[Devel] [PATCH RHEL8 COMMIT] nfsd: disable UMH client tracking in nested net namespaces

Wed, 02 Jun 2021 06:18:16 -0700 

The commit is pushed to "branch-rh8-4.18.0-240.1.1.vz8.5.x-ovz" and will appear 
at https://src.openvz.org/scm/ovz/vzkernel.git
after rh8-4.18.0-240.1.1.vz8.5.34
------>
commit b7e1ee81bab1995066ed4667f46c3f9585f5fece
Author: Vasily Averin <[email protected]>
Date:   Wed Jun 2 12:16:10 2021 +0300

    nfsd: disable UMH client tracking in nested net namespaces
    
    UMH client tracking uses usermodehelper to execute some userspace binary.
    In mainline it works for init_net only, but in vz7 skinsbursky@ enabled
    it in Containers by using per-Container UHM call. Unfortunately it does
    not work in nested network namespaces, neither on host nor inside 
Containers.
    
    This patch disables UMH client tracking in nested network namespaces,
    and adjusts warning message generated on such attempts.
    
    https://jira.sw.ru/browse/PSBM-90024
    
    Signed-off-by: Vasliy Averin <[email protected]>
    
    Reviewed-by: Konstantin Khorenko <[email protected]>
    
    Rebased to vz8:
     - use ve->ve_ns->net_ns since ve->ve_netns is gone
    
    (cherry-picked from vz7 commit e4af0cdd639d ("nfsd: disable UMH client 
tracking
    in nested net namespaces"))
    Signed-off-by: Andrey Zhadchenko <[email protected]>
---
 fs/nfsd/nfs4recover.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/fs/nfsd/nfs4recover.c b/fs/nfsd/nfs4recover.c
index cb947b72fc5a..cd73239f9298 100644
--- a/fs/nfsd/nfs4recover.c
+++ b/fs/nfsd/nfs4recover.c
@@ -1870,6 +1870,19 @@ nfsd4_umh_cltrack_init(struct net *net)
        int ret;
        struct nfsd_net *nn = net_generic(net, nfsd_net_id);
        char *grace_start = nfsd4_cltrack_grace_start(nn->boot_time);
+       struct net *ve_net;
+
+       rcu_read_lock();
+       ve_net = rcu_dereference(get_exec_env()->ve_ns)->net_ns;
+
+       if (!net_eq(net, ve_net)) {
+               rcu_read_unlock();
+               pr_warn("NFSD: attempt to initialize umh client tracking in 
Container %s netns %u ignored.\n",
+                       get_exec_env()->ve_name, net->ns.inum);
+               kfree(grace_start);
+               return -EINVAL;
+       }
+       rcu_read_unlock();
 
        ret = nfsd4_umh_cltrack_upcall("init", NULL, grace_start, NULL);
        kfree(grace_start);
_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel

Reply via email to