The commit is pushed to "branch-rh8-4.18.0-240.1.1.vz8.5.x-ovz" and will appear
at https://src.openvz.org/scm/ovz/vzkernel.git
after rh8-4.18.0-240.1.1.vz8.5.40
------>
commit ba56a5c712939dedf9a808866600379424890067
Author: Kirill Gorkunov <[email protected]>
Date: Fri Jun 11 15:08:03 2021 +0300
net/ip6ip: Consider VE_FEATURE_IPIP on new net creation
We already have similar control in ipv4 so we should cover the ipv6
as well. Note the main reason is to allow node operator to control
containers features because this module prevents container checkpoint
and restore procedure.
https://jira.sw.ru/browse/PSBM-84241
Signed-off-by: Cyrill Gorcunov <[email protected]>
Rebased to vz8:
- Use net_generic_free instead of net_assign_generic to reclaim memory
(cherry-picked from vz7 commit 184fe365300b ("net/ip6ip: Consider
VE_FEATURE_IPIP on new net creation"))
Signed-off-by: Andrey Zhadchenko <[email protected]>
---
net/ipv6/ip6_tunnel.c | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index c29f3f236cf0..3581d7bd8055 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -59,6 +59,9 @@
#include <net/netns/generic.h>
#include <net/dst_metadata.h>
+#include <uapi/linux/vzcalluser.h>
+#include <linux/ve.h>
+
MODULE_AUTHOR("Ville Nuorvala");
MODULE_DESCRIPTION("IPv6 tunneling device");
MODULE_LICENSE("GPL");
@@ -148,6 +151,11 @@ ip6_tnl_lookup(struct net *net, int link,
struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
struct in6_addr any;
+#if CONFIG_VE
+ if (!ip6n) /* no VE_FEATURE_IPIP */
+ return NULL;
+#endif
+
for_each_ip6_tunnel_rcu(ip6n->tnls_r_l[hash]) {
if (!ipv6_addr_equal(local, &t->parms.laddr) ||
!ipv6_addr_equal(remote, &t->parms.raddr) ||
@@ -2032,6 +2040,11 @@ static int ip6_tnl_newlink(struct net *src_net, struct
net_device *dev,
struct ip6_tnl *nt, *t;
int err;
+#ifdef CONFIG_VE
+ if (net_generic(dev_net(dev), ip6_tnl_net_id) == NULL)
+ return -EACCES;
+#endif
+
nt = netdev_priv(dev);
if (ip6_tnl_netlink_encap_parms(data, &ipencap)) {
@@ -2225,6 +2238,11 @@ static void __net_exit ip6_tnl_destroy_tunnels(struct
net *net, struct list_head
int h;
struct ip6_tnl *t;
+#ifdef CONFIG_VE
+ if (!ip6n) /* no VE_FEATURE_IPIP */
+ return;
+#endif
+
for_each_netdev_safe(net, dev, aux)
if (dev->rtnl_link_ops == &ip6_link_ops)
unregister_netdevice_queue(dev, list);
@@ -2248,6 +2266,13 @@ static int __net_init ip6_tnl_init_net(struct net *net)
struct ip6_tnl *t = NULL;
int err;
+#ifdef CONFIG_VE
+ if (!(net->owner_ve->features & VE_FEATURE_IPIP)) {
+ net_generic_free(net, ip6_tnl_net_id);
+ return 0;
+ }
+#endif
+
ip6n->tnls[0] = ip6n->tnls_wc;
ip6n->tnls[1] = ip6n->tnls_r_l;
_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel
