1)Porting patch "ve: mount option list" by Maxim Patlasov: The patch adds new fields to ve_struct: devmnt_list and devmnt_mutex.
devmnt_list is the head of list of ve_devmnt structs. Each host block device visible from CT can have no more than one struct ve_devmnt linked in ve->devmnt_list. If ve_devmnt is present, it can be found by 'dev' field. Each ve_devmnt struct may bear two strings: hidden and allowed options. hidden_options will be automatically added to CT-user-supplied mount options after checking allowed_options. Only options listed in allowed_options are allowed. devmnt_mutex is to protect operations on the list of ve_devmnt structs. 2)Porting patch "vecalls: VE_CONFIGURE_MOUNT_OPTIONS" by Maxim Patlasov. Reworking the interface using cgroups. Each CT now has a file: [ve_cgroup_mnt_pnt]/[CTID]/ve.mount_opts for configuring permittions for a block device. Below is permittions line example: "0 xxx;1 balloon_ino=12,pfcache_csum,pfcache=/vz/pfcache;2 barrier=1" Here, xxx is st_rdev of device, '1' starts comma-separated list of hidden options, and '2' is allowed ones. Signed-off-by: Kirill Tkhai <ktk...@odin.com> --- include/linux/ve.h | 11 ++++ kernel/ve/ve.c | 148 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 159 insertions(+) diff --git a/include/linux/ve.h b/include/linux/ve.h index 61f31fd..98dd244 100644 --- a/include/linux/ve.h +++ b/include/linux/ve.h @@ -123,6 +123,9 @@ struct ve_struct { struct net *ve_netns; struct mutex sync_mutex; + struct list_head devmnt_list; + struct mutex devmnt_mutex; + struct kmapset_key ve_sysfs_perms; struct list_head ve_cgroup_head; #if IS_ENABLED(CONFIG_DEVTMPFS) @@ -130,6 +133,14 @@ struct ve_struct { #endif }; +struct ve_devmnt { + struct list_head link; + + dev_t dev; + char *allowed_options; + char *hidden_options; /* balloon_ino, etc. */ +}; + #define VE_MEMINFO_DEFAULT 1 /* default behaviour */ #define VE_MEMINFO_SYSTEM 0 /* disable meminfo virtualization */ diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c index ee2435c..e963b56 100644 --- a/kernel/ve/ve.c +++ b/kernel/ve/ve.c @@ -749,6 +749,8 @@ static struct cgroup_subsys_state *ve_create(struct cgroup *cg) INIT_LIST_HEAD(&ve->devices); INIT_LIST_HEAD(&ve->ve_cgroup_head); INIT_LIST_HEAD(&ve->ve_list); + INIT_LIST_HEAD(&ve->devmnt_list); + mutex_init(&ve->devmnt_mutex); kmapset_init_key(&ve->ve_sysfs_perms); return &ve->css; @@ -782,11 +784,33 @@ static void ve_offline(struct cgroup *cg) } } +static void ve_devmnt_free(struct ve_devmnt *devmnt) +{ + if (!devmnt) + return; + + kfree(devmnt->allowed_options); + kfree(devmnt->hidden_options); + kfree(devmnt); +} + +static void free_ve_devmnts(struct ve_struct *ve) +{ + while (!list_empty(&ve->devmnt_list)) { + struct ve_devmnt *devmnt; + + devmnt = list_first_entry(&ve->devmnt_list, struct ve_devmnt, link); + list_del(&devmnt->link); + ve_devmnt_free(devmnt); + } +} + static void ve_destroy(struct cgroup *cg) { struct ve_struct *ve = cgroup_ve(cg); kmapset_unlink(&ve->ve_sysfs_perms, &ve_sysfs_perms); + free_ve_devmnts(ve); ve_log_destroy(ve); kfree(ve->binfmt_misc); @@ -934,6 +958,125 @@ static int ve_legacy_veid_read(struct cgroup *cg, struct cftype *cft, return seq_printf(m, "%u\n", cgroup_ve(cg)->veid); } +/* + * 'data' for VE_CONFIGURE_MOUNT_OPTIONS is a zero-terminated string + * consisting of substrings separated by MNTOPT_DELIM. + */ +#define MNTOPT_DELIM ';' + +/* + * Each substring has the form of "<type> <comma-separated-list-of-options>" + * where types are: + */ +enum { + MNTOPT_DEVICE = 0, + MNTOPT_HIDDEN = 1, + MNTOPT_ALLOWED = 2, +}; + +/* + * 'ptr' points to the first character of buffer to parse + * 'endp' points to the last character of buffer to parse + */ +static int ve_parse_mount_options(const char *ptr, const char *endp, + struct ve_devmnt *devmnt) +{ + while (*ptr) { + const char *delim = strchr(ptr, MNTOPT_DELIM) ? : endp; + char *space = strchr(ptr, ' '); + int type; + char *options, c; + int options_size = delim - space; + char **opts_pp = NULL; /* where to store 'options' */ + + if (delim == ptr || !space || options_size <= 1) + return -EINVAL; + + if (sscanf(ptr, "%d%c", &type, &c) != 2 || c != ' ') + return -EINVAL; + + if (type == MNTOPT_DEVICE) { + unsigned int dev; + if (devmnt->dev) + return -EINVAL; /* Already set */ + if (sscanf(space + 1, "%u%c", &dev, &c) != 2 || + c != ';') + return -EINVAL; + devmnt->dev = new_decode_dev(dev); + goto next; + } + + options = kmalloc(options_size, GFP_KERNEL); + if (!options) + return -ENOMEM; + + strncpy(options, space + 1, options_size - 1); + options[options_size - 1] = 0; + + switch (type) { + case MNTOPT_ALLOWED: + opts_pp = &devmnt->allowed_options; + break; + case MNTOPT_HIDDEN: + opts_pp = &devmnt->hidden_options; + break; + }; + + /* wrong type or already set */ + if (!opts_pp || *opts_pp) { + kfree(options); + return -EINVAL; + } + + *opts_pp = options; +next: + if (!*delim) + break; + + ptr = delim + 1; + } + + if (!devmnt->dev) + return -EINVAL; + return 0; +} + +static int ve_mount_opts_write(struct cgroup *cg, struct cftype *cft, + const char *buffer) +{ + struct ve_struct *ve = cgroup_ve(cg); + struct ve_devmnt *devmnt, *old; + int size, err; + + size = strlen(buffer); + if (size <= 1) + return -EINVAL; + + devmnt = kzalloc(sizeof(*devmnt), GFP_KERNEL); + if (!devmnt) + return -ENOMEM; + + err = ve_parse_mount_options(buffer, buffer + size, devmnt); + if (err) { + ve_devmnt_free(devmnt); + return err; + } + + mutex_lock(&ve->devmnt_mutex); + list_for_each_entry(old, &ve->devmnt_list, link) { + /* Delete old devmnt */ + if (old->dev == devmnt->dev) { + list_del(&old->link); + ve_devmnt_free(old); + break; + } + } + list_add(&devmnt->link, &ve->devmnt_list); + mutex_unlock(&ve->devmnt_mutex); + + return 0; +} + static struct cftype ve_cftypes[] = { { .name = "state", @@ -946,6 +1089,11 @@ static struct cftype ve_cftypes[] = { .flags = CFTYPE_NOT_ON_ROOT, .read_seq_string = ve_legacy_veid_read, }, + { + .name = "mount_opts", + .flags = CFTYPE_NOT_ON_ROOT, + .write_string = ve_mount_opts_write, + }, { } }; _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel