Re: [Devel] Why real device can't move to container when sysfs is enabled?

This bug is apeared because of http://git.openvz.org/?p=linux-2.6.32-openvz;a=commit;h=3891845e1ef6e6807075d4241966b26f6ecb0a5c sysfs in openvz is virtualized, so changes from this commit isn't suitable for ovz. Please file a kernel bug to http://bugzilla.openvz.org/

Re: [Devel] Boot issues with Fedora 12 + OpenVZ

Is X executed on boot? May be you have https://bugzilla.openvz.org/show_bug.cgi?id=1541 . You can try compile a kernel from git or wait when the new kernel will be released. On 06/10/2010 08:22 PM, Nirmal Guhan wrote: Hi, Am a newbie to openvz so pardon me if the question is basic. Am using F

[Devel] Re: [PATCH] event: fix TP_printk() argument in sched_switch

NACK! This is a perf userspace bug, not a kernel one. Please fix the userspace tool instead. Note, the new version of libparsevent handles this case without issue. Perf just needs to be updated. I don't understand. I've got git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/trace-cmd.git

[Devel] Re: [PATCH 3/4] perf: teach perf inject to merge sched_stat_* and sched_switch events

Hi Arun, On 11/04/2011 04:08 AM, Arun Sharma wrote: On 11/2/11 3:59 PM, Andrew Vagin wrote: + event_sw = (union perf_event *)&ent->header; This causes problems with -Wstrict-aliasing=3. I didn't see any warning, but I reworked this part a bit. I noticed that the suggeste

[Devel] [PATCH] sched: don't call task_group() many times in set_task_rq()

It improves perfomance, especially if autogroup enabled. The size of set_task_rq() was 0x180 and now it is 0xa0. Signed-off-by: Andrew Vagin --- kernel/sched.c | 12 1 files changed, 8 insertions(+), 4 deletions(-) diff --git a/kernel/sched.c b/kernel/sched.c index d87c6e5

[Devel] [PATCH 3/7] perf: add ability to change event according to sample (v2)

It's opposition of perf_session__parse_sample. v2: fixed mistakes which David Arhen found Signed-off-by: Andrew Vagin --- tools/perf/util/event.h |2 + tools/perf/util/evsel.c | 74 + tools/perf/util/session.h |9 + 3 files ch

[Devel] [PATCH 0/7] Profiling sleep times (v3)

all known issues. Now it works completely. * Improved usability of sched-stat scripts according with Arun's comments. v3: fixed accoding to comments from David Ahem Andrew Vagin (7): perf: use event_name() to get an event name perf: add ability to record event period perf: add ability to c

[Devel] [PATCH 6/7] perf: add scripts for profiling sleep times (v2)

script executes a target process. Signed-off-by: Andrew Vagin --- tools/perf/scripts/python/bin/sched-stat-record | 65 +++ tools/perf/scripts/python/bin/sched-stat-report |5 ++ 2 files changed, 70 insertions(+), 0 deletions(-) create mode 100644 tools/perf/scripts

[Devel] [PATCH 2/7] perf: add ability to record event period

Signed-off-by: Andrew Vagin --- tools/perf/builtin-record.c |5 + 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/tools/perf/builtin-record.c b/tools/perf/builtin-record.c index 6ab58cc..e3b7fc4 100644 --- a/tools/perf/builtin-record.c +++ b/tools/perf/builtin-record.c

[Devel] [PATCH 5/7] perf: teach perf inject to merge sched_stat_* and sched_switch events

sched_switch event, because this event contains a correct callchain. By another words it replaces all stat_iowait events on proper sched_switch events. Signed-off-by: Andrew Vagin --- tools/perf/builtin-inject.c | 87 +++ 1 files changed, 87 insertions(+), 0

[Devel] [PATCH 1/7] perf: use event_name() to get an event name

perf_evsel.name may be not initialized Signed-off-by: Andrew Vagin --- tools/perf/util/header.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index bcd05d0..33c17a2 100644 --- a/tools/perf/util/header.c +++ b/tools

[Devel] [PATCH 4/7] perf: teach "perf inject" to work with files

Before this patch "perf inject" can only handle data from pipe. I want to use "perf inject" for reworking events. Look at my following patch. Signed-off-by: Andrew Vagin --- tools/perf/builtin-inject.c | 33 +++-- 1 files changed, 31 insert

