[RHEL8,COMMIT] ve/ext4: treat panic_on_errors as remount-ro_on_errors in CTs

Submitted by Konstantin Khorenko on March 4, 2021, 10:39 a.m.

Details

Message ID 202103041039.124AdLun551487@finist-co8.sw.ru
State New
Series "Series without cover letter"
Headers show

Commit Message

Konstantin Khorenko March 4, 2021, 10:39 a.m.
The commit is pushed to "branch-rh8-4.18.0-240.1.1.vz8.5.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh8-4.18.0-240.1.1.vz8.5.5
------>
commit 1d96aad041d18aec94fe910cfa3a1e8ff737e91f
Author: Dmitry Monakhov <dmonakhov@openvz.org>
Date:   Thu Mar 4 13:39:20 2021 +0300

    ve/ext4: treat panic_on_errors as remount-ro_on_errors in CTs
    
    This is a port from 2.6.32-x of:
    
            * diff-ext4-in-containers-treat-panic_on_errors-as-remount-ro_on_errors
    
            ext4: in containers treat errors=panic as
    
            Container can explode whole node if it remounts its ploop
            with option 'errors=panic' and triggers abort after that.
    
            Signed-off-by: Konstantin Khlebnikov <khlebnikov@openvz.org>
            Acked-by: Maxim V. Patlasov <mpatlasov@parallels.com>
    
    Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
    
    khorenko@: currently we have devmnt->allowed_options options which are
    configured via userspace and currently vzctl provides empty list.
    This is an additional check - just in case someone get secondary
    ploop image with 'errors=panic' mount option saved in the image
    and mounts it from inside a CT.
    
    Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
---
 fs/ext4/super.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

Patch hide | download patch | download mbox

diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 74cad98d6bfd..0c7afda8647a 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -1848,6 +1848,7 @@  static int clear_qf_name(struct super_block *sb, int qtype)
 #define MOPT_NO_EXT3	0x0200
 #define MOPT_EXT4_ONLY	(MOPT_NO_EXT2 | MOPT_NO_EXT3)
 #define MOPT_STRING	0x0400
+#define MOPT_WANT_SYS_ADMIN	0x0800
 
 static const struct mount_opts {
 	int	token;
@@ -1880,7 +1881,7 @@  static const struct mount_opts {
 				    EXT4_MOUNT_JOURNAL_CHECKSUM),
 	 MOPT_EXT4_ONLY | MOPT_SET | MOPT_EXPLICIT},
 	{Opt_noload, EXT4_MOUNT_NOLOAD, MOPT_NO_EXT2 | MOPT_SET},
-	{Opt_err_panic, EXT4_MOUNT_ERRORS_PANIC, MOPT_SET | MOPT_CLEAR_ERR},
+	{Opt_err_panic, EXT4_MOUNT_ERRORS_PANIC, MOPT_SET | MOPT_CLEAR_ERR|MOPT_WANT_SYS_ADMIN},
 	{Opt_err_ro, EXT4_MOUNT_ERRORS_RO, MOPT_SET | MOPT_CLEAR_ERR},
 	{Opt_err_cont, EXT4_MOUNT_ERRORS_CONT, MOPT_SET | MOPT_CLEAR_ERR},
 	{Opt_data_err_abort, EXT4_MOUNT_DATA_ERR_ABORT,
@@ -2024,6 +2025,9 @@  static int handle_mount_opt(struct super_block *sb, char *opt, int token,
 	}
 	if (m->flags & MOPT_CLEAR_ERR)
 		clear_opt(sb, ERRORS_MASK);
+	if (m->flags & MOPT_WANT_SYS_ADMIN && !capable(CAP_SYS_ADMIN))
+		return 1;
+
 	if (token == Opt_noquota && sb_any_quota_loaded(sb)) {
 		ext4_msg(sb, KERN_ERR, "Cannot change quota "
 			 "options when quota turned on");
@@ -3953,8 +3957,12 @@  static int ext4_fill_super(struct super_block *sb, void *data, int silent)
 	else if ((def_mount_opts & EXT4_DEFM_JMODE) == EXT4_DEFM_JMODE_WBACK)
 		set_opt(sb, WRITEBACK_DATA);
 
-	if (le16_to_cpu(sbi->s_es->s_errors) == EXT4_ERRORS_PANIC)
-		set_opt(sb, ERRORS_PANIC);
+	if (le16_to_cpu(sbi->s_es->s_errors) == EXT4_ERRORS_PANIC) {
+		if (capable(CAP_SYS_ADMIN))
+			set_opt(sb, ERRORS_PANIC);
+		else
+			set_opt(sb, ERRORS_RO);
+	}
 	else if (le16_to_cpu(sbi->s_es->s_errors) == EXT4_ERRORS_CONTINUE)
 		set_opt(sb, ERRORS_CONT);
 	else