ba3de.
    if kernel threads are not visible inside container,
    nfsd service cannot find them and cannot properly report own status.
    
    The probelm fixed by  reverted pacth should be fixed by another patch
    improved vps_dumpable check in __ptrace_may_access()
    
    https://jira.sw.ru/browse/PSBM-92107
    https://bugs.openvz.org/browse/OVZ-7245
    Signed-off-by: Vasily Averin <vvs at virtuozzo.com>
---
 fs/proc/base.c | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/fs/proc/base.c b/fs/proc/base.c
index 965a746..dbf5a84 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -3300,15 +3300,6 @@ out:
 	return error;
 }
 
-static bool is_visible_task_ve(struct pid_namespace *ns, struct task_struct *task)
-{
-	/* Don't show kthreads inside Containers. */
-	if ((task->flags & PF_KTHREAD) && (ns != &init_pid_ns))
-		return false;
-
-	return true;
-}
-
 struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsigned int flags)
 {
 	struct dentry *result = NULL;
@@ -3323,8 +3314,6 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign
 	ns = dentry->d_sb->s_fs_info;
 	rcu_read_lock();
 	task = find_task_by_pid_ns(tgid, ns);
-	if (task && !is_visible_task_ve(ns, task))
-		task = NULL;
 	if (task)
 		get_task_struct(task);
 	rcu_read_unlock();
@@ -3421,9 +3410,6 @@ int proc_pid_readdir(struct file * filp, void * dirent, filldir_t filldir)
 	for (iter = next_tgid(ns, iter);
 	     iter.task;
 	     iter.tgid += 1, iter = next_tgid(ns, iter)) {
-		if (!is_visible_task_ve(ns, iter.task))
-			continue;
-
 		if (is_visible_task(ns, iter.task))
 			__filldir = filldir;
 		else

More information about the Devel mailing list