[Devel] [PATCH vz9 v2 1/2] fs: make is_sb_ve_accessible() check non-root namespaces

Tue Nov 2 17:45:41 MSK 2021

When checking if a superblock is accessible from VE, iterate over
superblock's mounts and search for one accessible from VE.

This method gives correct result for superblocks mounted inside VE's
non-root mount namespaces. Previously used iterating over VE's root
mount namespace could not find such superblocks.

https://jira.sw.ru/browse/PSBM-44684
Signed-off-by: Nikita Yushchenko <nikita.yushchenko at virtuozzo.com>
---
 fs/internal.h  | 10 ++++++++++
 fs/namespace.c | 17 +++++++++++++++++
 fs/sync.c      | 29 -----------------------------
 3 files changed, 27 insertions(+), 29 deletions(-)

diff --git a/fs/internal.h b/fs/internal.h
index 82e8eb32ff3d..257e51814d2c 100644
--- a/fs/internal.h
+++ b/fs/internal.h
@@ -96,6 +96,16 @@ int path_mount(const char *dev_name, struct path *path,
 		const char *type_page, unsigned long flags, void *data_page);
 int path_umount(struct path *path, int flags);
 
+#ifdef CONFIG_VE
+extern bool is_sb_ve_accessible(struct ve_struct *ve, struct super_block *sb);
+#else
+static inline bool is_sb_ve_accessible(struct ve_struct *ve,
+		struct super_block *sb)
+{
+	return true;
+}
+#endif
+
 /*
  * fs_struct.c
  */
diff --git a/fs/namespace.c b/fs/namespace.c
index dc73e945b746..4a57b4f69fa9 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2832,6 +2832,23 @@ static inline void ve_mount_nr_dec(struct mount *mnt)
 	mnt->ve_owner = NULL;
 }
 
+bool is_sb_ve_accessible(struct ve_struct *ve, struct super_block *sb)
+{
+	struct mount *mnt;
+	bool ret = false;
+
+	lock_mount_hash();
+	list_for_each_entry(mnt, &sb->s_mounts, mnt_instance) {
+		if (mnt->ve_owner == ve) {
+			ret = true;
+			break;
+		}
+	}
+	unlock_mount_hash();
+
+	return ret;
+}
+
 #else /* CONFIG_VE */
 
 static inline int ve_mount_allowed(void) { return 1; }
diff --git a/fs/sync.c b/fs/sync.c
index 1c78756d4749..e9711a9424d9 100644
--- a/fs/sync.c
+++ b/fs/sync.c
@@ -198,35 +198,6 @@ static void sync_filesystems_ve(struct ve_struct *ve, int wait)
 	sync_release_filesystems(&sync_list);
 }
 
-static int is_sb_ve_accessible(struct ve_struct *ve, struct super_block *sb)
-{
-	struct mount *mnt;
-	struct mnt_namespace *mnt_ns;
-	struct nsproxy *ve_ns;
-	int ret = 0;
-
-	down_read(&namespace_sem);
-
-	rcu_read_lock();
-	ve_ns = rcu_dereference(ve->ve_ns);
-	if (!ve_ns) {
-		rcu_read_unlock();
-		up_read(&namespace_sem);
-		return 0;
-	}
-	mnt_ns = ve_ns->mnt_ns;
-	rcu_read_unlock();
-
-	list_for_each_entry(mnt, &mnt_ns->list, mnt_list) {
-		if (mnt->mnt.mnt_sb == sb) {
-			ret = 1;
-			break;
-		}
-	}
-	up_read(&namespace_sem);
-	return ret;
-}
-
 static int __ve_fsync_behavior(struct ve_struct *ve)
 {
 	/*
-- 
2.30.2

