| Message ID | 202012150930.0BF9U43D006587@vz7build.vvs.sw.ru |
|---|---|
| State | New |
| Series | "ve/net/core: allow to call setsockopt(SO_RCVBUFFORCE) from Containers" |
| Headers | show
Delivered-To: criupatchwork@gmail.com Received: from imap.gmail.com [108.177.119.109] by patchwork.criu.org with IMAP (fetchmail-6.4.8) for <root@localhost> (single-drop); Tue, 15 Dec 2020 10:30:32 +0100 (CET) Received: by 2002:aa6:c11a:0:b029:a4:55c9:6120 with SMTP id c26csp3616292lkp; Tue, 15 Dec 2020 01:30:29 -0800 (PST) X-Google-Smtp-Source: ABdhPJxsaTZG4MfAI+ceb+8Rq6xh7UNJqysy4ZtFju4/Su93j/TWH+SpwX6DCD0wsHqCsQHIWv6G X-Received: by 2002:a2e:8750:: with SMTP id q16mr1548144ljj.53.1608024629315; Tue, 15 Dec 2020 01:30:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1608024629; cv=none; d=google.com; s=arc-20160816; b=j01PaUiom+cPGaDNEqS0Mf6+43xBfO1QuFsFaQM1zYzWCEAxk7/5sLJFXWz0Ih3tdD O/EY3FgHvrmnCfrRf57Ds71l7oLuxDQpgybq7MxjCph9S4em6cIoaTZeqS8m1Z95X4gC My338P3u8jVzSy2KR80xVEgO8jg1BXTmFUEs/KtVjhE1tyenyIz12tjQyGRrBq821BvO brhPaxSG1f8HoAlb/rKO7WWoZgLkHkjfiOynuOAdcdD8vuvx+nBDLL1+Sgee37LIZE1v YMKDqQBAg1+8PO5fToKI1+OcbrOuybURwx025NUH7ZQwfJrYZ6QE0FlsTCHIeqO+CvUX FljQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :cc:mime-version:in-reply-to:to:from:message-id:date; bh=Rp/ep1JQ7u2vzrdgZJcDOB+4siF9GvmY8u7AIGTR4FM=; b=YUa+/t3P4n3TgOJsjPiWAr4qnvzGY1awvrWLGkOTkWF8XWYgX3HEihhi8h1W58F6t3 03gfq6TZGC5X5ktD22M9eaQqiWVDhAyQ8cWy0+wQISfbSy6O9fXbxmaBe28cbygRYW1L uz0lRaioxaV7Kra3NbVnXJWV5Qs6WAXDuTL1dOylF5zTcu+pI5RNWxF+U1/z4pF9gBYa 42cho7jywqB0hYrlAIx9+6FasXiINUmD6Ht4sGUicmN7rdCMuPKtqgy8vxIcEnHXFpfM hgHElWV/J74Nqy5VNmcb/OHgQdbSJdIEIGd3rXZuWiFoP51iZeYwHht/AODU0/rdYvcM fDLQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of devel-bounces@openvz.org designates 185.231.241.50 as permitted sender) smtp.mailfrom=devel-bounces@openvz.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=virtuozzo.com Return-Path: <devel-bounces@openvz.org> Received: from mail.openvz.org (mail.openvz.org. [185.231.241.50]) by mx.google.com with ESMTPS id x63si399154lff.383.2020.12.15.01.30.28 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 15 Dec 2020 01:30:29 -0800 (PST) Received-SPF: pass (google.com: domain of devel-bounces@openvz.org designates 185.231.241.50 as permitted sender) client-ip=185.231.241.50; Authentication-Results: mx.google.com; spf=pass (google.com: domain of devel-bounces@openvz.org designates 185.231.241.50 as permitted sender) smtp.mailfrom=devel-bounces@openvz.