Acked-by: Pavel Tikhomirov
On Wed, 2015-05-06 at 17:11 +0300, Vasily Averin wrote:
> This patch fixes "100% CPU on Ubuntu 13.04 when using rsyslog" issue.
>
> rsyslogd inside Ubuntu containers drops privileges after opening /proc/kmsg.
> Old rsyslogd ignores error on acces
monotonic time using the monotonic_ve_to_abs() function, which was
introduced earlier and is now exported for that reason.
https://jira.sw.ru/browse/PSBM-18284
Signed-off-by: Vladimir Davydov
Signed-off-by: Pavel Tikhomirov
---
fs/timerfd.c | 6 +-
include/linux/ve.h
https://jira.sw.ru/browse/PSBM-34017
On 06/08/2015 07:17 PM, Pavel Tikhomirov wrote:
Need this for docker, as sometimes systemd-tmpfiles-clean.timer inside
PCS7 ct is spamming dbus with requests to start corresponding service.
And at the same time docker tries to create cgroup for container and
Docker tests create two level docker containers hierarchy, and they need
to mount cgroups on the first level to control containers of second
level. Is it safe to "re-revert" this patch to allow docker
test(unit,integration-cli) mount cgroups?
On 05/26/2015 06:00 PM, Cyrill Gorcunov wrote:
--
On 06/09/2015 11:51 AM, Cyrill Gorcunov wrote:
On Tue, Jun 09, 2015 at 11:48:18AM +0300, Pavel Tikhomirov wrote:
Docker tests create two level docker containers hierarchy, and they need to
mount cgroups on the first level to control containers of second level. Is
it safe to "re-revert&
cker maintainers may find some examples where --priviledged dockerCT
does not need bindmounted cgroups
On 06/09/2015 12:30 PM, Cyrill Gorcunov wrote:
On Tue, Jun 09, 2015 at 12:17:59PM +0300, Pavel Tikhomirov wrote:
On 06/09/2015 11:51 AM, Cyrill Gorcunov wrote:
On Tue, Jun 09, 2015 at 11:
time using the monotonic_ve_to_abs() function, which was
introduced earlier and is now exported for that reason.
https://jira.sw.ru/browse/PSBM-18284
Signed-off-by: Vladimir Davydov
Signed-off-by: Pavel Tikhomirov
---
fs/timerfd.c | 6 +-
include/linux/ve.h| 6 ++
kernel/pos
Seam ok for me. No longer able to reproduce crash.
Reviewed-by: Pavel Tikhomirov
On 06/09/2015 07:56 PM, Vladimir Davydov wrote:
frontswap_store can be called on a page even if there is already one
cached in frontswap at the same offset. This can happen e.g. if vmscan
fails to free a swap
else there would be no permission to use tun inside CT
https://jira.sw.ru/browse/PSBM-34066
Signed-off-by: Pavel Tikhomirov
---
drivers/net/tun.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index 9c57c11..d89daf6 100644
--- a/drivers
move setting NETIF_F_VIRTUAL from tun_setup to tun_set_iff
where other features are set, as tun_setup is only called in
tun_set_iff
https://jira.sw.ru/browse/PSBM-34066
Signed-off-by: Pavel Tikhomirov
---
drivers/net/tun.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a
restarts
__dentry_path() fixes
Eric W. Biederman (1):
vfs: Remove second variable named error in __dentry_path
Pavel Tikhomirov (1):
dcache: reinitialize error for resetart in prepend_path as in ms
fs/dcache.c | 22 ++
1 file changed, 14 insertions(+), 8 deletions
igned-off-by: Al Viro
https://jira.sw.ru/browse/PSBM-34245
Signed-off-by: Pavel Tikhomirov
---
fs/dcache.c | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/fs/dcache.c b/fs/dcache.c
index 3670260..27c3a3a 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -2875,9 +2
It seem safer to reinitialize error as introduced in ms 48a066e72d
Signed-off-by: Pavel Tikhomirov
---
fs/dcache.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/dcache.c b/fs/dcache.c
index 27c3a3a..ecbfb07 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -2878,7 +2878,7
Signed-off-by: "Eric W. Biederman"
Signed-off-by: Al Viro
Signed-off-by: Pavel Tikhomirov
---
fs/dcache.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/fs/dcache.c b/fs/dcache.c
index ad4acc4..da460df 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -3121,7 +3
Spotted-by: Denys Vlasenko
Spotted-by: Oleg Nesterov
Signed-off-by: Al Viro
https://jira.sw.ru/browse/PSBM-34245
Signed-off-by: Pavel Tikhomirov
---
fs/dcache.c | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/fs/dcache.c b/fs/dcache.c
index ecbfb07
From: Al Viro
Signed-off-by: Al Viro
(cherry picked from VZ8 commit 3c0411846118a578de3a979faf2da3ab5fb81179)
https://jira.sw.ru/browse/PSBM-102357
Signed-off-by: Pavel Tikhomirov
---
ipc/namespace.c | 15 +--
kernel/pid_namespace.c | 14 +-
kernel
This reverts commit b823f8df2fcbc936ef228d5eeb419d06df4cc4f7.