[Devel] [PATCH 7/7] event: add tracepoint for accounting block time

This tracepoint shows how long a task is sleeping in uninterruptible state. E.g. It may show how long and where a mutex is waited. Signed-off-by: Andrew Vagin --- include/trace/events/sched.h |7 +++ kernel/sched_fair.c |2 ++ 2 files changed, 9 insertions(+), 0 deletions

[Devel] [PATCH 2/6] perf: add ability to change event according to sample (v3)

It's opposition of perf_session__parse_sample. v2: fixed mistakes which David Arhen found v3: s/data/sample/ s/perf_event__change_sample/perf_event__synthesize_sample Reviewed-by: David Ahern Signed-off-by: Andrew Vagin --- tools/perf/util/event.h |2 + tools/perf/util/ev

[Devel] [PATCH 3/6] perf: add ability to record event period

Signed-off-by: Andrew Vagin --- tools/perf/builtin-record.c |1 + tools/perf/perf.h |1 + tools/perf/util/evsel.c |3 +++ 3 files changed, 5 insertions(+), 0 deletions(-) diff --git a/tools/perf/builtin-record.c b/tools/perf/builtin-record.c index 766fa0a..f8fd14f

[Devel] [PATCH 5/6] perf: teach perf inject to merge sched_stat_* and sched_switch events

sched_switch event, because this event contains a correct callchain. By another words it replaces all stat_iowait events on proper sched_switch events. Signed-off-by: Andrew Vagin --- tools/perf/builtin-inject.c | 99 -- 1 files changed, 94 insertions(+), 5

[Devel] [PATCH 0/7] Profiling sleep times (v4)

all known issues. Now it works completely. * Improved usability of sched-stat scripts according with Arun's comments. v3: fixed accoding to comments from David Ahem v4: rebase to linux-tip Andrew Vagin (6): perf: use event_name() to get an event name perf: add ability to change event according to

[Devel] [PATCH 4/6] perf: teach "perf inject" to work with files

Before this patch "perf inject" can only handle data from pipe. I want to use "perf inject" for reworking events. Look at my following patch. Signed-off-by: Andrew Vagin --- tools/perf/builtin-inject.c | 33 +++-- 1 files changed, 31 insert

[Devel] [PATCH 6/6] perf: add scripts for profiling sleep times (v2)

script executes a target process. Signed-off-by: Andrew Vagin --- tools/perf/scripts/python/bin/sched-stat-record | 65 +++ tools/perf/scripts/python/bin/sched-stat-report |5 ++ 2 files changed, 70 insertions(+), 0 deletions(-) create mode 100644 tools/perf/scripts

[Devel] [PATCH 1/6] perf: use event_name() to get an event name

perf_evsel.name may be not initialized Signed-off-by: Andrew Vagin --- tools/perf/util/header.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index 9272f3a..5b01449 100644 --- a/tools/perf/util/header.c +++ b/tools

[Devel] Re: [PATCH 3/6] perf: add ability to record event period

anks. On 12/07/2011 05:55 PM, Andrew Vagin wrote: Signed-off-by: Andrew Vagin --- tools/perf/builtin-record.c |1 + tools/perf/perf.h |1 + tools/perf/util/evsel.c |3 +++ 3 files changed, 5 insertions(+), 0 deletions(-) diff --git a/tools/perf/builtin-record.c b/too

[Devel] Re: [PATCH 3/6] perf: add ability to record event period

On 12/20/2011 12:58 AM, Arnaldo Carvalho de Melo wrote: Em Fri, Dec 16, 2011 at 11:13:07AM +0400, Andrew Vagin escreveu: Hi Arnaldo, Could you review and commit this patch. It's quite common functionality, which allow to get events more effectively and to avoid losing events. All

[Devel] [PATCH] perf: add ability to record event period

patch "events: Don't divide events if it has field period" added a kernel part of this functionality. Signed-off-by: Andrew Vagin Acked-by: Arun Sharma --- tools/perf/builtin-record.c |1 + tools/perf/perf.h |1 + tools/perf/util/evsel.c |3 +++ 3 files c