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=virtuozzo.com Received: from localhost.localdomain (localhost [127.0.0.1]) by mail.openvz.org (8.14.4/8.14.4) with ESMTP id 0BF9UJPw029086; Tue, 15 Dec 2020 12:30:20 +0300 Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-db5eur03lp2052.outbound.protection.outlook.com [104.47.10.52]) by mail.openvz.org (8.14.4/8.14.4) with ESMTP id 0BF9UHdY029078 for <devel@openvz.org>; Tue, 15 Dec 2020 12:30:17 +0300 Received: from MR2P264CA0034.FRAP264.PROD.OUTLOOK.COM (2603:10a6:500::22) by VI1PR08MB3838.eurprd08.prod.outlook.com (2603:10a6:803:b8::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.14; Tue, 15 Dec 2020 09:30:17 +0000 Received: from VE1EUR01FT011.eop-EUR01.prod.protection.outlook.com (2603:10a6:500:0:cafe::4f) by MR2P264CA0034.outlook.office365.com (2603:10a6:500::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.17 via Frontend Transport; Tue, 15 Dec 2020 09:30:17 +0000 Authentication-Results: spf=pass (sender IP is 185.231.240.75) smtp.mailfrom=virtuozzo.com; openvz.org; dkim=none (message not signed) header.d=none; openvz.org; dmarc=pass action=none header.from=virtuozzo.com; Received-SPF: Pass (protection.outlook.com: domain of virtuozzo.com designates 185.231.240.75 as permitted sender) receiver=protection.outlook.com; client-ip=185.231.240.75; helo=relay3.sw.ru; Received: from relay3.sw.ru (185.231.240.75) by VE1EUR01FT011.mail.protection.outlook.com (10.152.2.229) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Tue, 15 Dec 2020 09:30:16 +0000 Received: from [172.16.53.199] (helo=vz7build.vvs.sw.ru) by relay3.sw.ru with esmtp (Exim 4.94) (envelope-from <vvs@virtuozzo.com>) id 1kp6eZ-00D6jX-BG; Tue, 15 Dec 2020 12:29:55 +0300 Received: from vz7build.vvs.sw.ru (localhost [127.0.0.1]) by vz7build.vvs.sw.ru (8.14.7/8.14.7) with ESMTP id 0BF9U4ks006588; Tue, 15 Dec 2020 12:30:04 +0300 Received: (from vvs@localhost) by vz7build.vvs.sw.ru (8.14.7/8.14.7/Submit) id 0BF9U43D006587; Tue, 15 Dec 2020 12:30:04 +0300 Date: Tue, 15 Dec 2020 12:30:04 +0300 Message-Id: <202012150930.0BF9U43D006587@vz7build.vvs.sw.ru> X-Authentication-Warning: vz7build.vvs.sw.ru: vvs set sender to vvs@virtuozzo.com using -f From: Vasily Averin <vvs@virtuozzo.com> To: Konstantin Khorenko <khorenko@virtuozzo.com> In-Reply-to: <20201105152053.13921-1-khorenko@virtuozzo.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: 18728427-166a-450e-0629-08d8a0dc0891 X-MS-TrafficTypeDiagnostic: VI1PR08MB3838: X-Forefront-Antispam-Report: CIP:185.231.240.75; CTRY:RU; LANG:en; SCL:-1; SRV:; IPV:CAL; SFV:SKN; H:relay3.sw.ru; PTR:relay.sw.ru; CAT:NONE; SFS:; DIR:INB; X-MS-Oob-TLC-OOBClassifiers: OLM:3631; X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?teWMdnkbtGU89UZNQkVA/NtGFoiHV9/Yj7wDvd5erfuZ3Dvb/PQbPPeorIiJ?= =?us-ascii?Q?i/NPEvXj8UPUKmF/iGy0DA/LsFEaYvkQsJOCxsX5+ERm1YULHGA9m/Bl5UOV?