[Devel] [PATCH RHEL8 COMMIT] nfsd: disable UMH client tracking in nested net namespaces

Konstantin Khorenko khorenko at virtuozzo.com
Wed Jun 2 12:16:10 MSK 2021 

The commit is pushed to "branch-rh8-4.18.0-240.1.1.vz8.5.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh8-4.18.0-240.1.1.vz8.5.34
------>
commit b7e1ee81bab1995066ed4667f46c3f9585f5fece
Author: Vasily Averin <vvs at virtuozzo.com>
Date:   Wed Jun 2 12:16:10 2021 +0300

    nfsd: disable UMH client tracking in nested net namespaces
    
    UMH client tracking uses usermodehelper to execute some userspace binary.
    In mainline it works for init_net only, but in vz7 skinsbursky@ enabled
    it in Containers by using per-Container UHM call. Unfortunately it does
    not work in nested network namespaces, neither on host nor inside Containers.
    
    This patch disables UMH client tracking in nested network namespaces,
    and adjusts warning message generated on such attempts.
    
    https://jira.sw.ru/browse/PSBM-90024
    
    Signed-off-by: Vasliy Averin <vvs at virtuozzo.com>
    
    Reviewed-by: Konstantin Khorenko <khorenko at virtuozzo.com>
    
    Rebased to vz8:
     - use ve->ve_ns->net_ns since ve->ve_netns is gone
    
    (cherry-picked from vz7 commit e4af0cdd639d ("nfsd: disable UMH client tracking
    in nested net namespaces"))
    Signed-off-by: Andrey Zhadchenko <andrey.zhadchenko at virtuozzo.com>
---
 fs/nfsd/nfs4recover.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c
index cb947b72fc5a..cd73239f9298 100644
--- a/fs/nfsd/nfs4recover.c
+++ b/fs/nfsd/nfs4recover.c
@@ -1870,6 +1870,19 @@ nfsd4_umh_cltrack_init(struct net *net)
 	int ret;
 	struct nfsd_net *nn = net_generic(net, nfsd_net_id);
 	char *grace_start = nfsd4_cltrack_grace_start(nn->boot_time);
+	struct net *ve_net;
+
+	rcu_read_lock();
+	ve_net = rcu_dereference(get_exec_env()->ve_ns)->net_ns;
+
+	if (!net_eq(net, ve_net)) {
+		rcu_read_unlock();
+		pr_warn("NFSD: attempt to initialize umh client tracking in Container %s netns %u ignored.\n",
+			get_exec_env()->ve_name, net->ns.inum);
+		kfree(grace_start);
+		return -EINVAL;
+	}
+	rcu_read_unlock();
 
 	ret = nfsd4_umh_cltrack_upcall("init", NULL, grace_start, NULL);
 	kfree(grace_start);

More information about the Devel mailing list