[Devel] [PATCH RHEL10 COMMIT] ve: Switch from get_curr_ve() to get_exec_env()

Konstantin Khorenko khorenko at virtuozzo.com
Mon Dec 1 20:08:01 MSK 2025 

The commit is pushed to "branch-rh10-6.12.0-55.13.1.2.x.vz10-ovz" and will appear at git at bitbucket.org:openvz/vzkernel.git
after rh10-6.12.0-55.13.1.2.21.vz10
------>
commit 27f71c7761228d3f467522eaff9821d0657207f3
Author: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
Date:   Mon Nov 24 19:20:43 2025 +0800

    ve: Switch from get_curr_ve() to get_exec_env()
    
    Previously a task could've being moved by the outside event to another
    ve cgroup and its link to ve_struct might change (task->task_ve). Now
    when the link to ve_struct goes through ve namespace, the link is
    persistent unless the task itself does clone3/unshare/setns.
    
    So now we are safe to use ve_struct returned from get_exec_env(),
    without worrying that it will be freed under us. And don't need any
    special helper to get reference to the current ve.
    
    Also remove get_curr_ve() as we no longer need it.
    
    https://virtuozzo.atlassian.net/browse/VSTOR-118289
    Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
    
    Feature: ve: ve generic structures
    ======
    Patchset description:
    ve: Add VE namespace
    
    Main ideas behind VE namespace explained in "ve: Introduce VE
    namespace".
---
 include/linux/cgroup.h    |  1 -
 kernel/cgroup/cgroup.c    | 42 ------------------------------------------
 net/core/netprio_cgroup.c |  6 ++----
 3 files changed, 2 insertions(+), 47 deletions(-)

diff --git a/include/linux/cgroup.h b/include/linux/cgroup.h
index 2e01e484cbac7..6fe5422e27b93 100644
--- a/include/linux/cgroup.h
+++ b/include/linux/cgroup.h
@@ -867,7 +867,6 @@ static inline void cgroup_bpf_put(struct cgroup *cgrp) {}
 
 #ifdef CONFIG_VE
 int ve_hide_cgroups(struct cgroup_root *root);
-struct ve_struct *get_curr_ve(void);
 struct cgroup_subsys_state *cgroup_get_e_ve_css(struct cgroup *cgrp,
 						struct cgroup_subsys *ss);
 #endif
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 5893d8f4d010a..26ad3faf2e218 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -2102,48 +2102,6 @@ static int cgroup_reconfigure(struct fs_context *fc)
 }
 
 #ifdef CONFIG_VE
-/*
- * This helper is a safe alternative to get_exec_env(), this helper actually
- * gets reference on current ve so if in other thread we would be moved from
- * this ve, at least this ve would not be freed under us.
- */
-struct ve_struct *get_curr_ve(void)
-{
-	struct ve_struct *ve;
-
-	/*
-	 * If first thread loads current->task_ve pointer, and if just after
-	 * that current is moved by other thread from this ve cgroup to some
-	 * other and this ve cgroup gets destroyed, ve pointer gets freed, so
-	 * first thread can't use such ve pointer safely.
-	 */
-
-	/*
-	 * Fast path: Let's make it safe with rcu lock, though current can be
-	 * moved to other ve cgroup and our ve cgroup can start destroying, ve
-	 * pointer would be still valid. As it is freed in ve_destroy. And
-	 * ve_destroy is called from rcu callback after task_ve had changed.
-	 */
-	rcu_read_lock();
-	ve = rcu_dereference(current->task_ve);
-	if (css_tryget(&ve->css)) {
-		rcu_read_unlock();
-		return ve;
-	}
-	rcu_read_unlock();
-
-	/*
-	 * Slow path: Under cgroup_mutex both current tasks ve cgroup and
-	 * task_ve pointer can't change. Corresponding cgroup_mutex around
-	 * cgroup_attach_task() protects us from it.
-	 */
-	mutex_lock(&cgroup_mutex);
-	ve = get_ve(current->task_ve);
-	mutex_unlock(&cgroup_mutex);
-
-	return ve;
-}
-
 /*
  * Let's skip optional cgroups in Virtuozzo containers. Admin on host can
  * do "mount -t cgroup cgroup -onone,name=namedcgroup /mnt", and this should
diff --git a/net/core/netprio_cgroup.c b/net/core/netprio_cgroup.c
index 30c2599e3cc1c..bfe0ff69b0b67 100644
--- a/net/core/netprio_cgroup.c
+++ b/net/core/netprio_cgroup.c
@@ -220,7 +220,7 @@ static int read_priomap(struct seq_file *sf, void *v)
 	struct net *net, *_net = NULL;
 	struct net_device *dev;
 
-	ve = get_curr_ve();
+	ve = get_exec_env();
 	if (!ve_is_super(ve)) {
 		struct nsproxy *ve_nsproxy;
 
@@ -230,7 +230,6 @@ static int read_priomap(struct seq_file *sf, void *v)
 			_net = get_net(ve_nsproxy->net_ns);
 		rcu_read_unlock();
 	}
-	put_ve(ve);
 
 	net = _net ? : &init_net;
 	rcu_read_lock();
@@ -256,7 +255,7 @@ static ssize_t write_priomap(struct kernfs_open_file *of,
 	if (sscanf(buf, "%"__stringify(IFNAMSIZ)"s %u", devname, &prio) != 2)
 		return -EINVAL;
 
-	ve = get_curr_ve();
+	ve = get_exec_env();
 	if (!ve_is_super(ve)) {
 		struct nsproxy *ve_nsproxy;
 
@@ -266,7 +265,6 @@ static ssize_t write_priomap(struct kernfs_open_file *of,
 			_net = get_net(ve_nsproxy->net_ns);
 		rcu_read_unlock();
 	}
-	put_ve(ve);
 
 	net = _net ? : &init_net;
 	dev = dev_get_by_name(net, devname);

More information about the Devel mailing list