= =?us-ascii?Q?G9Xi9NutG6mK3VfiMvgEJDL+7jaCzmnfjavghTvOuETQcPo5XJtDEFafHnZ/?= =?us-ascii?Q?YHR+RpgBkNHcxTF7h0vnEyvYxHWRDoU0W3eemTljM1zWaGNI0oX1PGPW5Dqy?= =?us-ascii?Q?4O91tnw+Dc2lqGqfIdzR5tn5ZnYUeAs8h+itOqqi8ZSKo+v9GYAr8cy1H4CP?= =?us-ascii?Q?hRgx0iTQsGcgoB0Ctpmyn5vmOT+qTrl993aL2/BY8J8iQwUsEIpvAdkiLF8W?= =?us-ascii?Q?YHf2ZmW1Cc65PyWOZMA+p//JF7xXqYeXont9/U7TaXv0tsnq617C1csPzwV6?= =?us-ascii?Q?SqmS2nvJQAC3lMf2OYgyaf88m0mY0nMpwPoyZCIY4WjGRkZaCCHRnT337aWP?= =?us-ascii?Q?IRn2nYUjJ+rAOC4bAmCFKfPhYDjzFfTOMEF+pT2vU9igUehMfiRbn7c97KuQ?= =?us-ascii?Q?PJf0JZvO4NEOieoIHX6tGF2T7KBzi6fiZbeoUcNubTGGsn3mjKxHDULh/SUU?= =?us-ascii?Q?dtSf3hz7yofPRZsp7K8eKKtTRC9LwdNCJzsa5smv/O82/ZYAYBed7JcDDhKn?= =?us-ascii?Q?hHjrJFWjUJ8FA5qvro97ViUe7BntGuMtJnr9i9wgERGVx0T7i2QXZwPXLtX7?= =?us-ascii?Q?ub5wNqCkbjejwVmLQqGiMvXr1Y8OET5EVhZcUVvK3UmmN1Kyg9Dm+QaZxq/u?= =?us-ascii?Q?A+SBVd17HF42LjblMcNktnptx3k+H2KvDv1cuVOGC9qy+IiWvXGfqmyfhdQy?= =?us-ascii?Q?P1p95lb2hY4UzJ9X1HkOiqbCWk/Q9ghslqNLw7OVN33GMwoHnOI82bz1cCzj?= =?us-ascii?Q?3U5HDETnoL5rCzQxfIoj9a1zVo/sQiyoSoCTxONq6iAoHUX/9S7lNaAZcsNg?= =?us-ascii?Q?H1zV+dPfAYHtcFaYsHlb711JVvf+lovKDwIxWBOsoDFw0W9lBF1aQwrbyUhG?= =?us-ascii?Q?6Dr6WDx4mjQebRc/fQXW9Ej0xXshyS2KfGbutjPjeaiPD0Zcq7SnqiFvp1o8?= =?us-ascii?Q?93CpK17V93/Rrbww9kChO0pgz3NmDjJhfosgiziZf5/T9wkAjV17YJ2PmXzP?= =?us-ascii?Q?itTzJx0/1a9LzO8Yh5CweciPzwkHzOAtRiiqDaEUzwbL4DysQpnAx7ScrxNI?= =?us-ascii?Q?dIzSVYZ8Ourf8ZlCXOawUv5itmZK7opv+6su8HQ56URMLJ6hp1tEhKofTpyC?= =?us-ascii?Q?O5kOPhE6QT0LP+vgkVgLx0Ppt5cGl1k2i7WVq0QSCpdnBBDJBnFhb+lf4Yuz?= =?us-ascii?Q?G3ISPOFyR24BuFO51oVAhQF0FvTI1HDaX9QiChA+adFJGbtbm8jJOYT0GGQb?= =?us-ascii?Q?RBTV1WvpCD++bPA4GuaPmq9Ku4G3rdqxNCJS6OJHl5mAmWdTJjUOPijocpz1?= =?us-ascii?Q?LvqmfnTMymIRUQXaAbeHPMqBsg2Fb5bLRvY8BQzs4rLfRg3nzNIAYtqcIfWR?= =?us-ascii?Q?hUFWvcx/24nDIJAdftUlxXpMb9cyXK7D8kxZmI6o7O3kBoMJUat5sYo1og?= =?us-ascii?Q?=3D=3D?= X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Dec 2020 09:30:16.9876 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 18728427-166a-450e-0629-08d8a0dc0891 X-MS-Exchange-CrossTenant-Id: 0bc7f26d-0264-416e-a6fc-8352af79c58f X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=0bc7f26d-0264-416e-a6fc-8352af79c58f; Ip=[185.231.240.75]; Helo=[relay3.sw.ru] X-MS-Exchange-CrossTenant-AuthSource: VE1EUR01FT011.eop-EUR01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB3838 X-MS-Exchange-CrossPremises-OriginalClientIPAddress: 185.231.240.75 X-MS-Exchange-CrossPremises-TransportTrafficType: Email X-MS-Exchange-CrossPremises-AuthSource: VE1EUR01FT011.eop-EUR01.prod.protection.outlook.com X-MS-Exchange-CrossPremises-AuthAs: Anonymous X-MS-Exchange-CrossPremises-SCL: -1 X-MS-Exchange-CrossPremises-Processed-By-Journaling: Journal Agent X-OrganizationHeadersPreserved: VI1PR08MB3838.eurprd08.prod.outlook.com Cc: OpenVZ devel <devel@openvz.org> Subject: [Devel] [PATCH RHEL7 COMMIT] ve/net/core: allow to call setsockopt(SO_RCVBUFFORCE) from Containers X-BeenThere: devel@openvz.