[RHEL7,COMMIT] ve/proc/block: show /proc/diskstats inside a Container

Submitted by Konstantin Khorenko on Feb. 28, 2020, 10:05 a.m.

Details

Message ID 202002281005.01SA5Uox030023@finist-ce7.sw.ru
State New
Series "enable running Kubernetes inside a Container"
Headers show

Commit Message

Konstantin Khorenko Feb. 28, 2020, 10:05 a.m.
The commit is pushed to "branch-rh7-3.10.0-1062.12.1.vz7.131.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1062.12.1.vz7.131.5
------>
commit 5d1e9a47239b6ff7fc071e1ce56cac7e93526713
Author: Konstantin Khorenko <khorenko@virtuozzo.com>
Date:   Fri Feb 28 13:05:30 2020 +0300

    ve/proc/block: show /proc/diskstats inside a Container
    
    The proc file is virtualized, so it contains stats for only those block
    devices which are allowed by device cgroup related to the Container.
    
    https://jira.sw.ru/browse/PSBM-90491
    https://jira.sw.ru/browse/PSBM-92107
    
    Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com>
---
 block/genhd.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/block/genhd.c b/block/genhd.c
index 60763963318ef..5c2e3d0dc3542 100644
--- a/block/genhd.c
+++ b/block/genhd.c
@@ -1271,6 +1271,7 @@  EXPORT_SYMBOL(disk_type);
  */
 static int diskstats_show(struct seq_file *seqf, void *v)
 {
+	struct ve_struct *ve = get_exec_env();
 	struct gendisk *gp = v;
 	struct disk_part_iter piter;
 	struct hd_struct *hd;
@@ -1288,6 +1289,11 @@  static int diskstats_show(struct seq_file *seqf, void *v)
 
 	disk_part_iter_init(&piter, gp, DISK_PITER_INCL_EMPTY_PART0);
 	while ((hd = disk_part_iter_next(&piter))) {
+		if (!ve_is_super(ve) &&
+			(devcgroup_device_permission(S_IFBLK, part_devt(hd),
+						     MAY_READ)))
+				continue;
+
 		cpu = part_stat_lock();
 		part_round_stats(gp->queue, cpu, hd);
 		part_stat_unlock();
@@ -1335,7 +1341,7 @@  static const struct file_operations proc_diskstats_operations = {
 
 static int __init proc_genhd_init(void)
 {
-	proc_create("diskstats", 0, NULL, &proc_diskstats_operations);
+	proc_create("diskstats", S_ISVTX, NULL, &proc_diskstats_operations);
 	proc_create("partitions", S_ISVTX, NULL, &proc_partitions_operations);
 	return 0;
 }