We switch from procfs ns-files to nsfs ones, so we will apply nsfs
version of the patch instead.
https://jira.sw.ru/browse/PSBM-102357
Signed-off-by: Pavel Tikhomirov
---
drivers/net/tun.c | 10 --
include/uapi
Signed-off-by: David S. Miller
(cherry picked from VZ8 commit c62cce2caee558e18aa05c01c2fd3b40f07174f2)
https://jira.sw.ru/browse/PSBM-102357
Signed-off-by: Pavel Tikhomirov
---
fs/nsfs.c| 2 +-
include/linux/proc_fs.h | 4
include/uapi/linux/sockios.h | 1
This reverts commit a8e0dd94d5cd9e0efefdd928a55d669eff176723.
We switch from procfs ns-files to nsfs ones, so we will apply nsfs
version of the patch instead.
https://jira.sw.ru/browse/PSBM-102357
Signed-off-by: Pavel Tikhomirov
---
fs/proc/namespaces.c | 81
ng Wang
Signed-off-by: Linus Torvalds
(cherry picked from commit 073c516ff73557a8f7315066856c04b50383ac34)
https://jira.sw.ru/browse/PSBM-102357
Signed-off-by: Pavel Tikhomirov
---
fs/nsfs.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/nsfs.c b/fs/nsfs.c
index e7c42a9daa62..30907b
e
Cc: Eric Biederman
Cc: Andy Lutomirski
Cc: Ingo Molnar
Cc: Serge Hallyn
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
(cherry picked from VZ8 commit eaa0d190bfe1ed891b814a52712dcd852554cb08)
https://jira.sw.ru/browse/PSBM-102357
Signed-off-by: Pavel Tikhomirov
---
fs/proc/namesp
From: Al Viro
for now - just move corresponding ->proc_inum instances over there
Acked-by: "Eric W. Biederman"
Signed-off-by: Al Viro
(cherry picked from VZ8 commit 435d5f4bb2ccba3b791d9ef61d2590e30b8e806e)
https://jira.sw.ru/browse/PSBM-102357
Signed-off-by: Pavel Tikhom
From: Al Viro
We can do that now. And kill ->inum(), while we are at it - all instances
are identical.
Signed-off-by: Al Viro
(cherry picked from VZ8 commit 64964528b24ea390824f0e5ce9d34b8d39b28cde)
https://jira.sw.ru/browse/PSBM-102357
Signed-off-by: Pavel Tikhomirov
---
fs/namespac
From: Kirill Tkhai
This function will be used to obtain net of tun device.
Signed-off-by: Kirill Tkhai
Signed-off-by: David S. Miller
(cherry picked from commit 24dce0800baaa508b1a8ccf01ae0a9c8e600a5aa)
https://jira.sw.ru/browse/PSBM-102357
Signed-off-by: Pavel Tikhomirov
---
fs/nsfs.c
This reverts commit 7cb9e7ae7041f348f2be384ea17352e117f3d00d.
We switch from procfs ns-files to nsfs ones, so we will apply nsfs
version of the patch instead.
https://jira.sw.ru/browse/PSBM-102357
Signed-off-by: Pavel Tikhomirov
---
drivers/net/tun.c | 11 +--
1 file changed, 1
from non-root netns.
https://jira.sw.ru/browse/PSBM-105161
Signed-off-by: Pavel Tikhomirov
---
fs/kernfs/dir.c | 1 +
fs/kernfs/file.c| 23 +++
fs/kernfs/kernfs-internal.h | 1 +
include/linux/kernfs.h | 5 +
4 files changed, 30 insertions
Note, It produces crash on cleanup_net, will try to fix.