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: OpenVZ development <devel.openvz.org> List-Unsubscribe: <https://lists.openvz.org/mailman/options/devel>, <mailto:devel-request@openvz.org?subject=unsubscribe> List-Archive: <http://lists.openvz.org/pipermail/devel/> List-Post: <mailto:devel@openvz.org> List-Help: <mailto:devel-request@openvz.org?subject=help> List-Subscribe: <https://lists.openvz.org/mailman/listinfo/devel>, <mailto:devel-request@openvz.org?subject=subscribe> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: devel-bounces@openvz.org Errors-To: devel-bounces@openvz.org |
diff --git a/net/core/sock.c b/net/core/sock.c index 07ea42f..44e91c8 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -793,6 +793,7 @@ set_sndbuf: goto set_sndbuf; case SO_RCVBUF: +unpriv_rcvbuf: /* Don't error on this BSD doesn't and if you think * about it this is right. Otherwise apps have to * play 'guess the biggest size' games. RCVBUF/SNDBUF @@ -824,11 +825,15 @@ set_rcvbuf: break; case SO_RCVBUFFORCE: - if (!capable(CAP_NET_ADMIN)) { + if (!ve_capable(CAP_NET_ADMIN)) { ret = -EPERM; break; } + /* nft utility uses this sockopt in CentOS 8 env */ + if (!ve_is_super(get_exec_env())) + goto unpriv_rcvbuf; + /* No negative values (to prevent underflow, as val will be * multiplied by 2). */
The commit is pushed to "branch-rh7-3.10.0-1160.6.1.vz7.171.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git after rh7-3.10.0-1160.6.1.vz7.171.4 ------> commit bd3e846de350fcff5cfdcd6133adb7c610b3a4af Author: Konstantin Khorenko <khorenko@virtuozzo.com> Date: Tue Dec 15 12:30:04 2020 +0300 ve/net/core: allow to call setsockopt(SO_RCVBUFFORCE) from Containers "nft" util (in CentOS 8 environment) does use setsockopt(SO_RCVBUFFORCE) unconditionally, so we have to allow it from inside a Container. At the same time we don't want to allow a Container to set too much memory for a socket, so just threat SO_RCVBUFFORCE like SO_RCVBUF if called inside a Container. Simple rule to test: # NFT=/usr/sbin/nft ./run-tests.sh -v -g testcases/nft-f/0011manydefines_0 which fails inside a Container because of not enough rcb buffer because of failed setsockopt(3, SOL_SOCKET, SO_RCVBUFFORCE, [10561584], 4) = -1 EPERM (Operation not permitted) Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com> --- net/core/sock.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-)