Sorry, I didn't know. openafs-bugs it bcc (introduction in re-quote).
That's a patch itself:
Sorry, I didn't know. openafs-bugs it bcc (introduction in re-quote).
That's a patch itself:
------------------------------------------ [ cut here ]
-----------------------------------------------
diff --git a/acinclude.m4 b/acinclude.m4
index 4020544..97893a0 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -773,6 +773,7 @@ case $AFS_SYSNAME in *_linux* | *_umlinux*)
LINUX_EXPORTS_SYS_OPEN
LINUX_EXPORTS_SYS_WAIT4
LINUX_EXPORTS_RCU_READ_LOCK
+ LINUX_OPENVZ
LINUX_WHICH_MODULES
if test "x$ac_cv_linux_config_modversions" = "xno"
-o $AFS_SYSKVERS -ge 26; then
AC_MSG_WARN([Cannot determine sys_call_table
status. assuming it isn't exported])
diff --git a/src/afs/LINUX/osi_groups.c b/src/afs/LINUX/osi_groups.c
index 612d058..b039c18 100644
--- a/src/afs/LINUX/osi_groups.c
+++ b/src/afs/LINUX/osi_groups.c
@@ -646,7 +646,10 @@ void osi_keyring_init(void)
# endif
rcu_read_lock();
# endif
-#if defined(EXPORTED_FIND_TASK_BY_PID)
+
+#if defined(HAVE_OPENVZ)
+ p = find_task_by_pid_all(1);
+#elif defined(EXPORTED_FIND_TASK_BY_PID)
p = find_task_by_pid(1);
#else
p = find_task_by_vpid(1);
diff --git a/src/afs/afs_osi.c b/src/afs/afs_osi.c
index 0ebb913..b9a00ff 100644
--- a/src/afs/afs_osi.c
+++ b/src/afs/afs_osi.c
@@ -853,19 +853,13 @@ afs_osi_TraverseProcTable()
rcu_read_lock();
#endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) */
-#ifdef DEFINED_FOR_EACH_PROCESS
+#if defined(HAVE_OPENVZ)
+ for_each_process_all(p) if (p->pid) {
+#elif defined(DEFINED_FOR_EACH_PROCESS)
for_each_process(p) if (p->pid) {
-#ifdef STRUCT_TASK_STRUCT_HAS_EXIT_STATE
- if (p->exit_state)
- continue;
-#else
- if (p->state & TASK_ZOMBIE)
- continue;
-#endif
- afs_GCPAGs_perproc_func(p);
- }
#else
for_each_task(p) if (p->pid) {
+#endif
#ifdef STRUCT_TASK_STRUCT_HAS_EXIT_STATE
if (p->exit_state)
continue;
@@ -875,7 +869,6 @@ afs_osi_TraverseProcTable()
#endif
afs_GCPAGs_perproc_func(p);
}
-#endif
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,18) &&
defined(EXPORTED_TASKLIST_LOCK)
if (&tasklist_lock)
read_unlock(&tasklist_lock);
diff --git a/src/cf/linux-test4.m4 b/src/cf/linux-test4.m4
index 801f6d5..4fdacad 100644
--- a/src/cf/linux-test4.m4
+++ b/src/cf/linux-test4.m4
@@ -1057,3 +1057,19 @@ AC_DEFUN([LINUX_HAVE_WRITE_BEGIN_AOP], [
if test "x$ac_cv_linux_write_begin" = "xyes"; then
AC_DEFINE([HAVE_WRITE_BEGIN], 1, [define if your kernel has a
write_begin() address space op])
fi])
+
+AC_DEFUN([LINUX_OPENVZ], [
+ AC_MSG_CHECKING([for linux OpenVZ project extensions])
+ AC_CACHE_VAL([ac_cv_linux_openvz], [
+ AC_TRY_KBUILD(
+[#include <linux/sched.h>
+#include <linux/delay.h>
+#include <linux/capability.h>
+#include <linux/ve.h>],
+[get_ve(NULL);],
+ ac_cv_linux_openvz=yes,
+ ac_cv_linux_openvz=no)])
+ AC_MSG_RESULT($ac_cv_linux_openvz)
+ if test "x$ac_cv_linux_openvz" = "xyes"; then
+ AC_DEFINE([HAVE_OPENVZ], 1, [define if your kernel have