Re: [Devel] [PATCH 10/10] get_num_cpu(): refactored

On Tue, May 07, 2013 at 02:42:12PM +0800, Igor Podlesny wrote: > 1) Macro MAX_OF(a, b) introduced; > 2) FILE *fd init when declaring; > 3) When comparing variable to const, put const first, then variable > -- to reduce typo risk of unintended assignment; > 4) Buffer moved into closer scope. >

Re: [Devel] [PATCH 10/10] get_num_cpu(): refactored

On Tue, May 07, 2013 at 06:17:17PM +0800, Igor M Podlesny wrote: > >> > >> - if ((fd = fopen(PROCCPU, "r")) == NULL) { > >> + if (NULL == fd) { > > > > Pls, follow the current coding style. > > if (fd === NULL) > >Somebody suffers from too much PHP, too much, doesn't he? ) WTF

Re: [Devel] [PATCH 0/8] [RFC] vzctl: Dump/restore of upstream containers

Add Glauber in CC On Wed, May 15, 2013 at 08:10:45PM +0400, Andrey Vagin wrote: > Don't commit these patch, just look at them and send me comments. > > This patches have not been tested on OpneVZ CT-s:) > > Andrey Vagin (8): > vzctl: save a pid of init in a state file > vzctl: split ct_env_c

Re: [Devel] [CRIU] [PATCH 1/6] vzctl: split ct_env_create

On Thu, May 16, 2013 at 08:47:19PM +0400, Andrey Wagin wrote: > 2013/5/16 Glauber Costa : > > On 05/16/2013 04:14 PM, Andrey Vagin wrote: > >> + ret = ct_env_create_real(arg); > >> + if (ret < 0) > >> return VZ_RESOURCE_ERROR; > >> - } > > > > Isn't it better to just keep

Re: [Devel] [PATCH 2/6] vzctl: save PID of init in a state file

On Thu, May 16, 2013 at 08:25:57PM +0400, Glauber Costa wrote: > On 05/16/2013 04:14 PM, Andrey Vagin wrote: > > CRIU requires a pid of the init. > > > > Signed-off-by: Andrey Vagin > > The way you coded it, it seems to me that we will always overwrite the > pid file, which is fine: this way we

Re: [Devel] [CRIU] [PATCH 1/6] vzctl: split ct_env_create

On Fri, May 17, 2013 at 10:24:55AM -0700, Kir Kolyshkin wrote: > On 05/16/2013 09:47 AM, Andrey Wagin wrote: > >2013/5/16 Glauber Costa : > >>On 05/16/2013 04:14 PM, Andrey Vagin wrote: > >>>+ ret = ct_env_create_real(arg); > >>>+ if (ret < 0) > >>> return VZ_RESOURCE_ERROR; >

Re: [Devel] [CRIU] [PATCH 1/6] vzctl: split ct_env_create

On Sun, May 19, 2013 at 12:12:47PM -0700, Kir Kolyshkin wrote: > On 05/19/2013 11:59 AM, Andrew Vagin wrote: > >On Fri, May 17, 2013 at 10:24:55AM -0700, Kir Kolyshkin wrote: > >>On 05/16/2013 09:47 AM, Andrey Wagin wrote: > >>>2013/5/16 Glauber Costa : > >>

[Devel] [PATCH] ploop: try to use fallocate to allocate raw images

It's much faster than writing zeros --- lib/ploop.c | 15 ++- 1 files changed, 14 insertions(+), 1 deletions(-) diff --git a/lib/ploop.c b/lib/ploop.c index 1af227c..9a371dd 100644 --- a/lib/ploop.c +++ b/lib/ploop.c @@ -397,7 +397,7 @@ out_close: static int create_raw_delta(cons

Re: [Devel] [PATCH 1/2] vzctl: synchronize CRIU with vzctl (v2)

On Fri, May 31, 2013 at 01:38:06PM -0700, Kir Kolyshkin wrote: > >+snprintf(ctpath, STR_SIZE, "%s/%d", NETNS_RUN_DIR, arg->veid); > >+snprintf(pidpath, STR_SIZE, "/proc/%d/ns/net", ret); > >+if (symlink(pidpath, ctpath)) { > >+logger(-1, errno, "Can't symlink into netns file

