[Devel] [PATCH vz9 3/9] ve/nfsd: enable UMH client tracker in a container

Fri Oct 1 09:32:49 MSK 2021

From: Stanislav Kinsbursky <skinsbursky at parallels.com>

This patch set introduces Khelper kthread and enabled NFSD's UMH client
tracker in a container.
All this is required for proper NFSd support.

The following series implements...

This patch description:

This one is the newest client tracker.
And we wan't to run it in a container, because:
1) the only currenly supported tracker (the oldest one) is deprecated starting
from 3.10 kernel.
2) Second (legacy) tracker can be containerized as well. But UMH tracker is
better (becuase new and shiny).

All we need is to enable the tracker in nested network namespace and use
proper (container's) UMH thread.

Signed-off-by: Stanislav Kinsbursky <skinsbursky at parallels.com>

+++
ve/nfsd: don't disable UMH client tracker globally due to single Container misconfiguration

If UMH client tracker fails to init in a single Container due to, for
example, corrupted "/sbin/nfsdcltrack" binary, currently UMH client
tracker is disabled globally on the node as it's not virtualized.

Let's print a ratelimited warning instead, but don't disable the UMH
tracker.

mFixes: vz8: 182ddb5cb6a2 ("ve/nfsd: enable UMH client tracker in a container")

https://jira.sw.ru/browse/PSBM-102363

Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>

(cherry picked from vz7 commit 2f5f5e585b0b ("ve/nfsd: don't disable UMH client
tracker globally due to single Container misconfiguration")

Signed-off-by: Vasily Averin <vvs at virtuozzo.com>

Cherry-picked from vz8 commit 4c7c1982f785 ("ve/nfsd: enable UMH client tracker
in a container"). Also merged in fixup - vz8 commit 01d96c91b3ca ("nfsd: disable
UMH client tracking in nested net namespaces")).

Signed-off-by: Nikita Yushchenko <nikita.yushchenko at virtuozzo.com>
---
 fs/nfsd/nfs4recover.c | 37 ++++++++++++++++++++++++-------------
 1 file changed, 24 insertions(+), 13 deletions(-)

diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c
index 6fedc49726bf..c9aba04bac56 100644
--- a/fs/nfsd/nfs4recover.c
+++ b/fs/nfsd/nfs4recover.c
@@ -44,6 +44,8 @@
 #include <linux/sunrpc/clnt.h>
 #include <linux/nfsd/cld.h>
 
+#include <linux/ve.h>
+
 #include "nfsd.h"
 #include "state.h"
 #include "vfs.h"
@@ -1793,6 +1795,7 @@ nfsd4_cltrack_grace_start(time64_t grace_start)
 static int
 nfsd4_umh_cltrack_upcall(char *cmd, char *arg, char *env0, char *env1)
 {
+	struct ve_struct *ve;
 	char *envp[3];
 	char *argv[4];
 	int ret;
@@ -1816,18 +1819,20 @@ nfsd4_umh_cltrack_upcall(char *cmd, char *arg, char *env0, char *env1)
 	argv[2] = arg;
 	argv[3] = NULL;
 
-	ret = call_usermodehelper(argv[0], argv, envp, UMH_WAIT_PROC);
+	ve = get_exec_env();
+	ret = call_usermodehelper_ve(ve, argv[0], argv, envp, UMH_WAIT_PROC);
 	/*
-	 * Disable the upcall mechanism if we're getting an ENOENT or EACCES
-	 * error. The admin can re-enable it on the fly by using sysfs
-	 * once the problem has been fixed.
+	 * - NFSd can be running inside Containers
+	 * - "cltrack_prog" is not virtualized
+	 * => let's don't disable UMH client tracking for all NFS servers
+	 *    on the whole Node due to a single incorrect Container
 	 */
-	if (ret == -ENOENT || ret == -EACCES) {
-		dprintk("NFSD: %s was not found or isn't executable (%d). "
-			"Setting cltrack_prog to blank string!",
-			cltrack_prog, ret);
-		cltrack_prog[0] = '\0';
-	}
+	if (ret == -ENOENT || ret == -EACCES)
+		ve_pr_warn_ratelimited(VE_LOG_BOTH,
+			"NFSD: %s was not found or isn't executable (%d) "
+			"in CT#%s\n",
+			cltrack_prog, ret, ve_name(ve));
+
 	dprintk("%s: %s return value: %d\n", __func__, cltrack_prog, ret);
 
 	return ret;
@@ -1853,13 +1858,19 @@ nfsd4_umh_cltrack_init(struct net *net)
 	int ret;
 	struct nfsd_net *nn = net_generic(net, nfsd_net_id);
 	char *grace_start = nfsd4_cltrack_grace_start(nn->boot_time);
+	struct net *ve_net;
 
-	/* XXX: The usermode helper s not working in container yet. */
-	if (net != &init_net) {
-		pr_warn("NFSD: attempt to initialize umh client tracking in a container ignored.\n");
+	rcu_read_lock();
+	ve_net = rcu_dereference(get_exec_env()->ve_ns)->net_ns;
+
+	if (!net_eq(net, ve_net)) {
+		rcu_read_unlock();
+		pr_warn("NFSD: attempt to initialize umh client tracking in Container %s netns %u ignored.\n",
+			get_exec_env()->ve_name, net->ns.inum);
 		kfree(grace_start);
 		return -EINVAL;
 	}
+	rcu_read_unlock();
 
 	ret = nfsd4_umh_cltrack_upcall("init", NULL, grace_start, NULL);
 	kfree(grace_start);
-- 
2.30.2

