[Devel] [PATCH vz8] ve/pid: Export kernel.pid_max via ve cgroup
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Wed Jun 23 10:54:50 MSK 2021
On 23.06.2021 00:39, Konstantin Khorenko wrote:
> From: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
>
> This member represents kernel.pid_max sysctl it is vz-specific but
> lays on pid namespace. To be able to c/r from libvzctl script it is
> better put pid_max in ve cgroup, these way we do not need to enter
> container root pid namespace to get/set these sysctl.
>
> Note: we need to be able to set pid_max on running Container,
> as we can't set pid_max before we have ve's pidns.
>
> https://jira.sw.ru/browse/PSBM-48397
>
> Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
> Acked-by: Cyrill Gorcunov <gorcunov at openvz.org>
>
> Cherry-picked from vz7 commit be980b3141ca ("ve/pid: Export
> kernel.pid_max via ve cgroup")
>
> https://jira.sw.ru/browse/PSBM-102629
> Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
> ---
> kernel/ve/ve.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 58 insertions(+)
>
> diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c
> index 954aa8127d99..9c72af9d2cce 100644
> --- a/kernel/ve/ve.c
> +++ b/kernel/ve/ve.c
> @@ -1337,6 +1337,58 @@ enum {
> VE_CF_CLOCK_BOOTBASED,
> };
>
> +static u64 ve_pid_max_read_u64(struct cgroup_subsys_state *css,
> + struct cftype *cft)
> +{
> + struct ve_struct *ve = css_to_ve(css);
> + struct nsproxy *ve_ns;
> + u64 pid_max = 0;
> +
> + down_write(&ve->op_sem);
Does not affect behaviour much, but probably rcpu_read_lock is enough
here instead of semaphore? (ve_ns is dropped in ve_drop_context() via rcu)
> + ve_ns = rcu_dereference_protected(ve->ve_ns,
> + lockdep_is_held(&ve->op_sem));
> + if (ve_ns && ve_ns->pid_ns_for_children)
> + pid_max = ve_ns->pid_ns_for_children->pid_max;
> +
> + up_write(&ve->op_sem);
> +
> + return pid_max;
> +}
> +
> +extern int pid_max_min, pid_max_max;
> +
> +static int ve_pid_max_write_running_u64(struct cgroup_subsys_state *css,
> + struct cftype *cft, u64 val)
> +{
> + struct ve_struct *ve = css_to_ve(css);
> + struct nsproxy *ve_ns;
> +
> + if (!ve_is_super(get_exec_env()) &&
> + !ve->is_pseudosuper)
> + return -EPERM;
> +
> + down_write(&ve->op_sem);
> + if (!ve->is_running) {
> + up_write(&ve->op_sem);
> + return -EBUSY;
> + }
> + ve_ns = rcu_dereference_protected(ve->ve_ns,
> + lockdep_is_held(&ve->op_sem));
> + if (!ve_ns || !ve_ns->pid_ns_for_children) {
> + up_write(&ve->op_sem);
> + return -EBUSY;
> + }
> + if (pid_max_min > val || pid_max_max < val) {
> + up_write(&ve->op_sem);
> + return -EINVAL;
> + }
> +
> + ve->ve_ns->pid_ns_for_children->pid_max = val;
> + up_write(&ve->op_sem);
> +
> + return 0;
> +}
> +
> static int ve_ts_read(struct seq_file *sf, void *v)
> {
> struct ve_struct *ve = css_to_ve(seq_css(sf));
> @@ -1735,6 +1787,12 @@ static struct cftype ve_cftypes[] = {
> .write = ve_ts_write,
> .private = VE_CF_CLOCK_BOOTBASED,
> },
> + {
> + .name = "pid_max",
> + .flags = CFTYPE_NOT_ON_ROOT,
> + .read_u64 = ve_pid_max_read_u64,
> + .write_u64 = ve_pid_max_write_running_u64,
> + },
> {
> .name = "netns_max_nr",
> .flags = CFTYPE_NOT_ON_ROOT,
>
--
Best regards, Tikhomirov Pavel
Software Developer, Virtuozzo.
More information about the Devel
mailing list