On 7/17/20 5:21 PM, Pavel Tikhomirov wrote:
Sysfs mounts save current netns when mounting and show different set of
network devices in /sys/class/net based on it. But there is currently no
simple way to find out to that netns the sysfs
ra.sw.ru/browse/PSBM-105161
v2: fix bad net namespace referencing
Signed-off-by: Pavel Tikhomirov
---
fs/kernfs/dir.c | 1 +
fs/kernfs/file.c| 23 +++
fs/kernfs/kernfs-internal.h | 1 +
include/linux/kernfs.h | 5 +
include/linux/socket.h
ra.sw.ru/browse/PSBM-105161
Signed-off-by: Pavel Tikhomirov
---
fs/kernfs/dir.c | 1 +
fs/kernfs/file.c| 23 +++
fs/kernfs/kernfs-internal.h | 1 +
include/linux/kernfs.h | 5 +
include/linux/socket.h | 1 +
net/socket.c
imits and usage.
https://jira.sw.ru/browse/PSBM-106065
Co-Developed-by: Andrey Ryabinin
Signed-off-by: Pavel Tikhomirov
---
mm/memcontrol.c | 15 ++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/mm/memcontrol.c b/mm/memcontrol.c
index fa7b2cad93ad..9570e9d8487f 10064
On 7/24/20 6:50 PM, Andrey Zhadchenko wrote:
criu uses fhandle from fdinfo to dump inotify objects. cgroup super block has
no export operations, but .encode_fh and .fh_to_dentry are needed for
inotify_fdinfo function and open_by_handle_at syscall in order to correctly
open files located on cgr
One more thing: inode can be reused, and I don't see where you handle
it. E.g.: shmem_fh_to_dentry / shmem_match uses inode generation to
detect it.
On 7/27/20 12:43 PM, Pavel Tikhomirov wrote:
On 7/24/20 6:50 PM, Andrey Zhadchenko wrote:
criu uses fhandle from fdinfo to dump in
Except for two small nits it looks good.
Note: Because we use atomic_inc_not_zero(i_count) and the fact that iput
can increment i_count back, we can _potentially_ see situation that
open_by_handle_at first fails to open and next is able to open the same
handle. But I don't think it's a big dea
ble helper functions to avoid races.
changed i_gen generation from get_seconds to prandom_u32.
https://jira.sw.ru/browse/PSBM-105889
Signed-off-by: Andrey Zhadchenko
Reviewed-by: Pavel Tikhomirov
---
kernel/cgroup.c | 168 +++-
1 file chan
e is such.
Signed-off-by: Al Viro
(cherry-picked from commit 74e831221cfd79460ec11c1b641093863f0ef3ce)
https://jira.sw.ru/browse/PSBM-107263
Signed-off-by: Pavel Tikhomirov
---
fs/mount.h | 5 +++
fs/namespace.c | 83 +-
2 files chan
https://jira.sw.ru/browse/PSBM-107263
Signed-off-by: Pavel Tikhomirov
---
arch/x86/syscalls/syscall_32.tbl | 2 +
arch/x86/syscalls/syscall_64.tbl | 2 +
fs/file_table.c | 9 +-
fs/internal.h| 1 +
fs/namespace.c
Signed-off-by: Pavel Tikhomirov
---
arch/x86/syscalls/syscall_32.tbl | 1 +
arch/x86/syscalls/syscall_64.tbl | 1 +
fs/namespace.c | 126 +++
include/linux/security.h | 12 +++
include/linux/syscalls.h | 3 +
include/uapi/linux
.
