[Devel] [PATCH RHEL9 COMMIT] net/ip6ip: Consider VE_FEATURE_IPIP on new net creation

Konstantin Khorenko khorenko at virtuozzo.com
Wed Oct 20 11:40:39 MSK 2021 

The commit is pushed to "branch-rh9-5.14.vz9.1.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh9-5.14.0-4.vz9.10.12
------>
commit 10e9489a6a9ff0731d6136b23bedd14f2bc37adf
Author: Kirill Gorkunov <gorcunov at virtuozzo.com>
Date:   Wed Oct 20 11:40:39 2021 +0300

    net/ip6ip: Consider VE_FEATURE_IPIP on new net creation
    
    We already have similar control in ipv4 so we should cover the ipv6
    as well. Note the main reason is to allow node operator to control
    containers features because this module prevents container checkpoint
    and restore procedure.
    
    https://jira.sw.ru/browse/PSBM-84241
    
    Signed-off-by: Cyrill Gorcunov <gorcunov at virtuozzo.com>
    
    Rebased to vz8:
     - Use net_generic_free instead of net_assign_generic to reclaim memory
    
    (cherry-picked from vz7 commit 184fe365300b ("net/ip6ip: Consider
    VE_FEATURE_IPIP on new net creation"))
    
    Signed-off-by: Andrey Zhadchenko <andrey.zhadchenko at virtuozzo.com>
    
    (cherry pickved from vz8 commit 5a8ad37e674470127bcc0de36e94734024b49f0f)
    Signed-off-by: Andrey Zhadchenko <andrey.zhadchenko at virtuozzo.com>
---
 net/ipv6/ip6_tunnel.c | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index bac390630f23..b9f7466b995c 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -54,6 +54,9 @@
 #include <net/netns/generic.h>
 #include <net/dst_metadata.h>
 
+#include <uapi/linux/vzcalluser.h>
+#include <linux/ve.h>
+
 MODULE_AUTHOR("Ville Nuorvala");
 MODULE_DESCRIPTION("IPv6 tunneling device");
 MODULE_LICENSE("GPL");
@@ -119,6 +122,11 @@ ip6_tnl_lookup(struct net *net, int link,
 	struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
 	struct in6_addr any;
 
+#if CONFIG_VE
+	if (!ip6n) /* no VE_FEATURE_IPIP */
+		return NULL;
+#endif
+
 	for_each_ip6_tunnel_rcu(ip6n->tnls_r_l[hash]) {
 		if (!ipv6_addr_equal(local, &t->parms.laddr) ||
 		    !ipv6_addr_equal(remote, &t->parms.raddr) ||
@@ -2030,6 +2038,11 @@ static int ip6_tnl_newlink(struct net *src_net, struct net_device *dev,
 	struct ip6_tnl *nt, *t;
 	int err;
 
+#ifdef CONFIG_VE
+	if (net_generic(dev_net(dev), ip6_tnl_net_id) == NULL)
+		return -EACCES;
+#endif
+
 	nt = netdev_priv(dev);
 
 	if (ip6_tnl_netlink_encap_parms(data, &ipencap)) {
@@ -2229,6 +2242,11 @@ static void __net_exit ip6_tnl_destroy_tunnels(struct net *net, struct list_head
 	int h;
 	struct ip6_tnl *t;
 
+#ifdef CONFIG_VE
+	if (!ip6n) /* no VE_FEATURE_IPIP */
+		return;
+#endif
+
 	for_each_netdev_safe(net, dev, aux)
 		if (dev->rtnl_link_ops == &ip6_link_ops)
 			unregister_netdevice_queue(dev, list);
@@ -2262,6 +2280,13 @@ static int __net_init ip6_tnl_init_net(struct net *net)
 	struct ip6_tnl *t = NULL;
 	int err;
 
+#ifdef CONFIG_VE
+	if (!(net->owner_ve->features & VE_FEATURE_IPIP)) {
+		net_generic_free(net, ip6_tnl_net_id);
+		return 0;
+	}
+#endif
+
 	ip6n->tnls[0] = ip6n->tnls_wc;
 	ip6n->tnls[1] = ip6n->tnls_r_l;

More information about the Devel mailing list