[rh7,1/1] ve/sysfs: relax sanity check for ns_type in sysfs_find_dirent()

Submitted by Konstantin Khorenko on March 15, 2018, 10:06 a.m.

Details

Message ID 20180315100614.13102-1-khorenko@virtuozzo.com
State New
Series "Series without cover letter"
Headers show

Commit Message

Konstantin Khorenko March 15, 2018, 10:06 a.m.
Don't complain about searching for a non ns specific sysfs entry in ns specific parent dirent.

When we set sysfs permissions for a CT via ve.sysfs_permissions
we assume the target sysfs entry is non ns specific and call
sysfs_find_dirent() with NULL ns arg.

This makes sense because ns specific sysfs entries (with s_ns set) are not checked against
CT specific permissions at all (see sysfs_sd_permission()).

And in case for example we've moved a physical net device from host inside a Container
we've got ns specific entries (for example devices/pci0000:00/0000:00:1c.2/0000:02:00.0/net)
and looking for a non ns specific net device name entry inside which triggers a complain.
Drop the complain.

https://jira.sw.ru/browse/PSBM-82259

Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com>
---
 fs/sysfs/dir.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Patch hide | download patch | download mbox

diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c
index dd34b5932ce6..f9294c00b571 100644
--- a/fs/sysfs/dir.c
+++ b/fs/sysfs/dir.c
@@ -643,14 +643,14 @@  struct sysfs_dirent *sysfs_find_dirent(struct sysfs_dirent *parent_sd,
 {
 	struct rb_node *node = parent_sd->s_dir.children.rb_node;
 	unsigned int hash;
-
+#ifndef CONFIG_VE
 	if (!!sysfs_ns_type(parent_sd) != !!ns) {
 		WARN(1, KERN_WARNING "sysfs: ns %s in '%s' for '%s'\n",
 			sysfs_ns_type(parent_sd)? "required": "invalid",
 			parent_sd->s_name, name);
 		return NULL;
 	}
-
+#endif
 	hash = sysfs_name_hash(ns, name);
 	while (node) {
 		struct sysfs_dirent *sd;

Comments

Kirill Tkhai March 15, 2018, 11:01 a.m.
On 15.03.2018 13:06, Konstantin Khorenko wrote:
> Don't complain about searching for a non ns specific sysfs entry in ns specific parent dirent.
> 
> When we set sysfs permissions for a CT via ve.sysfs_permissions
> we assume the target sysfs entry is non ns specific and call
> sysfs_find_dirent() with NULL ns arg.
> 
> This makes sense because ns specific sysfs entries (with s_ns set) are not checked against
> CT specific permissions at all (see sysfs_sd_permission()).
> 
> And in case for example we've moved a physical net device from host inside a Container
> we've got ns specific entries (for example devices/pci0000:00/0000:00:1c.2/0000:02:00.0/net)
> and looking for a non ns specific net device name entry inside which triggers a complain.
> Drop the complain.
> 
> https://jira.sw.ru/browse/PSBM-82259
> 
> Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com>

Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com>

> ---
>  fs/sysfs/dir.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c
> index dd34b5932ce6..f9294c00b571 100644
> --- a/fs/sysfs/dir.c
> +++ b/fs/sysfs/dir.c
> @@ -643,14 +643,14 @@ struct sysfs_dirent *sysfs_find_dirent(struct sysfs_dirent *parent_sd,
>  {
>  	struct rb_node *node = parent_sd->s_dir.children.rb_node;
>  	unsigned int hash;
> -
> +#ifndef CONFIG_VE
>  	if (!!sysfs_ns_type(parent_sd) != !!ns) {
>  		WARN(1, KERN_WARNING "sysfs: ns %s in '%s' for '%s'\n",
>  			sysfs_ns_type(parent_sd)? "required": "invalid",
>  			parent_sd->s_name, name);
>  		return NULL;
>  	}
> -
> +#endif
>  	hash = sysfs_name_hash(ns, name);
>  	while (node) {
>  		struct sysfs_dirent *sd;
>