Re: [Devel] [PATCH 1/2] hooks_ct: mount /proc and /sys before umounting the old root

Pls ignore these patches. On Mon, Jan 20, 2014 at 02:20:29PM +0400, Andrey Vagin wrote: > Here is workaround for the kernel commit: > > commit e51db73532955dc5eaba4235e62b74b460709d5b > Author: Eric W. Biederman > Date: Sat Mar 30 19:57:41 2013 -0700 > > userns: Better restrictions on whe

Re: [Devel] [PATCH 2/2] hook_ct: bind mount the host /dev directory in CT

On Mon, Jan 20, 2014 at 03:48:01PM +0400, Andrey Vagin wrote: > All modern distributions require devtmpfs in /dev. devtmpfs can't > be mounted from userns. This patch bind-mounts the host /dev. > It's secure, because permissions are handled according with uid and > gid maps for the user namespace.

Re: [Devel] [PATCH] prestart.sh: remove fixup_udev() completely

On Wed, Jan 22, 2014 at 03:06:38PM -0800, Kir Kolyshkin wrote: > The whole point of fixup_udev() was to wait for container to be started > and then umount those mounts done from the inside of container, in order > to uncover the mounts previously done by vzctl. > > Now, previous commit removes tho

Re: [Devel] [PATCH] hook_ct: mount devtmpfs in CT

On Wed, Jan 22, 2014 at 05:12:12PM -0800, Kir Kolyshkin wrote: > On 01/22/2014 02:37 AM, Andrey Vagin wrote: > >All modern distributions require devtmpfs in /dev. devtmpfs can't > >be mounted from userns. This patch bind-mounts the host /dev. > >It's secure, because permissions are handled accordin

Re: [Devel] [PATCH] hoot_ct: do not change a set of CT0's mountpoints

On Thu, Jan 30, 2014 at 03:20:37PM +0400, Pavel Emelyanov wrote: > On 01/30/2014 02:51 AM, Kir Kolyshkin wrote: > > On 01/29/2014 01:05 PM, Andrey Vagin wrote: > >> for that we must remount root with MS_PRIVATE before doing anything else. > >> > >> https://bugzilla.openvz.org/show_bug.cgi?id=2879 >

[Devel] [PATCH 0/5] Replace vzethdev on veth

Add two ioctls to enable vz specific features and to control changing of mac addresses. https://jira.sw.ru/browse/PSBM-32276 https://jira.sw.ru/browse/PSBM-26974 Andrew Vagin (5): vz: remove vzethdev veth: add ability to enable vz-specific features veth: filter packages accoding with mac

[Devel] [PATCH 1/5] vz: remove vzethdev

We are going to use the upstream veth Signed-off-by: Andrew Vagin --- config.OpenVZ |1 - drivers/net/Makefile |1 - drivers/net/vzethdev.c| 697 - include/uapi/linux/veth.h | 25 -- kernel/Kconfig.openvz |8

[Devel] [PATCH 2/5] veth: add ability to enable vz-specific features

For example, vzethdev filters packages accoding with mac addresses. Signed-off-by: Andrew Vagin --- drivers/net/veth.c| 24 include/uapi/linux/veth.h |2 ++ 2 files changed, 26 insertions(+), 0 deletions(-) diff --git a/drivers/net/veth.c b/drivers/net

[Devel] [PATCH 4/5] veth: add ability to prevent changing of a mac address from a container

Add the SIOCSFIXEDADDR ioctl. If we want to forbid changing a mac address of a veth devices, we need to call this ioctl and set ifr_ifru.ifru_flags to 1. And we need to set ifr_ifru.ifru_flags to 0 to allow changing mac address. This ioctl is protected by CAP_NET_ADMIN. Signed-off-by: Andrew

[Devel] [PATCH 3/5] veth: filter packages accoding with mac addresses

Only if the NETIF_F_VENET flag is set. A containers doesn't get and send packages with an mac address which doesn't belong to it. Signed-off-by: Andrew Vagin --- drivers/net/veth.c | 30 ++ 1 files changed, 30 insertions(+), 0 deletions(-) diff --git

[Devel] [PATCH 5/5] veth: don't drop skb->mark if NETIF_F_VENET is set

It's required for the virtuozzo traffic shaping. Signed-off-by: Andrew Vagin --- net/core/skbuff.c |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/net/core/skbuff.c b/net/core/skbuff.c index 05011c2..a8b8b86 100644 --- a/net/core/skbuff.c +++ b/net/core/skb

Re: [Devel] [PATCH rh7] net: Use {get, put}_net() in inet_twsk_{alloc, free}()

On Wed, May 27, 2015 at 02:32:22PM +0300, Kirill Tkhai wrote: > hold_net() doesn't increment net refcounter if NETNS_REFCNT_DEBUG > is not defined. In this case inet_twdr_do_twkill_work() may happen > after network is destoyed and lead to memory corruption like this > happened in https://jira.sw.ru

Re: [Devel] [PATCH 0/5] Replace vzethdev on veth

On Thu, May 28, 2015 at 03:06:55PM +0400, Andrew Vagin wrote: > Add two ioctls to enable vz specific features and to control changing of mac > addresses. > > https://jira.sw.ru/browse/PSBM-32276 > https://jira.sw.ru/browse/PSBM-26974 Kirill, could you review this series. >

Re: [Devel] [PATCH rh7] netfilter: account x_tables to ub

On Thu, May 28, 2015 at 05:43:18PM +0300, Vladimir Davydov wrote: > This patch ports the code accounting netfilter/x_tables to ub > (UB_NUMXTENT) from RH6. > > Related to https://jira.sw.ru/browse/PSBM-20089 > > Signed-off-by: Vladimir Davydov > --- > include/linux/netfilter/x_tables.h | 4 +++

Re: [Devel] [PATCH rh7] netfilter: account x_tables to ub

Acked-by: Andrew Vagin On Thu, May 28, 2015 at 05:43:18PM +0300, Vladimir Davydov wrote: > This patch ports the code accounting netfilter/x_tables to ub > (UB_NUMXTENT) from RH6. > > Related to https://jira.sw.ru/browse/PSBM-20089 > > Signed-off-by: Vladimir Davydov >

Re: [Devel] [PATCH] ve: Kill tcp_v4_kill_ve_sockets()

Acked-by: Andrew Vagin I'm agree that we need to remove this function, but I don't know how it fixes the bug. On Fri, May 29, 2015 at 04:53:39PM +0300, Kirill Tkhai wrote: > This is a leftover from earlier versions of PCS, > and we do not need that functionality in 3.10. >

Re: [Devel] [PATCH rh7] ve/kobj: Send events per VE instead of all net-namespaces broadcasting

On Wed, Jun 03, 2015 at 03:55:44PM +0300, Cyrill Gorcunov wrote: > Currently uevents are sending broadcastly to all net-namespaces present > in the system which is leading to problem of C/R'ing systemd based > containers (netlink socket sees data from the node and we can't dump > until the data is

Re: [Devel] [PATCH 3/5] veth: filter packages accoding with mac addresses

On Thu, Jun 04, 2015 at 02:29:50PM +0300, Kirill Tkhai wrote: > Hi, Andrew, > > please, see the comment below > > В Чт, 28/05/2015 в 15:06 +0400, Andrew Vagin пишет: > > Only if the NETIF_F_VENET flag is set. > > > > A containers doesn't get and send

Re: [Devel] [PATCH rh7 0/6] oom_score_adj fixes

33849 Acked-by: Andrew Vagin > > Vladimir Davydov (6): > memcg: add function to get max mem+swap > proc: use memcg limits for showing oom_score inside CT > mm: ignore oom_score_adj of containerized tasks on global OOM > proc: allow to set oom_score_adj from inside a containe

Re: [Devel] [PATCH 0/5] Replace vzethdev on veth

hange MAC can be re-enabled by calling SIOCSFIXEDADDR > ioctl with ifr_ifru.ifru_flags set to 0. > >Note: MAC change prevention will work _only_ after ioctl SIOCSVENET is > called on a veth interface. It looks good. Thank you for this description. > > -- > Best regards, &g

