[Devel] [PATCH RHEL COMMIT] ve/nfsd: enable UMH client tracker in a container

Konstantin Khorenko khorenko at virtuozzo.com
Fri Oct 1 18:40:14 MSK 2021 

The commit is pushed to "branch-rh9-5.14.vz9.1.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after ark-5.14
------>
commit c355e7992b36310c25069ba7e6bed3f2b7eecdae
Author: Stanislav Kinsbursky <skinsbursky at parallels.com>
Date:   Fri Oct 1 18:40:14 2021 +0300

    ve/nfsd: enable UMH client tracker in a container
    
    This patch set introduces Khelper kthread and enabled NFSD's UMH client
    tracker in a container.
    All this is required for proper NFSd support.
    
    The following series implements...
    
    This patch description:
    
    This one is the newest client tracker.
    And we wan't to run it in a container, because:
    1) the only currenly supported tracker (the oldest one) is deprecated starting
    from 3.10 kernel.
    2) Second (legacy) tracker can be containerized as well. But UMH tracker is
    better (becuase new and shiny).
    
    All we need is to enable the tracker in nested network namespace and use
    proper (container's) UMH thread.
    
    Signed-off-by: Stanislav Kinsbursky <skinsbursky at parallels.com>
    
    +++
    ve/nfsd: don't disable UMH client tracker globally due to single Container misconfiguration
    
    If UMH client tracker fails to init in a single Container due to, for
    example, corrupted "/sbin/nfsdcltrack" binary, currently UMH client
    tracker is disabled globally on the node as it's not virtualized.
    
    Let's print a ratelimited warning instead, but don't disable the UMH
    tracker.
    
    mFixes: vz8: 182ddb5cb6a2 ("ve/nfsd: enable UMH client tracker in a container")
    
    https://jira.sw.ru/browse/PSBM-102363
    
    Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
    
    (cherry picked from vz7 commit 2f5f5e585b0b ("ve/nfsd: don't disable UMH client
    tracker globally due to single Container misconfiguration")
    
    Signed-off-by: Vasily Averin <vvs at virtuozzo.com>
    
    Cherry-picked from vz8 commit 4c7c1982f785 ("ve/nfsd: enable UMH client tracker
    in a container"). Also merged in fixup - vz8 commit 01d96c91b3ca ("nfsd: disable
    UMH client tracking in nested net namespaces")).
    
    Signed-off-by: Nikita Yushchenko <nikita.yushchenko at virtuozzo.com>
---
 fs/nfsd/nfs4recover.c | 37 ++++++++++++++++++++++++-------------
 1 file changed, 24 insertions(+), 13 deletions(-)

diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c
index 6fedc49726bf..c9aba04bac56 100644
--- a/fs/nfsd/nfs4recover.c
+++ b/fs/nfsd/nfs4recover.c
@@ -44,6 +44,8 @@
 #include <linux/sunrpc/clnt.h>
 #include <linux/nfsd/cld.h>
 
+#include <linux/ve.h>
+
 #include "nfsd.h"
 #include "state.h"
 #include "vfs.h"
@@ -1793,6 +1795,7 @@ nfsd4_cltrack_grace_start(time64_t grace_start)
 static int
 nfsd4_umh_cltrack_upcall(char *cmd, char *arg, char *env0, char *env1)
 {
+	struct ve_struct *ve;
 	char *envp[3];
 	char *argv[4];
 	int ret;
@@ -1816,18 +1819,20 @@ nfsd4_umh_cltrack_upcall(char *cmd, char *arg, char *env0, char *env1)
 	argv[2] = arg;
 	argv[3] = NULL;
 
-	ret = call_usermodehelper(argv[0], argv, envp, UMH_WAIT_PROC);
+	ve = get_exec_env();
+	ret = call_usermodehelper_ve(ve, argv[0], argv, envp, UMH_WAIT_PROC);
 	/*
-	 * Disable the upcall mechanism if we're getting an ENOENT or EACCES
-	 * error. The admin can re-enable it on the fly by using sysfs
-	 * once the problem has been fixed.
+	 * - NFSd can be running inside Containers
+	 * - "cltrack_prog" is not virtualized
+	 * => let's don't disable UMH client tracking for all NFS servers
+	 *    on the whole Node due to a single incorrect Container
 	 */
-	if (ret == -ENOENT || ret == -EACCES) {
-		dprintk("NFSD: %s was not found or isn't executable (%d). "
-			"Setting cltrack_prog to blank string!",
-			cltrack_prog, ret);
-		cltrack_prog[0] = '\0';
-	}
+	if (ret == -ENOENT || ret == -EACCES)
+		ve_pr_warn_ratelimited(VE_LOG_BOTH,
+			"NFSD: %s was not found or isn't executable (%d) "
+			"in CT#%s\n",
+			cltrack_prog, ret, ve_name(ve));
+
 	dprintk("%s: %s return value: %d\n", __func__, cltrack_prog, ret);
 
 	return ret;
@@ -1853,13 +1858,19 @@ nfsd4_umh_cltrack_init(struct net *net)
 	int ret;
 	struct nfsd_net *nn = net_generic(net, nfsd_net_id);
 	char *grace_start = nfsd4_cltrack_grace_start(nn->boot_time);
+	struct net *ve_net;
 
-	/* XXX: The usermode helper s not working in container yet. */
-	if (net != &init_net) {
-		pr_warn("NFSD: attempt to initialize umh client tracking in a container ignored.\n");
+	rcu_read_lock();
+	ve_net = rcu_dereference(get_exec_env()->ve_ns)->net_ns;
+
+	if (!net_eq(net, ve_net)) {
+		rcu_read_unlock();
+		pr_warn("NFSD: attempt to initialize umh client tracking in Container %s netns %u ignored.\n",
+			get_exec_env()->ve_name, net->ns.inum);
 		kfree(grace_start);
 		return -EINVAL;
 	}
+	rcu_read_unlock();
 
 	ret = nfsd4_umh_cltrack_upcall("init", NULL, grace_start, NULL);
 	kfree(grace_start);

More information about the Devel mailing list