[Devel] [VZ10 04/21] ve: Fix ve.h when !CONFIG_VE
Vasileios Almpanis
vasileios.almpanis at virtuozzo.com
Fri May 15 14:15:07 MSK 2026
On 5/7/26 9:10 PM, Vladimir Riabchun wrote:
> 1. init_task.h contains init_cred and init_user_ns declarations and it
> also includes ve_namespace.h. Because of this init_task.h include in
> ve.h has no effect, leading to compilation error:
> In file included from ./include/linux/ve_namespace.h:9,
> from ./include/linux/init_task.h:13,
> from kernel/nsproxy.c:15:
> ./include/linux/ve.h: In function 'current_user_ns_initial':
> ./include/linux/ve.h:308:37: error: 'init_cred' undeclared
> 308 | return current_user_ns() == init_cred.user_ns;
> | ^~~~~~~~~
> | put_cred
>
> 2. Function neq_eq requires net_namespace.h include.
> 3. Bunch of functions lack of non-VE variants.
> 4. Some places use get_ve result, don't void it.
> 5. Make ve_feature_set is a simple bool value
Make ve_feature_set a simple bool value (remove is)
> https://virtuozzo.atlassian.net/browse/VSTOR-130116
>
> Feature: !CONFIG_VE build
> Signed-off-by: Vladimir Riabchun <vladimir.riabchun at virtuozzo.com>
> ---
> include/linux/ve.h | 57 ++++++++++++++++++++++++++++++++++++++++++++--
> 1 file changed, 55 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/ve.h b/include/linux/ve.h
> index c64860664b62..73d334de22c9 100644
> --- a/include/linux/ve.h
> +++ b/include/linux/ve.h
> @@ -291,7 +291,27 @@ static inline struct vdso_image *ve_get_vdso_64(struct ve_struct *ve)
>
> #else /* CONFIG_VE */
> #include <linux/init_task.h>
> -#define get_ve(ve) ((void)(ve), NULL)
> +#include <net/net_namespace.h>
> +
> +extern struct cred init_cred;
> +extern struct user_namespace init_user_ns;
> +extern struct net init_net;
> +
> +static inline void ve_add_to_release_list(struct cgroup *cgrp) {}
> +static inline void ve_rm_from_release_list(struct cgroup *cgrp) {}
> +static inline const char *ve_ra_data_get_path_locked(struct ve_struct *ve,
> + struct cgroup_root *cgroot)
> +{
> + return NULL;
> +}
> +static inline int ve_ra_data_set(struct ve_struct *ve, struct cgroup_root *cgroot,
> + const char *release_agent)
> +{
> + return 0;
> +}
> +static inline void cgroot_ve_cleanup_ra_data(struct cgroup_root *cgroot) {}
> +
> +#define get_ve(ve) (ve)
> #define put_ve(ve) do { (void)(ve); } while (0)
>
> DEFINE_FREE(put_ve, struct ve_struct *, if (_T) put_ve(_T))
> @@ -306,12 +326,40 @@ static inline struct ve_struct *get_task_ve(struct task_struct *task)
> return NULL;
> }
>
> +static inline struct cgroup_subsys_state *ve_get_init_css(struct ve_struct *ve, int subsys_id)
> +{
> + /* ve_get_init_css must be unreachable,
> + *seems like it is called only when !ve_is_super(ve). Report violation here.
> + */
> + BUG_ON(1);
> + return NULL;
> +}
> +
> +
> +static inline pid_t task_pid_ve_nr(struct task_struct *tsk)
> +{
> + return task_pid_nr(tsk);
> +}
> +
> +static inline struct time_namespace *ve_get_time_ns(struct ve_struct *ve)
> +{
> + return NULL;
> +}
> +
> static inline void ve_stop_ns(struct pid_namespace *ns) { }
> static inline void ve_exit_ns(struct pid_namespace *ns) { }
> +static inline bool ve_check_trusted_exec(struct file *file, struct filename *name)
> +{
> + return true;
> +}
> +static inline bool ve_check_trusted_mmap(struct file *file)
> +{
> + return true;
> +}
>
> static inline void ve_set_state(struct ve_struct *ve, int new_state) {}
>
> -#define ve_feature_set(ve, f) { true; }
> +#define ve_feature_set(ve, f) (true)
>
> static inline bool current_user_ns_initial(void)
> {
> @@ -323,6 +371,11 @@ static inline struct user_namespace *ve_init_user_ns(void)
> return &init_user_ns;
> }
>
> +static inline int ve_net_hide_sysctl(struct net *net)
> +{
> + return 0;
> +}
> +
> static inline bool is_ve_init_net(const struct net *net)
> {
> return net_eq(net, &init_net);
--
Best regards, Vasileios Almpanis
Software Developer, Virtuozzo.
More information about the Devel
mailing list