configured OpenVZ extensions])
+ fi])
diff --git a/src/rx/LINUX/rx_knet.c b/src/rx/LINUX/rx_knet.c
index 59f982e..05c8533 100644
--- a/src/rx/LINUX/rx_knet.c
+++ b/src/rx/LINUX/rx_knet.c
@@ -102,6 +102,10 @@ osi_NetSend(osi_socket sop, struct sockaddr_in
*to, struct iovec *iovec,
struct msghdr msg;
int code;
+#ifdef HAVE_OPENVZ
+ struct ve_struct *ve;
+#endif
+
msg.msg_iovlen = iovcnt;
msg.msg_iov = iovec;
msg.msg_name = to;
@@ -110,9 +114,15 @@ osi_NetSend(osi_socket sop, struct sockaddr_in
*to, struct iovec *iovec,
msg.msg_controllen = 0;
msg.msg_flags = 0;
+#ifdef HAVE_OPENVZ
+ ve = set_exec_env(get_ve0());
+#endif
TO_USER_SPACE();
code = sock_sendmsg(sop, &msg, size);
TO_KERNEL_SPACE();
+#ifdef HAVE_OPENVZ
+ (void)set_exec_env(ve);
+#endif
return (code < 0) ? code : 0;
}
@@ -147,6 +157,9 @@ osi_NetReceive(osi_socket so, struct sockaddr_in
*from, struct iovec *iov,
int code;
struct iovec tmpvec[RX_MAXWVECS + 2];
struct socket *sop = (struct socket *)so;
+#ifdef HAVE_OPENVZ
+ struct ve_struct *ve;
+#endif
if (iovcnt > RX_MAXWVECS + 2) {
osi_Panic("Too many (%d) iovecs passed to osi_NetReceive\n", iovcnt);
@@ -159,9 +172,15 @@ osi_NetReceive(osi_socket so, struct sockaddr_in
*from, struct iovec *iov,
msg.msg_controllen = 0;
msg.msg_flags = 0;
+#ifdef HAVE_OPENVZ
+ ve = set_exec_env(get_ve0());
+#endif
TO_USER_SPACE();
code = sock_recvmsg(sop, &msg, *lengthp, 0);
TO_KERNEL_SPACE();
+#ifdef HAVE_OPENVZ
+ (void)set_exec_env(ve);
+#endif
if (code < 0) {
#ifdef AFS_LINUX26_ENV
diff --git a/src/rx/rx_lwp.c b/src/rx/rx_lwp.c
index 8c76ab9..1a5e7ee 100644
--- a/src/rx/rx_lwp.c
+++ b/src/rx/rx_lwp.c
@@ -428,7 +428,18 @@ rxi_Listen(osi_socket sock)
int
rxi_Recvmsg(int socket, struct msghdr *msg_p, int flags)
{
- return recvmsg((int)socket, msg_p, flags);
+#ifdef HAVE_OPENVZ
+ struct ve_struct *ve;
+ int ret;
+
+ ve = set_exec_env(get_ve0());
+ ret = recvmsg((int)socket, msg_p, flags);
+ (void)set_exec_env(ve);
+
+ return ret;
+#else
+ return recvmsg((int)socket, msg_p, flags);
+#endif
}
/*
@@ -438,6 +449,10 @@ rxi_Recvmsg(int socket, struct msghdr *msg_p, int flags)
int
rxi_Sendmsg(osi_socket socket, struct msghdr *msg_p, int flags)
{
+#ifdef HAVE_OPENVZ
+ struct ve_struct *ve;
+ ve = set_exec_env(get_ve0());
+#endif
fd_set *sfds = (fd_set *) 0;
while (sendmsg(socket, msg_p, flags) == -1) {
int err;
@@ -446,6 +461,9 @@ rxi_Sendmsg(osi_socket socket, struct msghdr
*msg_p, int flags)
if (!sfds) {
if (!(sfds = IOMGR_AllocFDSet())) {
(osi_Msg "rx failed to alloc fd_set: ");
+#ifdef HAVE_OPENVZ
+ (void)set_exec_env(ve);
+#endif
perror("rx_sendmsg");
return -1;
}
@@ -465,14 +483,24 @@ rxi_Sendmsg(osi_socket socket, struct msghdr
*msg_p, int flags)
{
(osi_Msg "rx failed to send packet: ");
perror("rx_sendmsg");
+#ifdef HAVE_OPENVZ
+ (void)set_exec_env(ve);
+#endif
return -1;
}
while ((err = select(socket + 1, 0, sfds, 0, 0)) != 1) {
- if (err >= 0 || errno != EINTR)
+ if (err >= 0 || errno != EINTR) {
