[Devel] [PATCH RHEL7 COMMIT] ve: Add option allowing ioctl(FITRIM) from inside CT

Thu Mar 18 11:12:23 MSK 2021

The commit is pushed to "branch-rh7-3.10.0-1160.15.2.vz7.173.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.15.2.vz7.173.7
------>
commit 27a92eebdab41c05c9ab721b2144f652e6850562
Author: Kirill Tkhai <ktkhai at virtuozzo.com>
Date:   Thu Mar 18 11:12:23 2021 +0300

    ve: Add option allowing ioctl(FITRIM) from inside CT
    
    https://jira.sw.ru/browse/PSBM-127082
    
    Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
---
 fs/ext4/ioctl.c    | 4 +++-
 include/linux/ve.h | 1 +
 kernel/ve/ve.c     | 5 +++++
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c
index 0977974..ccd0dcc 100644
--- a/fs/ext4/ioctl.c
+++ b/fs/ext4/ioctl.c
@@ -18,6 +18,7 @@
 #include <asm/uaccess.h>
 #include "ext4_jbd2.h"
 #include "ext4.h"
+#include <linux/ve.h>
 
 #define MAX_32_NUM ((((unsigned long long) 1) << 32) - 1)
 
@@ -723,7 +724,8 @@ resize_out:
 		struct fstrim_range range;
 		int ret = 0;
 
-		if (!capable(CAP_SYS_ADMIN))
+		if (!capable(CAP_SYS_ADMIN) &&
+		    (!ve_allow_ioctl_fitrim || !ve_capable(CAP_SYS_ADMIN)))
 			return -EPERM;
 
 		if (!blk_queue_discard(q))
diff --git a/include/linux/ve.h b/include/linux/ve.h
index 2dcd7bb..1fc1f80 100644
--- a/include/linux/ve.h
+++ b/include/linux/ve.h
@@ -173,6 +173,7 @@ extern struct proc_dir_entry *proc_vz_dir;
 extern struct cgroup_subsys ve_subsys;
 
 extern unsigned int sysctl_ve_mount_nr;
+extern bool ve_allow_ioctl_fitrim;
 
 #ifdef CONFIG_VE
 #define ve_uevent_seqnum       (get_exec_env()->_uevent_seqnum)
diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c
index 068b7b5..ca63b98 100644
--- a/kernel/ve/ve.c
+++ b/kernel/ve/ve.c
@@ -70,6 +70,11 @@ struct module no_module = { .state = MODULE_STATE_GOING };
 EXPORT_SYMBOL(no_module);
 #endif
 
+bool ve_allow_ioctl_fitrim = 0;
+module_param_named(allow_ioctl_fitrim, ve_allow_ioctl_fitrim, bool, 0644);
+MODULE_PARM_DESC(ve_allow_ioctl_fitrim,
+		 "Allow ioctl(FITRIM) from inside VE. Only ext4 is supported now");
+
 static DEFINE_PER_CPU(struct kstat_lat_pcpu_snap_struct, ve0_lat_stats);
 
 struct ve_struct ve0 = {