https://jira.sw.ru/browse/PSBM-107263
Signed-off-by: Pavel Tikhomirov
Al Viro (2):
saner handling of temporary namespaces
vfs: syscall: Add open_tree(2) to reference or clone a mount
David Howells (2):
vfs: syscall: Add move_mount(2) to move mounts around
teach move_mount(2)
ommit 570d7a98e7d6d5d8706d94ffd2d40adeaa318332)
https://jira.sw.ru/browse/PSBM-107263
Signed-off-by: Pavel Tikhomirov
---
fs/namespace.c | 63 --
1 file changed, 56 insertions(+), 7 deletions(-)
diff --git a/fs/namespace.c b/fs/namespace.c
index 0820db1a4a5f..ef8d8c07a35a 100644
---
ff-by: Pavel Tikhomirov
---
kernel/events/core.c | 4
1 file changed, 4 insertions(+)
diff --git a/kernel/events/core.c b/kernel/events/core.c
index 2fdc89591c39..a6f4653e3421 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -46,6 +46,7 @@
#include
#include
#include
+#in
ff-by: Pavel Tikhomirov
---
kernel/events/core.c | 4
1 file changed, 4 insertions(+)
diff --git a/kernel/events/core.c b/kernel/events/core.c
index bb130a5cbee5..db135b096c0a 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -50,6 +50,7 @@
#include
#include
#include
+#in
make mount_subtree() use temporary
(anon) namespace. is_anon_ns() checks if a namespace is such.
Signed-off-by: Al Viro
(cherry-picked from commit 74e831221cfd79460ec11c1b641093863f0ef3ce)
https://jira.sw.ru/browse/PSBM-107263
Signed-off-by: Pavel Tikhomirov
---
fs/mount.h | 5
fs/names
ru/browse/PSBM-107263
Signed-off-by: Pavel Tikhomirov
Al Viro (1):
ms/saner handling of temporary namespaces
David Howells (1):
ms/vfs: syscall: Add move_mount(2) to move mounts around
Pavel Tikhomirov (2):
ms/vfs: syscall: Add open_tree(2) to reference or clone a mount
ms/teach mo
ove_mount syscalls
(cherry-picked from commit 2658ce095df583cdf9ede475ec4da0b3cc7f7b05)
https://jira.sw.ru/browse/PSBM-107263
Signed-off-by: Pavel Tikhomirov
---
arch/x86/entry/syscalls/syscall_32.tbl | 2 +
arch/x86/entry/syscalls/syscall_64.tbl | 2 +
fs/file_table.c| 9 +-
fs/internal.h
5de54b8340dc2ddcd87f446d33387b5e)
https://jira.sw.ru/browse/PSBM-107263
Signed-off-by: Pavel Tikhomirov
---
arch/x86/entry/syscalls/syscall_32.tbl | 1 +
arch/x86/entry/syscalls/syscall_64.tbl | 1 +
fs/namespace.c | 126 +++--
include/linux/lsm_hook
el internal mounts
(cherry-picked from commit 570d7a98e7d6d5d8706d94ffd2d40adeaa318332)
https://jira.sw.ru/browse/PSBM-107263
Signed-off-by: Pavel Tikhomirov
---
fs/namespace.c | 63 --
1 file changed, 56 insertions(+), 7 deletions(-)
diff --git a/fs/na
-107596
Reviewed-by: Pavel Tikhomirov
Signed-off-by: Valeriy Vdovin
---
kernel/cgroup.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/kernel/cgroup.c b/kernel/cgroup.c
index 5f311180..691505c 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -1749,6 +1749,9
Looks good.
Reviewed-by: Pavel Tikhomirov
But please also see two non-critical questions below.
On 9/8/20 5:33 PM, Andrey Zhadchenko wrote:
criu uses fhandle from fdinfo to dump inotify objects, but mqueue has no
export_operations in super block. However, they are needed if we want to
me
uuid on the superblock and mounting the overlayfs from it later would
fail. (see https://jira.sw.ru/browse/PSBM-11961 for more info why it is
needed)
https://jira.sw.ru/browse/PSBM-108115
To mainstream:
https://lkml.org/lkml/2020/9/23/565
Signed-off-by: Pavel Tikhomirov
---
.../k
On 10/14/20 2:05 AM, Andrey Zhadchenko wrote:
Overlayfs temporary override credentials in copy_up function to ones which was
used to create mount.
Unfortunately vfs_setxattr requires CAP_SYS_ADMIN
capability in current user namespace.
No, if it was so, it would be no error =) To be correct w
ayfs to be used inside a
Container")
Signed-off-by: Pavel Tikhomirov
---
Note: in VZ8 we have commit 8a608edc9294 ("ms/teach move_mount(2) to
work with OPEN_TREE_CLONE") which should be reworked because it allows
mounting everything, which is likely bad:
CT-e4a3f511-a27b-4dbe-8e31-
On 10/26/20 9:48 AM, Andrey Zhadchenko wrote:
Use more generic igrab instead of atomic inc. Move cgroup_hash_del to eviction
stage to avoid deadlock.
Signed-off-by: Andrey Zhadchenko
---
kernel/cgroup.c | 25 -
1 file changed, 8 insertions(+), 17 deletions(-)
diff
Nice!
Do we need to protect it with some kind of capable? So that one can't
use it from container. (probably repair mode is already a valid
protection but please check to be sure)
On 10/28/20 5:59 PM, Andrey Zhadchenko wrote:
Sometimes during dump criu can encounter netlink sockets with over
<7> ulogd.c:948 error starting `log1'
Thu Oct 29 09:19:53 2020 <8> ulogd.c:1597 not even a single working plugin stack
Fatal error.
It needs nfnetlink_log module to be loaded. Need this to be able to run
kubernetes in centos-8 containers where it uses nft logs.
https://jira.sw.ru/b
For both patches in v2:
Reviewed-by: Pavel Tikhomirov
On 10/29/20 3:22 PM, Andrey Zhadchenko wrote:
Prevent using netlink repair mode from containers.
Signed-off-by: Andrey Zhadchenko
---
v2: added ve_struct *ve to get rid of second get_exec_env call
net/netlink/af_netlink.c | 7
On 11/12/20 6:17 PM, Kirill Tkhai wrote:
On 12.11.2020 18:08, Andrey Zhadchenko wrote:
On Thu, 12 Nov 2020 17:29:21 +0300
Kirill Tkhai wrote:
Hi, Kirill,
Hi, Andrey,
On 11.11.2020 10:32, Andrey Zhadchenko wrote:
Use more generic igrab instead of atomic inc. Move cgroup_hash_del
to evict
(also to @vvs) We should probably add `Fixes: ("cgroup: add
export_operations to cgroup super block")` to the commit description, so
that it can be merged on next rebase to the original patch if needed.
Reviewed-by: Pavel Tikhomirov
On 11/11/20 10:32 AM, Andrey Zhadchenko wrote:
ve_ns.
https://jira.sw.ru/browse/PSBM-123077
Signed-off-by: Pavel Tikhomirov
---
drivers/net/venetdev.c | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/net/venetdev.c b/drivers/net/venetdev.c
index b5b3f7e16c58d..cdf56b9e7ec13 100644
--- a/drivers/net/venetdev.c
This is needed by criu to be able to restore those ops from
vz-rst-action action script setup on setup-namespaces stage.
This is effectively a port from vz7 kernel.
While on it let's also fix missprint in ve_features_write name.
https://jira.sw.ru/browse/PSBM-120728
Signed-off-by:
PSBM-123668
https://jira.sw.ru/browse/PSBM-123630
Signed-off-by: Pavel Tikhomirov
---
include/linux/cgroup.h | 1 +
security/device_cgroup.c | 48
2 files changed, 49 insertions(+)
diff --git a/include/linux/cgroup.h b/include/linux/cgroup.h
index 645c9
up stops") [1]
Signed-off-by: Pavel Tikhomirov
---
kernel/fork.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/kernel/fork.c b/kernel/fork.c
index 7ed142f2d3497..d0f92f2a9c087 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1704,6 +1704,12 @@ static struct task_struct *copy_p
als to the false-owner.
Let's change the api, so that F_GETOWN(EX) returns 0 in case actual
owner is dead already.
https://jira.sw.ru/browse/PSBM-124623
Signed-off-by: Pavel Tikhomirov
---
fs/fcntl.c | 19 +--
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/
PSBM-125002
(cherry picked from commit f6d0cbcf09c506b9b022df8f9d7693a7cec3c732)
Signed-off-by: Pavel Tikhomirov
---
include/net/netfilter/nft_fib.h | 31 +++
include/uapi/linux/netfilter/nf_tables.h | 36 +++
net/ipv4/netfilter/Kconfig | 8 +
net/ipv4/netfilter/Makefile |
take all patches which touch nft fib modules from rh8: initial feature
+ fixes, though some patches which look not fib specific are skipped
from porting as they touch to much other files. Also I add fib modules
to config and to autoload.
https://jira.sw.ru/browse/PSBM-125002
Signed-off-by: Pa
take all patches which touch nft fib modules from rh8: initial feature
+ fixes, though some patches which look not fib specific are skipped
from porting as they touch to much other files. Also I add fib modules
to config and to autoload.
https://jira.sw.ru/browse/PSBM-125002
Signed-off-by: Pa
n order to address that
possible situation.
Signed-off-by: Pablo M. Bermudo Garay
Signed-off-by: Pablo Neira Ayuso
https://jira.sw.ru/browse/PSBM-125002
(cherry picked from commit f347ec852c7a83e1803192d2c1fce4e42e0715a5)
Signed-off-by: Pavel Tikhomirov
---
net/ipv4/netfilter/nft_fib_i
icast, too")
Fixes: f6d0cbcf09c5 ("netfilter: nf_tables: add fib expression")
Signed-off-by: Liping Zhang
Signed-off-by: Pablo Neira Ayuso
https://jira.sw.ru/browse/PSBM-125002
(cherry picked from commit 6443ebc3fdd6f3c766d9442c18be274b3d736050)
Signed-off-by: Pavel Tikhomirov
---
mit 3b760dcb0fd304873dfde9ff072a49f893c6f5c4)
Signed-off-by: Pavel Tikhomirov
---
net/ipv4/netfilter/nft_fib_ipv4.c | 13 +++--
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/net/ipv4/netfilter/nft_fib_ipv4.c
b/net/ipv4/netfilter/nft_fib_ipv4.c
index 1c82b94a88158..d938edfc06c90 100644
--- a/net/i
+CONFIG_NFT_FIB=m
+CONFIG_NFT_FIB_INET=m
+CONFIG_NFT_FIB_IPV4=m
+CONFIG_NFT_FIB_IPV6=m
Need it for docker Docker nat rules c/r in nft based environment.
https://jira.sw.ru/browse/PSBM-125002
Signed-off-by: Pavel Tikhomirov
---
configs/kernel-3.10.0-x86_64-debug.config | 4
configs/kernel
Sorry for this, please drop.
On 2/4/21 11:51 AM, Pavel Tikhomirov wrote:
From: Florian Westphal
Add FIB expression, supported for ipv4, ipv6 and inet family (the latter
just dispatches to ipv4 or ipv6 one based on nfproto).
Currently supports fetching output interface index/name and the
ommit 11583438b73fbc9117ff8afcbde8c934d0d63713)
Signed-off-by: Pavel Tikhomirov
---
net/ipv4/netfilter/nft_fib_ipv4.c | 2 +-
net/ipv6/netfilter/nft_fib_ipv6.c | 2 +-
net/netfilter/nft_fib.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/ipv4/netfilter/nft_fib_ipv4.c
b/net
Need it for docker Docker nat rules c/r in nft based environment.
https://jira.sw.ru/browse/PSBM-125002
Signed-off-by: Pavel Tikhomirov
---
kernel/kmod.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/kernel/kmod.c b/kernel/kmod.c
index 044689113e517..aded87693bfd6 100644
--- a
show_bug.cgi?id=1221
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
https://jira.sw.ru/browse/PSBM-125002
(cherry picked from commit 47b7e7f82802dced3ac73658bf4b77584a63063f)
Signed-off-by: Pavel Tikhomirov
---
net/ipv6/netfilter/ip6t_rpfilter.c | 4
net/ipv6/netfilter/
ang
Acked-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
https://jira.sw.ru/browse/PSBM-125002
(cherry picked from commit e0ffdbc78d84e1da090f03ab62da3def0e65159e)
Signed-off-by: Pavel Tikhomirov
---
net/ipv4/netfilter/nft_fib_ipv4.c | 2 ++
1 file changed, 2 insertions(+)
diff --git
-125002
(cherry picked from commit 055c4b34b94f696d9bd9aad53a11378a0fc409c9)
Signed-off-by: Pavel Tikhomirov
---
include/net/netfilter/nft_fib.h | 2 +-
include/uapi/linux/netfilter/nf_tables.h | 1 +
net/ipv4/netfilter/nft_fib_ipv4.c| 4 ++--
net/ipv6/netfilter/nft_fib_ipv6.c
PSBM-125002
(cherry picked from commit f6d0cbcf09c506b9b022df8f9d7693a7cec3c732)
Signed-off-by: Pavel Tikhomirov
---
include/net/netfilter/nft_fib.h | 31 +++
include/uapi/linux/netfilter/nf_tables.h | 36 +++
net/ipv4/netfilter/Kconfig | 8 +
net/ipv4/netfilter/Makefile |
"nft-expr-2-fib"
https://jira.sw.ru/browse/PSBM-125002
Fixes: 84beb0e73874a ("ve/kmod: make fib modules autoloadable from CT")
Signed-off-by: Pavel Tikhomirov
---
kernel/kmod.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/kmod.c b/kernel/kmod.c
From: Pavel Begunkov
As other *continue() helpers, this continues iteration from a given
position.
