[Devel] [PATCH VZ10 3/8] ve/mntns: thread owning ve through alloc_mnt_ns/copy_mnt_ns
Vasileios Almpanis
vasileios.almpanis at virtuozzo.com
Thu Apr 30 11:19:10 MSK 2026
Reviewed-by: Vasileios Almpanis <vasileios.almpanis at virtuozzo.com>
On 4/29/26 3:41 PM, Pavel Tikhomirov wrote:
> Add new_ve parameter to alloc_mnt_ns() and copy_mnt_ns(). NULL preserves
> the existing behaviour of taking current ve via get_exec_env().
>
> This will be used to derive correct ownership of newly created mounts in
> case of simultaneous creation of new ve namespace and mount namespace,
> were we would like new mounts to have the new ve as an owner.
>
> There is no change in behaviour yet: create_new_namespaces() still uses
> NULL.
>
> https://virtuozzo.atlassian.net/browse/VSTOR-129744
> Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
> Feature: ve: ve generic structures
> ---
> fs/namespace.c | 21 ++++++++++++---------
> include/linux/mnt_namespace.h | 4 +++-
> kernel/nsproxy.c | 3 ++-
> 3 files changed, 17 insertions(+), 11 deletions(-)
>
> diff --git a/fs/namespace.c b/fs/namespace.c
> index ba2cee9a6db1..865635366fd7 100644
> --- a/fs/namespace.c
> +++ b/fs/namespace.c
> @@ -2239,7 +2239,8 @@ struct vfsmount *collect_mounts(const struct path *path)
> }
>
> static void free_mnt_ns(struct mnt_namespace *);
> -static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *, bool);
> +static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *, bool,
> + struct ve_struct *);
>
> void dissolve_on_fput(struct vfsmount *mnt)
> {
> @@ -2867,7 +2868,7 @@ static int do_loopback(struct path *path, const char *old_name,
> static struct file *open_detached_copy(struct path *path, bool recursive)
> {
> struct user_namespace *user_ns = current->nsproxy->mnt_ns->user_ns;
> - struct mnt_namespace *ns = alloc_mnt_ns(user_ns, true);
> + struct mnt_namespace *ns = alloc_mnt_ns(user_ns, true, NULL);
> struct mount *mnt, *p;
> struct file *file;
>
> @@ -4163,7 +4164,8 @@ static void free_mnt_ns(struct mnt_namespace *ns)
> */
> static atomic64_t mnt_ns_seq = ATOMIC64_INIT(1);
>
> -static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns, bool anon)
> +static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns,
> + bool anon, struct ve_struct *new_ve)
> {
> struct mnt_namespace *new_ns;
> struct ucounts *ucounts;
> @@ -4203,14 +4205,15 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns, bool a
> new_ns->user_ns = get_user_ns(user_ns);
> new_ns->ucounts = ucounts;
> #ifdef CONFIG_VE
> - new_ns->ve_owner = get_ve(get_exec_env());
> + new_ns->ve_owner = get_ve(new_ve ?: get_exec_env());
> #endif
> return new_ns;
> }
>
> __latent_entropy
> struct mnt_namespace *copy_mnt_ns(unsigned long flags, struct mnt_namespace *ns,
> - struct user_namespace *user_ns, struct fs_struct *new_fs)
> + struct user_namespace *user_ns, struct fs_struct *new_fs,
> + struct ve_struct *new_ve)
> {
> struct mnt_namespace *new_ns;
> struct vfsmount *rootmnt = NULL, *pwdmnt = NULL;
> @@ -4228,7 +4231,7 @@ struct mnt_namespace *copy_mnt_ns(unsigned long flags, struct mnt_namespace *ns,
>
> old = ns->root;
>
> - new_ns = alloc_mnt_ns(user_ns, false);
> + new_ns = alloc_mnt_ns(user_ns, false, new_ve);
> if (IS_ERR(new_ns))
> return new_ns;
>
> @@ -4304,7 +4307,7 @@ struct dentry *mount_subtree(struct vfsmount *m, const char *name)
> struct path path;
> int err;
>
> - ns = alloc_mnt_ns(&init_user_ns, true);
> + ns = alloc_mnt_ns(&init_user_ns, true, NULL);
> if (IS_ERR(ns)) {
> mntput(m);
> return ERR_CAST(ns);
> @@ -4483,7 +4486,7 @@ SYSCALL_DEFINE3(fsmount, int, fs_fd, unsigned int, flags,
> */
> vfs_clean_context(fc);
>
> - ns = alloc_mnt_ns(current->nsproxy->mnt_ns->user_ns, true);
> + ns = alloc_mnt_ns(current->nsproxy->mnt_ns->user_ns, true, NULL);
> if (IS_ERR(ns)) {
> ret = PTR_ERR(ns);
> goto err_path;
> @@ -5794,7 +5797,7 @@ static void __init init_mount_tree(void)
> if (IS_ERR(mnt))
> panic("Can't create rootfs");
>
> - ns = alloc_mnt_ns(&init_user_ns, false);
> + ns = alloc_mnt_ns(&init_user_ns, false, NULL);
> if (IS_ERR(ns))
> panic("Can't allocate initial namespace");
> m = real_mount(mnt);
> diff --git a/include/linux/mnt_namespace.h b/include/linux/mnt_namespace.h
> index 70b366b64816..61a26bc99813 100644
> --- a/include/linux/mnt_namespace.h
> +++ b/include/linux/mnt_namespace.h
> @@ -10,9 +10,11 @@ struct mnt_namespace;
> struct fs_struct;
> struct user_namespace;
> struct ns_common;
> +struct ve_struct;
>
> extern struct mnt_namespace *copy_mnt_ns(unsigned long, struct mnt_namespace *,
> - struct user_namespace *, struct fs_struct *);
> + struct user_namespace *, struct fs_struct *,
> + struct ve_struct *);
> extern void put_mnt_ns(struct mnt_namespace *ns);
> DEFINE_FREE(put_mnt_ns, struct mnt_namespace *, if (!IS_ERR_OR_NULL(_T)) put_mnt_ns(_T))
> extern struct ns_common *from_mnt_ns(struct mnt_namespace *);
> diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c
> index 2827d4f277ad..12de23ec80bf 100644
> --- a/kernel/nsproxy.c
> +++ b/kernel/nsproxy.c
> @@ -76,7 +76,8 @@ static struct nsproxy *create_new_namespaces(unsigned long flags,
> if (!new_nsp)
> return ERR_PTR(-ENOMEM);
>
> - new_nsp->mnt_ns = copy_mnt_ns(flags, tsk->nsproxy->mnt_ns, user_ns, new_fs);
> + new_nsp->mnt_ns = copy_mnt_ns(flags, tsk->nsproxy->mnt_ns, user_ns,
> + new_fs, NULL);
> if (IS_ERR(new_nsp->mnt_ns)) {
> err = PTR_ERR(new_nsp->mnt_ns);
> goto out_ns;
--
Best regards, Vasileios Almpanis
Software Developer, Virtuozzo.
More information about the Devel
mailing list