[Devel] [PATCH RHEL7 COMMIT] ve: Implement current_user_ns_initial() helper

Wed, 07 Oct 2015 03:54:43 -0700 

The commit is pushed to "branch-rh7-3.10.0-229.7.2.vz7.8.x-ovz" and will appear 
at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-229.7.2.vz7.8.3
------>
commit ad166c6dbc2b669ad1fe11e30316c05daf134d0c
Author: Kirill Tkhai <ktk...@odin.com>
Date:   Wed Oct 7 14:47:00 2015 +0400

    ve: Implement current_user_ns_initial() helper
    
    Add a helper which checks if current user_ns is
    the same as ve init_cred's. Will be used in next
    patch.
    
    Signed-off-by: Kirill Tkhai <ktk...@odin.com>
    Acked-by: Vladimir Davydov <vdavy...@virtuozzo.com>
---
 include/linux/ve.h |  6 ++++++
 kernel/ve/ve.c     | 16 ++++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/include/linux/ve.h b/include/linux/ve.h
index 10c150a..86b95c3 100644
--- a/include/linux/ve.h
+++ b/include/linux/ve.h
@@ -214,6 +214,8 @@ void ve_stop_ns(struct pid_namespace *ns);
 void ve_exit_ns(struct pid_namespace *ns);
 int ve_start_container(struct ve_struct *ve);
 
+extern bool current_user_ns_initial(void);
+
 #ifdef CONFIG_TTY
 extern struct tty_driver *vtty_driver(dev_t dev, int *index);
 extern struct tty_driver *vtty_console_driver(int *index);
@@ -236,6 +238,10 @@ static inline int vz_security_protocol_check(struct net 
*net, int protocol) { re
 static inline void ve_stop_ns(struct pid_namespace *ns) { }
 static inline void ve_exit_ns(struct pid_namespace *ns) { }
 
+static inline bool current_user_ns_initial(void)
+{
+       return current_user_ns() == init_cred.user_ns;
+}
 #define kthread_create_on_node_ve(ve, threadfn, data, node, namefmt...)        
\
        kthread_create_on_node_ve(threadfn, data, node, namefmt...)
 
diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c
index aff3b03..12cfa33 100644
--- a/kernel/ve/ve.c
+++ b/kernel/ve/ve.c
@@ -238,6 +238,21 @@ int vz_security_protocol_check(struct net *net, int 
protocol)
 }
 EXPORT_SYMBOL_GPL(vz_security_protocol_check);
 
+/* Check if current user_ns is initial for current ve */
+bool current_user_ns_initial(void)
+{
+       struct ve_struct *ve = get_exec_env();
+       bool ret = false;
+
+       rcu_read_lock();
+       if (ve->ve_ns && ve->init_cred->user_ns == current_user_ns())
+               ret = true;
+       rcu_read_unlock();
+
+       return ret;
+}
+EXPORT_SYMBOL(current_user_ns_initial);
+
 int nr_threads_ve(struct ve_struct *ve)
 {
        return cgroup_task_count(ve->css.cgroup);
@@ -408,6 +423,7 @@ static void ve_drop_context(struct ve_struct *ve)
        put_net(ve->ve_netns);
        ve->ve_netns = NULL;
 
+       /* Allows to dereference init_cred if ve_ns is set */
        rcu_assign_pointer(ve->ve_ns, NULL);
        synchronize_rcu();
        put_nsproxy(ve_ns);
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel

Reply via email to