[Devel] [PATCH RH9 10/10] ve/proc/block: show /proc/diskstats inside a Container

[Cyrill Gorcunov]

From: Vasily Averin <vvs at virtuozzo.com>

The proc file is virtualized, so it contains stats for only those block
devices which are allowed by device cgroup related to the Container.

https://jira.sw.ru/browse/PSBM-90491
https://jira.sw.ru/browse/PSBM-92107

Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>

(cherry picked from vz7 commit ded5965d1d58 ("ve/proc/block: show
/proc/diskstats inside a Container"))

Signed-off-by: Vasily Averin <vvs at virtuozzo.com>

gorcunov@: cherry-picked from commit d29e2f9fbf277, the vz9
code is changed so had to apply the patch manually).

Signed-off-by: Cyrill Gorcunov <gorcunov at virtuozzo.com>
---
 block/genhd.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/block/genhd.c b/block/genhd.c
index 504dfb222abd..1470243dbd9d 100644
--- a/block/genhd.c
+++ b/block/genhd.c
@@ -1171,6 +1171,7 @@ const struct device_type disk_type = {
  */
 static int diskstats_show(struct seq_file *seqf, void *v)
 {
+	struct ve_struct *ve = get_exec_env();
 	struct gendisk *gp = v;
 	struct block_device *hd;
 	char buf[BDEVNAME_SIZE];
@@ -1190,6 +1191,11 @@ static int diskstats_show(struct seq_file *seqf, void *v)
 	xa_for_each(&gp->part_tbl, idx, hd) {
 		if (bdev_is_partition(hd) && !bdev_nr_sectors(hd))
 			continue;
+		if (!ve_is_super(ve) &&
+		    devcgroup_device_permission(S_IFBLK, hd->bd_dev,
+						MAY_READ)) {
+			continue;
+		}
 		part_stat_read_all(hd, &stat);
 		if (queue_is_mq(gp->queue))
 			inflight = blk_mq_in_flight(gp->queue, hd);
@@ -1246,7 +1252,7 @@ static const struct seq_operations diskstats_op = {
 
 static int __init proc_genhd_init(void)
 {
-	proc_create_seq("diskstats", 0, NULL, &diskstats_op);
+	proc_create_seq("diskstats", S_ISVTX, NULL, &diskstats_op);
 	proc_create_seq("partitions", S_ISVTX, NULL, &partitions_op);
 	return 0;
 }
-- 
2.31.1