[Devel] [PATCH VZ10 v2 05/12] ve_namespace: Move cgroup ve_attach() operations to namespace join path

Konstantin Khorenko khorenko at virtuozzo.com
Fri Dec 12 18:44:52 MSK 2025 

On 12/10/25 11:34, Pavel Tikhomirov wrote:
> Move operations previously done in the process of joining ve cgroup in
> ve_attach() to ve_setup_task() helper and call it from ve namespace join
> paths.
> 
> This is another step in making the process' ve to be namespace based,
> similar to what we did for ->task_ve.
> 
> https://virtuozzo.atlassian.net/browse/VSTOR-119941
> Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
> 
> Feature: ve: ve generic structures
> ---
>   include/linux/ve.h       |  4 ++++
>   kernel/ve/ve.c           | 52 +++++++++++++++++++---------------------
>   kernel/ve/ve_namespace.c |  5 ++++
>   3 files changed, 33 insertions(+), 28 deletions(-)
> 
> diff --git a/include/linux/ve.h b/include/linux/ve.h
> index cd0e855d38f1..4a42f16c259a 100644
> --- a/include/linux/ve.h
> +++ b/include/linux/ve.h
> @@ -275,6 +275,8 @@ int ve_net_hide_sysctl(struct net *net);
>   
>   extern bool is_ve_init_net(const struct net *net);
>   
> +void ve_setup_task(struct task_struct *p, struct ve_struct *ve);
> +
>   #else	/* CONFIG_VE */
>   #include <linux/init_task.h>
>   #define get_ve(ve)	((void)(ve), NULL)
> @@ -330,6 +332,8 @@ static inline struct cgroup_subsys_state *css_ve_root1(
>   static inline int vz_security_family_check(struct net *net, int family, int type) { return 0; }
>   static inline int vz_security_protocol_check(struct net *net, int protocol) { return 0; }
>   
> +static inline void ve_setup_task(struct task_struct *p, struct ve_struct *ve) { }
> +
>   #endif	/* CONFIG_VE */
>   
>   struct seq_file;
> diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c
> index 5d28d78a74da..61448af310c7 100644
> --- a/kernel/ve/ve.c
> +++ b/kernel/ve/ve.c
> @@ -1171,33 +1171,6 @@ static int ve_can_attach(struct cgroup_taskset *tset)
>   	return ve_is_attachable(tset);
>   }
>   
> -static void ve_attach(struct cgroup_taskset *tset)
> -{
> -	struct cgroup_subsys_state *css;
> -	struct task_struct *task;
> -	extern struct cpuid_override_table __rcu *cpuid_override;
> -
> -	cgroup_taskset_for_each(task, css, tset) {
> -		struct ve_struct *ve = css_to_ve(css);
> -
> -		/* this probihibts ptracing of task entered to VE from host system */

probihits

> -		if (VE_IS_RUNNING(ve) && task->mm)
> -			task->mm->vps_dumpable = VD_VE_ENTER_TASK;
> -
> -		/* Drop OOM protection. */
> -		task->signal->oom_score_adj = 0;
> -		task->signal->oom_score_adj_min = 0;
> -
> -		/* Leave parent exec domain */
> -		task->parent_exec_id--;
> -
> -		ve_set_task_start_time(ve, task);
> -
> -		if (cpuid_override_on())
> -			set_tsk_thread_flag(task, TIF_CPUID_OVERRIDE);
> -	}
> -}
> -
>   static int ve_state_show(struct seq_file *sf, void *v)
>   {
>   	struct cgroup_subsys_state *css = seq_css(sf);
> @@ -1904,7 +1877,6 @@ struct cgroup_subsys ve_cgrp_subsys = {
>   	.css_offline	= ve_offline,
>   	.css_free	= ve_destroy,
>   	.can_attach	= ve_can_attach,
> -	.attach		= ve_attach,
>   	.legacy_cftypes	= ve_cftypes,
>   	.dfl_cftypes	= ve_cftypes,
>   };
> @@ -2051,4 +2023,28 @@ int ve_get_cpu_stat(struct ve_struct *ve, struct kernel_cpustat *kstat)
>   	return err;
>   }
>   EXPORT_SYMBOL(ve_get_cpu_stat);
> +
> +void ve_setup_task(struct task_struct *task, struct ve_struct *ve)
> +{
> +	if (ve == &ve0)
> +		return;
> +
> +	/* this probihibts ptracing of task entered to VE from host system */
> +	if (VE_IS_RUNNING(ve) && task->mm)
> +		task->mm->vps_dumpable = VD_VE_ENTER_TASK;
> +
> +	/* Drop OOM protection. */
> +	task->signal->oom_score_adj = 0;
> +	task->signal->oom_score_adj_min = 0;
> +
> +	/* Leave parent exec domain */
> +	task->parent_exec_id--;
> +
> +	ve_set_task_start_time(ve, task);
> +
> +	if (cpuid_override_on())
> +		set_tsk_thread_flag(task, TIF_CPUID_OVERRIDE);
> +}
> +EXPORT_SYMBOL(ve_setup_task);
> +
>   #endif /* CONFIG_CGROUP_SCHED */
> diff --git a/kernel/ve/ve_namespace.c b/kernel/ve/ve_namespace.c
> index 9df82c95f3d5..c8f89f57ab03 100644
> --- a/kernel/ve/ve_namespace.c
> +++ b/kernel/ve/ve_namespace.c
> @@ -92,6 +92,9 @@ int copy_ve_ns(unsigned long flags, struct task_struct *p)
>   
>   	p->ve_ns = new_ve_ns;
>   	p->task_ve = new_ve_ns->ve;
> +
> +	ve_setup_task(p, p->task_ve);
> +
>   	return 0;
>   }
>   
> @@ -143,6 +146,8 @@ void switch_ve_namespace(struct task_struct *p, struct ve_namespace *new)
>   
>   	if (old)
>   		put_ve_ns(old);
> +
> +	ve_setup_task(p, p->task_ve);
>   }
>   
>   void exit_ve_namespace(struct task_struct *p)

More information about the Devel mailing list