[Devel] [PATCH RHEL9 COMMIT] ve/mount: allow pseudosuper to temporary exceed the container limit

Konstantin Khorenko khorenko at virtuozzo.com
Wed Oct 20 11:40:33 MSK 2021 

The commit is pushed to "branch-rh9-5.14.vz9.1.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh9-5.14.0-4.vz9.10.12
------>
commit 0c0fa364e4f9814d069a8f1c442a7a5ef3d1d047
Author: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
Date:   Wed Oct 20 11:40:33 2021 +0300

    ve/mount: allow pseudosuper to temporary exceed the container limit
    
    Criu algorithm is (prepare_mnt_ns):
    1) Restore all mounts of the CT (from all mntns'es) in single temporary
    mount namespace.
    2) For each mount namespace of the container recreate it's mounts:
     a) Unshare temporary mntns (mounts are doubled)
     b) Remove with pivot_root all excess mounts
    
    So at some point we have many mntnses of the CT already created with
    their mounts and two temporary mount namespaces with mounts copies, that
    is ~3x mounts (and may be also some aditional temporary mounts).
    
    When we restore a CT with > 1/3*sysctl_ve_mount_nr mounts we hit the
    limit and fail, fix it ignoring the limit at restore stage.
    
    https://jira.sw.ru/browse/PSBM-86511
    
    Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
    
    Acked-by: Cyrill Gorcunov <gorcunov at openvz.org>
    
    (cherry picked from vz7 commit cb5488bae355 ("ve/mount: allow pseudosuper to
    temporary exceed the container limit"))
    
    VZ 8 rebase part https://jira.sw.ru/browse/PSBM-127837
    
    Signed-off-by: Alexander Mikhalitsyn <alexander.mikhalitsyn at virtuozzo.com>
    
    (cherry picked from vz8 commit 454d3b6b7b79d76ce785d21d2c95d2efc173eddc)
    Signed-off-by: Andrey Zhadchenko <andrey.zhadchenko at virtuozzo.com>
---
 fs/namespace.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/namespace.c b/fs/namespace.c
index 0abab30e20b4..b2f925ac15d5 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2811,7 +2811,7 @@ static inline int ve_mount_allowed(void)
 {
 	struct ve_struct *ve = get_exec_env();
 
-	return ve_is_super(ve) ||
+	return ve_is_super(ve) || ve->is_pseudosuper ||
 		atomic_read(&ve->mnt_nr) < (int)sysctl_ve_mount_nr;
 }

More information about the Devel mailing list