[RH7] ve: Add option allowing ioctl(FITRIM) from inside CT

Submitted by Kirill Tkhai on March 12, 2021, 12:14 p.m.

Details

Message ID 161555125003.95142.5917433245776610878.stgit@localhost.localdomain
State New
Series "ve: Add option allowing ioctl(FITRIM) from inside CT"
Headers show

Commit Message

Kirill Tkhai March 12, 2021, 12:14 p.m.
https://jira.sw.ru/browse/PSBM-127082

Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
---
 fs/ext4/ioctl.c    |    4 +++-
 include/linux/ve.h |    1 +
 kernel/ve/ve.c     |    5 +++++
 3 files changed, 9 insertions(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c
index 09779742ff6a..ccd0dcc3aae2 100644
--- a/fs/ext4/ioctl.c
+++ b/fs/ext4/ioctl.c
@@ -18,6 +18,7 @@ 
 #include <asm/uaccess.h>
 #include "ext4_jbd2.h"
 #include "ext4.h"
+#include <linux/ve.h>
 
 #define MAX_32_NUM ((((unsigned long long) 1) << 32) - 1)
 
@@ -723,7 +724,8 @@  long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
 		struct fstrim_range range;
 		int ret = 0;
 
-		if (!capable(CAP_SYS_ADMIN))
+		if (!capable(CAP_SYS_ADMIN) &&
+		    (!ve_allow_ioctl_fitrim || !ve_capable(CAP_SYS_ADMIN)))
 			return -EPERM;
 
 		if (!blk_queue_discard(q))
diff --git a/include/linux/ve.h b/include/linux/ve.h
index 2dcd7bb8b377..1fc1f8051671 100644
--- a/include/linux/ve.h
+++ b/include/linux/ve.h
@@ -173,6 +173,7 @@  extern struct proc_dir_entry *proc_vz_dir;
 extern struct cgroup_subsys ve_subsys;
 
 extern unsigned int sysctl_ve_mount_nr;
+extern bool ve_allow_ioctl_fitrim;
 
 #ifdef CONFIG_VE
 #define ve_uevent_seqnum       (get_exec_env()->_uevent_seqnum)
diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c
index 068b7b5a1b14..ca63b98a6726 100644
--- a/kernel/ve/ve.c
+++ b/kernel/ve/ve.c
@@ -70,6 +70,11 @@  struct module no_module = { .state = MODULE_STATE_GOING };
 EXPORT_SYMBOL(no_module);
 #endif
 
+bool ve_allow_ioctl_fitrim = 0;
+module_param_named(allow_ioctl_fitrim, ve_allow_ioctl_fitrim, bool, 0644);
+MODULE_PARM_DESC(ve_allow_ioctl_fitrim,
+		 "Allow ioctl(FITRIM) from inside VE. Only ext4 is supported now");
+
 static DEFINE_PER_CPU(struct kstat_lat_pcpu_snap_struct, ve0_lat_stats);
 
 struct ve_struct ve0 = {