+#ifdef HAVE_OPENVZ
+ (void)set_exec_env(ve);
+#endif
osi_Panic("rxi_sendmsg: select error %d.%d", err, errno);
+ }
}
}
if (sfds)
IOMGR_FreeFDSet(sfds);
+#ifdef HAVE_OPENVZ
+ (void)set_exec_env(ve);
+#endif
return 0;
}
diff --git a/src/rx/rx_pthread.c b/src/rx/rx_pthread.c
index f69bdb6..64b68c2 100644
--- a/src/rx/rx_pthread.c
+++ b/src/rx/rx_pthread.c
@@ -401,7 +401,14 @@ int
rxi_Recvmsg(int socket, struct msghdr *msg_p, int flags)
{
int ret;
+#ifdef HAVE_OPENVZ
+ struct ve_struct *ve;
+ (void)set_exec_env(ve);
+#endif
ret = recvmsg(socket, msg_p, flags);
+#ifdef HAVE_OPENVZ
+ (void)set_exec_env(ve);
+#endif
return ret;
}
@@ -411,8 +418,15 @@ rxi_Recvmsg(int socket, struct msghdr *msg_p, int flags)
int
rxi_Sendmsg(osi_socket socket, struct msghdr *msg_p, int flags)
{
+#ifdef HAVE_OPENVZ
+ struct ve_struct *ve
+ ve = set_exec_env(get_ve0());
+#endif
int ret;
ret = sendmsg(socket, msg_p, flags);
+#ifdef HAVE_OPENVZ
+ (void)set_exec_env(ve);
+#endif
#ifdef AFS_LINUX22_ENV
/* linux unfortunately returns ECONNREFUSED if the target port
* is no longer in use */
----------------------------------- [ patch ends here ]
----------------------------------------
2009/2/25 Night Nord <[email protected]>:
> OpenVZ (www.openvz.org) is a virtualization solution - looks like very
> advanced chroot jail - when multiply virtual servers (CT - containers) shares
> same kernels, but all operations executed in different namespaces. This
> includes net namespace. Such scheme allows very cheap and secure
> virtualization,
> but requires special support for any kernel subsystem/module. That patch
> allows
> openafs-1.4.8 AFS client (libafs kernel module) to be used into such
> environment. That patch not actually virtualizes module, but allows it to be
> built correctly and allows to `mount --bind` /afs from 'real system'
> (Hardware Node - HN - in OpenVZ terminology) into containers (which are like
> chroot's, but much more complex).
>
> Detailed:
>
> 1) Build-system:
> Check into acinclude.m4 and src/cf/linux-test.m4 for enabled OpenVZ
> containers scheme (HAVE_OPENVZ).
>
> 2) src/afs/LINUX/osi_groups.c:
> Use find_task_by_pid_all(1) to get HN's 'init', not one from container.
>
> 3) src/afs/afs_osi.c:
> Use for_each_process_all to support storing authentication tokens for
> all processes, not only HN's. (Necessary to build)
> 4) src/afs/rx_knet.c, src/afs/rx_lwp.c, src/afs/rx_pthread.c
> Make it bindable into containers - idea is simple, sending requests
> and receiving them must be done from HN's namespace - where actually
> all other work is simple, otherwise you will see files from container,
> but any operation will be timed out. So we must just switch into HN's
> (aka VE0 - virtual environment) namespace before sent, and then switch
> back before any return.
>
--
Night Nord
_______________________________________________
OpenAFS-devel mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-devel