Signed-off-by: Pavel Begunkov
Signed-off-by: Jens Axboe
https://jira.sw.ru/browse/PSBM-125812
(cherry-picked from 28ca0d6d39ab1d01c86762c82a585b7cedd2920c)
Signed-off-by: Pavel Tikhomirov
ot; entries, so
mainstream kernel just relies on this fact and does not explicitly skip
"cursor" for them.
https://jira.sw.ru/browse/PSBM-125812
(cherry-picked from 9f6c61f96f2d97cbb5f7fa85607bc398f843ff0f)
Signed-off-by: Pavel Tikhomirov
---
fs/mount
mounts are deleted
from the list, we can still continue reading next mounts after "cursor"
consistently.
https://jira.sw.ru/browse/PSBM-125812
Signed-off-by: Pavel Tikhomirov
Miklos Szeredi (1):
proc/mounts: add cursor
Pavel Begunkov (1):
list: introduce list_for_each_continue()
fs/mou
n_trylock(&sb_lock) here
Bug link is missing, Probably PSBM-126568?
Cc: Pavel Tikhomirov
Cc: Vasily Averin
Signed-off-by: Alexander Mikhalitsyn
---
fs/sync.c | 11 +--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/fs/sync.c b/fs/sync.c
index 1cf0f0b38824..b2b72a
On 3/5/21 10:43 AM, Pavel Tikhomirov wrote:
On 3/4/21 6:59 PM, Alexander Mikhalitsyn wrote:
There are two problems:
1. kmalloc should be called with GFP_NOWAIT to prevent sleep
under spinlock taken
2. spin_lock(&sb_lock) under spinlock(mnt_ns_list)
There we have a small probabilit
neral seq file code directly, unlike the previous idea, so it looks
less intruzive.
Reviewed-by: Pavel Tikhomirov
On 3/16/21 3:21 PM, Alexander Mikhalitsyn wrote:
Patch-set description:
We see a race when reading mountinfo from criu line-by-line. When we
read mountinfo line-by-line and some m
Reviewed-by: Pavel Tikhomirov
Everything looks good. Though note that probably we have some more fs-es
except nfs and ext4 which need the same change in future: devtmpfs,
autofs, binfmt_misc, devpts, fuse, nfsd, proc, ramfs, sysfs, xfs,
mqueue, shmem and rpcpipefs (At least all of them need
fter first m_start pos would be == last_pos + 1, and
after second m_start pos would be == last_pos + 2 and we would forget to
skip mount and will be printing it forever infinitely.
https://jira.sw.ru/browse/PSBM-127476
Signed-off-by: Pavel Tikhomirov
---
fs/namespace.c | 16 ++--
1
r and we get OOPS.
https://jira.sw.ru/browse/PSBM-128205
Fixes: 9041080 ("net/teql: disable "True" (or "trivial") link equalizer inside
a CT")
Signed-off-by: Pavel Tikhomirov
---
net/sched/sch_teql.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/sch
rowse/PSBM-86138
https://jira.sw.ru/browse/PSBM-128649
Rebase from VZ7, with use of FS_VE_MOUNT and with comment cleanup:
83c27c7bffcc1 ("ve/fs/autofs: mark autofs as virtualized")
Signed-off-by: Pavel Tikhomirov
---
fs/autofs/init.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-
Looks good.