Re: [Devel] [PATCH 0/5] Replace vzethdev on veth

); return 1; } return 0; } > -- > Best regards, > > Konstantin Khorenko, > Virtuozzo Linux Kernel Team > > On 05/28/2015 02:06 PM, Andrew Vagin wrote: > > Add two ioctls to enable vz specific features and to control changing of > > ma

Re: [Devel] [PATCH 12/14] ipset: prohibit ipset from the inside CT

On Mon, Jun 08, 2015 at 05:22:25PM +0300, Kirill Tkhai wrote: > Port diff-ve-netfilter-ipset-prohibit-ipset-from-the-inside-CT from 2.6.32: > > Currently a CT owner can configure ipset rules which are not virtualized => > affect the whole Hardware Node. > > We are going to virtualize ipset in PCS

Re: [Devel] [PATCH 04/14] Subject: ve/net/bridge: don't set NULL in skb->dev

On Mon, Jun 08, 2015 at 05:20:39PM +0300, Kirill Tkhai wrote: > Porting patches diff-ve-net-bridge-dont-set-NULL-in-skb-dev > and diff-ve-net-bridge-dont-forget-to-init-master_dev from 2.6.32: > > skb->dev can't be NULL, because it is accessed from netfilters > without testing. > > In the upstrea

Re: [Devel] [PATCH criu-stable 1/3] mount: don't lose shared options for bind mounts

Do we need these patches for the upstram criu? On Mon, Jun 25, 2018 at 05:39:53PM +0300, Pavel Tikhomirov wrote: > When we bind-mount something as a child of shared group, child will be > created shared, so we should fix sharing flags after bind but not > before. > > Bigger problem we face is: wh

Re: [Devel] [PATCH rh7] veth: fix skb leak in veth_xmit

gt; > Fixes: 69a0d2fdb4efd ("ve/veth: filter packages accoding with mac addresses") Acked-by: Andrew Vagin > Signed-off-by: Vladimir Davydov > --- > drivers/net/veth.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/drivers/net/veth.c b/drivers/ne

Re: [Devel] [PATCH RH7 0/3] capability fixes for docker

ra.sw.ru/browse/PSBM-34523 > > to test without CAP_SYS_ADMIN and CAP_NET_ADMIN: > vzctl set 206 --capability net_admin:off \ > --capability sys_admin:off --save > Reviewed-by: Andrew Vagin > Pavel Tikhomirov (3): > vfs: allow mount/umount, pivot_root with CAP_VE_SYS_A

Re: [Devel] [PATCH rh7] sysfs/ve: do not inherit ve permissions from parent

On Fri, Jul 03, 2015 at 03:48:03PM +0300, Vladimir Davydov wrote: > Otherwise when a new ploop is created, all containers that have access > to devices/virtual/block will gain access to the new ploop too, which is > a security breach. > > https://jira.sw.ru/browse/PSBM-34682 A

[Devel] [PATCH] tty: call device_destroy_namespace only for containerized drivers

Containerized drivers save ve in drvdata, but other drivers can use drvdata for own needs. For example, uart_add_one_port calls tty_port_register_device_attr with non-zero drvdata https://jira.sw.ru/browse/PSBM-33971 Cc: Cyrill Gorcunov Signed-off-by: Andrew Vagin --- drivers/tty/tty_io.c

Re: [Devel] [PATCH rh7] net: Add ipt_mask checks into ip6table_nat

On Mon, Jul 13, 2015 at 03:08:48PM +0300, Kirill Tkhai wrote: > Register pernet table only if it's allowed. > > https://jira.sw.ru/browse/PSBM-34748 > Acked-by: Andrew Vagin > Signed-off-by: Kirill Tkhai > --- > net/ipv6/netfilter/ip6table_nat.c |8 >

Re: [Devel] [PATCH rh7] ve/devpts: Force devpts mounting to use @newinstance inside VE

On Fri, Jul 17, 2015 at 06:33:48PM +0300, Cyrill Gorcunov wrote: > Modern systemd based containers (such as fedora-21, centos-7) already > mounting initial devpts filesystem with @newinstance option but it > turned out that ubuntu-14 lts doesn't, which makes restore procedure > to fail because we'r

Re: [Devel] [RFC rh7] ve/vznetstat: Move VE networks statistics allocation into a commaon place

On Sat, Jul 18, 2015 at 10:40:23AM +0300, Cyrill Gorcunov wrote: > + > +static void __exit __exit_venetstat(void) > +{ > + struct ve_struct *ve; > + > + mutex_lock(&ve_list_lock); > + for_each_ve(ve) { > + venet_acct_put_stat(ve->stat); > + ve->stat = NULL; > +

Re: [Devel] [PATCH rh7] ve/tty: vt -- Implement per VE support for virtual consoles

done the userspace utility may > open up slave peer and read/write data to/from. Note the > slave may be opened if onlt a master peer been previously > opened. > > https://jira.sw.ru/browse/PSBM-34533 > https://jira.sw.ru/browse/PSBM-34532 > https://jira.sw.ru/browse/PSBM-34107 > ht

Re: [Devel] [PATCH rh7] net: Fix vlan NETIF_F_VIRTUAL feature initialization

be set always, independent > of dev_net(). Anyway, in further we test it only if > ve is not super. Also, others (loopback for exmple) set > it always too. > > https://jira.sw.ru/browse/PSBM-35266 > Acked-by: Andrew Vagin > Signed-off-by: Kirill Tkhai > --- > net

[Devel] [PATCH 1/2] userns: Allow PR_CAPBSET_DROP in a user namespace.

t; Signed-off-by: Andrew Vagin --- security/commoncap.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/security/commoncap.c b/security/commoncap.c index 3d7811d..59ff538 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -852,7 +852,7 @@ static int cap_

[Devel] [PATCH 2/2] fs: allow to mount devtmpfs in a non-root userns

devtmpfs is virtualized, so it has to be secure. Signed-off-by: Andrew Vagin --- drivers/base/devtmpfs.c |5 - 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/drivers/base/devtmpfs.c b/drivers/base/devtmpfs.c index c28e42c..66c8dd2 100644 --- a/drivers/base/devtmpfs.c

[Devel] [PATCH 1/3] cred: add ve_capable to check capabilities relative to the current VE

We want to allow a few operations in VE. Currently we use nsown_capable, but it's wrong, because in this case we allow these operations in any user namespace. Signed-off-by: Andrew Vagin --- fs/autofs4/root.c |6 ++ fs/ioprio.c|2 +- fs/na

[Devel] [PATCH 2/3] ve: revise permissions to allow mount smth

Return back to the behavior of the upstream kernel. Currently we use mount namespaces and need nothing special here. Signed-off-by: Andrew Vagin --- fs/namespace.c |4 +--- 1 files changed, 1 insertions(+), 3 deletions(-) diff --git a/fs/namespace.c b/fs/namespace.c index 593b262..77a1ede

[Devel] [PATCH 3/3] ve: remove ns_capable(CAP_VE.*)

If we use user namespaces, we don't need to have special capabilities. Signed-off-by: Andrew Vagin --- fs/proc/root.c |3 +-- ipc/mqueue.c|3 +-- ipc/util.c |2 +- kernel/nsproxy.c|6 ++ kernel/

[Devel] [PATCH 2/2] fs: allow to mount devtmpfs in a non-root userns (v2)

devtmpfs is virtualized, so it has to be secure. v2: fix return code Signed-off-by: Andrew Vagin --- drivers/base/devtmpfs.c |5 - 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/drivers/base/devtmpfs.c b/drivers/base/devtmpfs.c index c28e42c..f21e292 100644 --- a

[Devel] [PATCH] cred: add ve_capable to check capabilities relative to the current VE (v2)

We want to allow a few operations in VE. Currently we use nsown_capable, but it's wrong, because in this case we allow these operations in any user namespace. v2: take ve0->cred if the currect ve isn't running Signed-off-by: Andrew Vagin --- fs/autofs4/root.c |

[Devel] [PATCH 2/7] Revert "ve/net/ioctl: allow change net-device name with CAP_VE_NET_ADMIN"

This reverts commit 9118029490d75eee8ea1c8513412b55b94be92d9. Signed-off-by: Andrew Vagin --- net/core/dev_ioctl.c |5 + 1 files changed, 1 insertions(+), 4 deletions(-) diff --git a/net/core/dev_ioctl.c b/net/core/dev_ioctl.c index 77df687..d407219 100644 --- a/net/core/dev_ioctl.c

