The commit is pushed to "branch-rh10-6.12.0-55.13.1.3.x.vz10-ovz" and will
appear at [email protected]:openvz/vzkernel.git
after rh10-6.12.0-55.13.1.2.24.vz10
------>
commit 6c619f93c38f5c7f13e784fa8eccbdfe63faa7b9
Author: Pavel Tikhomirov <[email protected]>
Date: Wed Dec 10 18:34:26 2025 +0800
ve_namespace: Move cgroup ve_attach() operations to namespace join path
Move operations previously done in the process of joining ve cgroup in
ve_attach() to ve_setup_task() helper and call it from ve namespace join
paths.
This is another step in making the process' ve to be namespace based,
similar to what we did for ->task_ve.
https://virtuozzo.atlassian.net/browse/VSTOR-119941
Signed-off-by: Pavel Tikhomirov <[email protected]>
Feature: ve: ve generic structures
---
include/linux/ve.h | 4 ++++
kernel/ve/ve.c | 52 ++++++++++++++++++++++--------------------------
kernel/ve/ve_namespace.c | 5 +++++
3 files changed, 33 insertions(+), 28 deletions(-)
diff --git a/include/linux/ve.h b/include/linux/ve.h
index cd0e855d38f18..4a42f16c259a3 100644
--- a/include/linux/ve.h
+++ b/include/linux/ve.h
@@ -275,6 +275,8 @@ int ve_net_hide_sysctl(struct net *net);
extern bool is_ve_init_net(const struct net *net);
+void ve_setup_task(struct task_struct *p, struct ve_struct *ve);
+
#else /* CONFIG_VE */
#include <linux/init_task.h>
#define get_ve(ve) ((void)(ve), NULL)
@@ -330,6 +332,8 @@ static inline struct cgroup_subsys_state *css_ve_root1(
static inline int vz_security_family_check(struct net *net, int family, int
type) { return 0; }
static inline int vz_security_protocol_check(struct net *net, int protocol) {
return 0; }
+static inline void ve_setup_task(struct task_struct *p, struct ve_struct *ve)
{ }
+
#endif /* CONFIG_VE */
struct seq_file;
diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c
index 5d28d78a74da4..9e6eda40f4cdd 100644
--- a/kernel/ve/ve.c
+++ b/kernel/ve/ve.c
@@ -1171,33 +1171,6 @@ static int ve_can_attach(struct cgroup_taskset *tset)
return ve_is_attachable(tset);
}
-static void ve_attach(struct cgroup_taskset *tset)
-{
- struct cgroup_subsys_state *css;
- struct task_struct *task;
- extern struct cpuid_override_table __rcu *cpuid_override;
-
- cgroup_taskset_for_each(task, css, tset) {
- struct ve_struct *ve = css_to_ve(css);
-
- /* this probihibts ptracing of task entered to VE from host
system */
- if (VE_IS_RUNNING(ve) && task->mm)
- task->mm->vps_dumpable = VD_VE_ENTER_TASK;
-
- /* Drop OOM protection. */
- task->signal->oom_score_adj = 0;
- task->signal->oom_score_adj_min = 0;
-
- /* Leave parent exec domain */
- task->parent_exec_id--;
-
- ve_set_task_start_time(ve, task);
-
- if (cpuid_override_on())
- set_tsk_thread_flag(task, TIF_CPUID_OVERRIDE);
- }
-}
-
static int ve_state_show(struct seq_file *sf, void *v)
{
struct cgroup_subsys_state *css = seq_css(sf);
@@ -1904,7 +1877,6 @@ struct cgroup_subsys ve_cgrp_subsys = {
.css_offline = ve_offline,
.css_free = ve_destroy,
.can_attach = ve_can_attach,
- .attach = ve_attach,
.legacy_cftypes = ve_cftypes,
.dfl_cftypes = ve_cftypes,
};
@@ -2051,4 +2023,28 @@ int ve_get_cpu_stat(struct ve_struct *ve, struct
kernel_cpustat *kstat)
return err;
}
EXPORT_SYMBOL(ve_get_cpu_stat);
+
+void ve_setup_task(struct task_struct *task, struct ve_struct *ve)
+{
+ if (ve == &ve0)
+ return;
+
+ /* this prohibits ptracing of task entered to VE from host system */
+ if (VE_IS_RUNNING(ve) && task->mm)
+ task->mm->vps_dumpable = VD_VE_ENTER_TASK;
+
+ /* Drop OOM protection. */
+ task->signal->oom_score_adj = 0;
+ task->signal->oom_score_adj_min = 0;
+
+ /* Leave parent exec domain */
+ task->parent_exec_id--;
+
+ ve_set_task_start_time(ve, task);
+
+ if (cpuid_override_on())
+ set_tsk_thread_flag(task, TIF_CPUID_OVERRIDE);
+}
+EXPORT_SYMBOL(ve_setup_task);
+
#endif /* CONFIG_CGROUP_SCHED */
diff --git a/kernel/ve/ve_namespace.c b/kernel/ve/ve_namespace.c
index 9df82c95f3d59..c8f89f57ab039 100644
--- a/kernel/ve/ve_namespace.c
+++ b/kernel/ve/ve_namespace.c
@@ -92,6 +92,9 @@ int copy_ve_ns(unsigned long flags, struct task_struct *p)
p->ve_ns = new_ve_ns;
p->task_ve = new_ve_ns->ve;
+
+ ve_setup_task(p, p->task_ve);
+
return 0;
}
@@ -143,6 +146,8 @@ void switch_ve_namespace(struct task_struct *p, struct
ve_namespace *new)
if (old)
put_ve_ns(old);
+
+ ve_setup_task(p, p->task_ve);
}
void exit_ve_namespace(struct task_struct *p)
_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel
