[RH7] ve/sunrpc: prohibit mounting rpc_pipefs in CT without nfsd feature

Submitted by Pavel Tikhomirov on Sept. 6, 2018, 1:18 p.m.

Details

Message ID 20180906131824.18661-1-ptikhomirov@virtuozzo.com
State New
Series "ve/sunrpc: prohibit mounting rpc_pipefs in CT without nfsd feature"
Headers show

Commit Message

Pavel Tikhomirov Sept. 6, 2018, 1:18 p.m.
We need rpc_pipefs for nfs server, but it breaks criu migration as
opened /var/lib/nfs/rpc_pipefs/nfs/clntX files are not supported yet.
Thus only allow mounting rpc_pipefs if CT has "--features nfsd:on".

https://jira.sw.ru/browse/PSBM-87836
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
---
 net/sunrpc/rpc_pipe.c | 7 +++++++
 1 file changed, 7 insertions(+)

Patch hide | download patch | download mbox

diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c
index 62d442aad553..868d657e5cb2 100644
--- a/net/sunrpc/rpc_pipe.c
+++ b/net/sunrpc/rpc_pipe.c
@@ -31,6 +31,9 @@ 
 #include <linux/nsproxy.h>
 #include <linux/notifier.h>
 
+#include <uapi/linux/vzcalluser.h>
+#include <linux/ve.h>
+
 #include "netns.h"
 #include "sunrpc.h"
 
@@ -1458,6 +1461,10 @@  rpc_mount(struct file_system_type *fs_type,
 		int flags, const char *dev_name, void *data)
 {
 	struct net *net = current->nsproxy->net_ns;
+
+	if (!(get_exec_env()->features & VE_FEATURE_NFSD))
+		return ERR_PTR(-ENODEV);
+
 	return mount_ns(fs_type, flags, data, net, net->user_ns, rpc_fill_super);
 }
 

Comments

Vasily Averin Sept. 6, 2018, 1:32 p.m.
I afraid it will not allow to mount this filesystem even in VE0

On 09/06/2018 04:18 PM, Pavel Tikhomirov wrote:
> We need rpc_pipefs for nfs server, but it breaks criu migration as
> opened /var/lib/nfs/rpc_pipefs/nfs/clntX files are not supported yet.
> Thus only allow mounting rpc_pipefs if CT has "--features nfsd:on".
> 
> https://jira.sw.ru/browse/PSBM-87836
> Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
> ---
>  net/sunrpc/rpc_pipe.c | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c
> index 62d442aad553..868d657e5cb2 100644
> --- a/net/sunrpc/rpc_pipe.c
> +++ b/net/sunrpc/rpc_pipe.c
> @@ -31,6 +31,9 @@
>  #include <linux/nsproxy.h>
>  #include <linux/notifier.h>
>  
> +#include <uapi/linux/vzcalluser.h>
> +#include <linux/ve.h>
> +
>  #include "netns.h"
>  #include "sunrpc.h"
>  
> @@ -1458,6 +1461,10 @@ rpc_mount(struct file_system_type *fs_type,
>  		int flags, const char *dev_name, void *data)
>  {
>  	struct net *net = current->nsproxy->net_ns;
> +
> +	if (!(get_exec_env()->features & VE_FEATURE_NFSD))
> +		return ERR_PTR(-ENODEV);
> +
>  	return mount_ns(fs_type, flags, data, net, net->user_ns, rpc_fill_super);
>  }
>  
>
Pavel Tikhomirov Sept. 6, 2018, 1:39 p.m.
We have all features for ve0:

struct ve_struct ve0 = {
...
         .features               = -1,

crash> p -x ve0.features
$2 = 0xffffffffffffffff

On 09/06/2018 04:32 PM, Vasily Averin wrote:
> I afraid it will not allow to mount this filesystem even in VE0
> 
> On 09/06/2018 04:18 PM, Pavel Tikhomirov wrote:
>> We need rpc_pipefs for nfs server, but it breaks criu migration as
>> opened /var/lib/nfs/rpc_pipefs/nfs/clntX files are not supported yet.
>> Thus only allow mounting rpc_pipefs if CT has "--features nfsd:on".
>>
>> https://jira.sw.ru/browse/PSBM-87836
>> Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
>> ---
>>   net/sunrpc/rpc_pipe.c | 7 +++++++
>>   1 file changed, 7 insertions(+)
>>
>> diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c
>> index 62d442aad553..868d657e5cb2 100644
>> --- a/net/sunrpc/rpc_pipe.c
>> +++ b/net/sunrpc/rpc_pipe.c
>> @@ -31,6 +31,9 @@
>>   #include <linux/nsproxy.h>
>>   #include <linux/notifier.h>
>>   
>> +#include <uapi/linux/vzcalluser.h>
>> +#include <linux/ve.h>
>> +
>>   #include "netns.h"
>>   #include "sunrpc.h"
>>   
>> @@ -1458,6 +1461,10 @@ rpc_mount(struct file_system_type *fs_type,
>>   		int flags, const char *dev_name, void *data)
>>   {
>>   	struct net *net = current->nsproxy->net_ns;
>> +
>> +	if (!(get_exec_env()->features & VE_FEATURE_NFSD))
>> +		return ERR_PTR(-ENODEV);
>> +
>>   	return mount_ns(fs_type, flags, data, net, net->user_ns, rpc_fill_super);
>>   }
>>   
>>
Vasily Averin Sept. 6, 2018, 1:48 p.m.
I prefer to use ve_is_super() check here
but it is up to you.

Reviewed-by:	Vasily Averin <vvs@virtuozzo.com>

On 09/06/2018 04:39 PM, Pavel Tikhomirov wrote:
> We have all features for ve0:
> 
> struct ve_struct ve0 = {
> ...
>         .features               = -1,
> 
> crash> p -x ve0.features
> $2 = 0xffffffffffffffff
> 
> On 09/06/2018 04:32 PM, Vasily Averin wrote:
>> I afraid it will not allow to mount this filesystem even in VE0
>>
>> On 09/06/2018 04:18 PM, Pavel Tikhomirov wrote:
>>> We need rpc_pipefs for nfs server, but it breaks criu migration as
>>> opened /var/lib/nfs/rpc_pipefs/nfs/clntX files are not supported yet.
>>> Thus only allow mounting rpc_pipefs if CT has "--features nfsd:on".
>>>
>>> https://jira.sw.ru/browse/PSBM-87836
>>> Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
>>> ---
>>>   net/sunrpc/rpc_pipe.c | 7 +++++++
>>>   1 file changed, 7 insertions(+)
>>>
>>> diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c
>>> index 62d442aad553..868d657e5cb2 100644
>>> --- a/net/sunrpc/rpc_pipe.c
>>> +++ b/net/sunrpc/rpc_pipe.c
>>> @@ -31,6 +31,9 @@
>>>   #include <linux/nsproxy.h>
>>>   #include <linux/notifier.h>
>>>   +#include <uapi/linux/vzcalluser.h>
>>> +#include <linux/ve.h>
>>> +
>>>   #include "netns.h"
>>>   #include "sunrpc.h"
>>>   @@ -1458,6 +1461,10 @@ rpc_mount(struct file_system_type *fs_type,
>>>           int flags, const char *dev_name, void *data)
>>>   {
>>>       struct net *net = current->nsproxy->net_ns;
>>> +
>>> +    if (!(get_exec_env()->features & VE_FEATURE_NFSD))
>>> +        return ERR_PTR(-ENODEV);
>>> +
>>>       return mount_ns(fs_type, flags, data, net, net->user_ns, rpc_fill_super);
>>>   }
>>>  
>