[Devel] [PATCH vz9 v2 1/2] fs: make is_sb_ve_accessible() check non-root namespaces

Tue Nov 2 18:31:20 MSK 2021

On 02.11.2021 17:45, Nikita Yushchenko wrote:
> When checking if a superblock is accessible from VE, iterate over
> superblock's mounts and search for one accessible from VE.
> 
> This method gives correct result for superblocks mounted inside VE's
> non-root mount namespaces. Previously used iterating over VE's root
> mount namespace could not find such superblocks.
> 
> https://jira.sw.ru/browse/PSBM-44684
> Signed-off-by: Nikita Yushchenko <nikita.yushchenko at virtuozzo.com>

Reviewed-by: Kirill Tkhai <ktkhai at virtuozzo.com>

> ---
>  fs/internal.h  | 10 ++++++++++
>  fs/namespace.c | 17 +++++++++++++++++
>  fs/sync.c      | 29 -----------------------------
>  3 files changed, 27 insertions(+), 29 deletions(-)
> 
> diff --git a/fs/internal.h b/fs/internal.h
> index 82e8eb32ff3d..257e51814d2c 100644
> --- a/fs/internal.h
> +++ b/fs/internal.h
> @@ -96,6 +96,16 @@ int path_mount(const char *dev_name, struct path *path,
>  		const char *type_page, unsigned long flags, void *data_page);
>  int path_umount(struct path *path, int flags);
>  
> +#ifdef CONFIG_VE
> +extern bool is_sb_ve_accessible(struct ve_struct *ve, struct super_block *sb);
> +#else
> +static inline bool is_sb_ve_accessible(struct ve_struct *ve,
> +		struct super_block *sb)
> +{
> +	return true;
> +}
> +#endif
> +
>  /*
>   * fs_struct.c
>   */
> diff --git a/fs/namespace.c b/fs/namespace.c
> index dc73e945b746..4a57b4f69fa9 100644
> --- a/fs/namespace.c
> +++ b/fs/namespace.c
> @@ -2832,6 +2832,23 @@ static inline void ve_mount_nr_dec(struct mount *mnt)
>  	mnt->ve_owner = NULL;
>  }
>  
> +bool is_sb_ve_accessible(struct ve_struct *ve, struct super_block *sb)
> +{
> +	struct mount *mnt;
> +	bool ret = false;
> +
> +	lock_mount_hash();
> +	list_for_each_entry(mnt, &sb->s_mounts, mnt_instance) {
> +		if (mnt->ve_owner == ve) {
> +			ret = true;
> +			break;
> +		}
> +	}
> +	unlock_mount_hash();
> +
> +	return ret;
> +}
> +
>  #else /* CONFIG_VE */
>  
>  static inline int ve_mount_allowed(void) { return 1; }
> diff --git a/fs/sync.c b/fs/sync.c
> index 1c78756d4749..e9711a9424d9 100644
> --- a/fs/sync.c
> +++ b/fs/sync.c
> @@ -198,35 +198,6 @@ static void sync_filesystems_ve(struct ve_struct *ve, int wait)
>  	sync_release_filesystems(&sync_list);
>  }
>  
> -static int is_sb_ve_accessible(struct ve_struct *ve, struct super_block *sb)
> -{
> -	struct mount *mnt;
> -	struct mnt_namespace *mnt_ns;
> -	struct nsproxy *ve_ns;
> -	int ret = 0;
> -
> -	down_read(&namespace_sem);
> -
> -	rcu_read_lock();
> -	ve_ns = rcu_dereference(ve->ve_ns);
> -	if (!ve_ns) {
> -		rcu_read_unlock();
> -		up_read(&namespace_sem);
> -		return 0;
> -	}
> -	mnt_ns = ve_ns->mnt_ns;
> -	rcu_read_unlock();
> -
> -	list_for_each_entry(mnt, &mnt_ns->list, mnt_list) {
> -		if (mnt->mnt.mnt_sb == sb) {
> -			ret = 1;
> -			break;
> -		}
> -	}
> -	up_read(&namespace_sem);
> -	return ret;
> -}
> -
>  static int __ve_fsync_behavior(struct ve_struct *ve)
>  {
>  	/*
>