On 4/23/21 7:12 PM, Evgenii Shatokhin wrote:
From: Pavel Tikhomirov
Counters are not virtualized, we just remove the leak of host's number
of cpus. Done similar to /proc/cpuinfo, in case of cpu hotplug race with
reading proc, can actually show arbitrary number of lines as we
The corresponding hunk in proc_cgroupstats_show is missing.
On 4/26/21 10:17 AM, Andrey Zhadchenko wrote:
From: Pavel Tikhomirov
Reasons:
1) We don't need to show these cgroups in CT, they are vz specific,
and nobody should use them inside.
2) Docker from v17.11 checks that all cgroup
al commit message somewhere in "Rebased to..." part.
On 4/26/21 1:26 PM, Andrey Zhadchenko wrote:
From: Pavel Tikhomirov
Reasons:
1) We don't need to show these cgroups in CT, they are vz specific,
and nobody should use them inside.
2) Docker from v17.11 checks that all cgroups are m
rt of reqs_available
counter on struct kioctx.
Fixes: f5d1279 ("ve/aio: Add a handle to checkpoint/restore AIO context")
https://jira.sw.ru/browse/PSBM-128710
Reviewed-by: Pavel Tikhomirov
Signed-off-by: Alexander Mikhalitsyn
---
fs/aio.c | 12 +++-
1 file changed, 11 insertions
his reverts commit 34a3e6097c97872df787de4ab6f9cbb9580e6625.
https://jira.sw.ru/browse/PSBM-127785
Signed-off-by: Pavel Tikhomirov
---
net/core/skbuff.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index cedc3dc9f1c60..5cb45c9226fda 100
We drop vznetstat in VZ8 so we don't need to keep (if ever needed to
keep) packet marks when packets are passed between container and host,
or even between different containers.
https://jira.sw.ru/browse/PSBM-127785
Pavel Tikhomirov (2):
ve/veth: drop skb marks on VE boundary
ve/venet:
but let's make it work in both directions.
https://jira.sw.ru/browse/PSBM-127785
(cherry-picked from commit 0de95a0dad7179f73d3877350e32c7a8ff3d2a44)
Signed-off-by: Pavel Tikhomirov
---
drivers/net/venetdev.c | 17 +
1 file changed, 17 insertions(+)
diff --git a/drivers/n
quot;net: sched: sch_teql: fix null-pointer
dereference")
https://jira.sw.ru/browse/PSBM-127780
(cherry-picked from vz7 commit cc97a9f8f1ca17bd454aa8b957cb745065399a20)
Signed-off-by: Pavel Tikhomirov
---
net/sched/sch_teql.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/sched
r and we get OOPS.
Fixes: 87b60cfacf9f ("net_sched: fix error recovery at qdisc creation")
Signed-off-by: Pavel Tikhomirov
Reviewed-by: Eric Dumazet
Signed-off-by: David S. Miller
Container user can crash the node with this, yet only if sch_teql module
is lodaded on the node: this module
: Add glob_kstat, percpu kstat and
account mm stat")
Fixes: 32a31d2ad5e7f ("vzstat: Add base kstat structures and variables")
Signed-off-by: Pavel Tikhomirov
---
init/main.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/init/main.c b/init/main.c
index 6d1ed453617ba..b4ac01
jira.sw.ru/browse/PSBM-81395
Signed-off-by: Andrey Ryabinin
https://jira.sw.ru/browse/PSBM-127780
(cherry-picked from commit 1fcbaf6d1fb218104b0e0f0b7958a384fdb4c075)
Signed-off-by: Pavel Tikhomirov
---
mm/page_alloc.c | 7 +--
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/mm/page
s it is already there.
https://jira.sw.ru/browse/PSBM-127780
Fixes: c30a7bebb0e73 ("kstat: Make kstat_glob::swap_in percpu") [1]
(cherry-picked from vz7 commit 9caa91f6a857ac485b37c67ac24b359a160130a0)
Signed-off-by: Pavel Tikhomirov
---
mm/memory.c | 8 +
Looks good, except one thing - please see below.
On 5/5/21 6:40 PM, Konstantin Khorenko wrote:
Recent versions of containerd (as a part of k3s-1.19.5)
started to apply strict rules when parsing the contents of
'devices.list' files located in the devices cgroup.
Namely, the access token is allowe
1 - 100 of 882 matches
Mail list logo