[Devel] [PATCH 1/7] Revert "ve/net: allow containers create bridges with CAP_VE_NET_ADMIN"

This reverts commit 52b6df12cf62fc92edadcec3860f6418d4d8333e. Signed-off-by: Andrew Vagin --- net/bridge/br_ioctl.c | 33 +++-- net/core/dev_ioctl.c |8 2 files changed, 15 insertions(+), 26 deletions(-) diff --git a/net/bridge/br_ioctl.c b/net

[Devel] [PATCH 3/7] Revert "ve/rtnl: allow move network devices into network namespace in CT"

This reverts commit b238eaaf8029c022899ee874132814bd1be5551f. Signed-off-by: Andrew Vagin --- net/core/rtnetlink.c |3 +-- 1 files changed, 1 insertions(+), 2 deletions(-) diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index 2e8b10f..0d2df96 100644 --- a/net/core/rtnetlink.c

[Devel] [PATCH 4/7] net: remove CAP_VE_NET_ADMIN from "ve/netfilter: Basic ve transformations"

Signed-off-by: Andrew Vagin --- net/ipv4/netfilter/ip_tables.c | 12 net/ipv6/netfilter/ip6_tables.c | 12 2 files changed, 8 insertions(+), 16 deletions(-) diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 31eda61..bbcb355 100644

[Devel] [PATCH 7/7] Remove CAP_VE_* from "ve/ns: Port diff-ve-ns-allow-create-new-pid-ipc-and-utc-namespaces"

Signed-off-by: Andrew Vagin --- kernel/nsproxy.c |3 +-- 1 files changed, 1 insertions(+), 2 deletions(-) diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c index 9e1dda3..62aebc8 100644 --- a/kernel/nsproxy.c +++ b/kernel/nsproxy.c @@ -136,8 +136,7 @@ int copy_namespaces(unsigned long flags

[Devel] [PATCH 6/7] Revert "ve/proc/ipc: allow mount proc and mqueue inside container"

This reverts commit 7ae5af469667a2a5e1803a5a65fc16d9d6b3b965. Signed-off-by: Andrew Vagin --- fs/proc/root.c |3 +-- ipc/mqueue.c |3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/fs/proc/root.c b/fs/proc/root.c index 0b7dbdb..88be7c2 100644 --- a/fs/proc/root.c

[Devel] [PATCH 5/7] Remove CAP_VE_* from "Initial patch commit + compilation fixes"

Signed-off-by: Andrew Vagin --- ipc/util.c |2 +- kernel/nsproxy.c|3 +-- kernel/sys.c|4 ++-- net/core/dev_ioctl.c|6 ++ net/core/ethtool.c |3 +-- net/core/rtnetlink.c|3

Re: [Devel] [PATCH vz7 2/3] venet: add newlink and dellink callbacks to rtnetlink operations

On Mon, Sep 21, 2015 at 07:44:31PM +0400, Stanislav Kinsburskiy wrote: > From: Stanislav Kinsburskiy > > This functions are mostly duplicating existent code in per-net hooks, except > some initialization and locking, which are performed in rtnetlink layer. > > https://jira.sw.ru/browse/PSBM-2344

Re: [Devel] [PATCH vz7 3/3] venet: remove per-net hooks and related code

On Mon, Sep 21, 2015 at 07:44:36PM +0400, Stanislav Kinsburskiy wrote: > From: Stanislav Kinsburskiy > > Venete device is now constructed via netlink interface > > https://jira.sw.ru/browse/PSBM-23441 This patch should not be commited until vzctl will start use the new interface. > > Signed-o

Re: [Devel] [PATCH vz7 2/3] venet: add newlink and dellink callbacks to rtnetlink operations

On Tue, Sep 22, 2015 at 11:40:03AM +0200, Stanislav Kinsburskiy wrote: > > > 22.09.2015 11:36, Andrew Vagin пишет: > >On Mon, Sep 21, 2015 at 07:44:31PM +0400, Stanislav Kinsburskiy wrote: > >>From: Stanislav Kinsburskiy > >> > >>This functions are m

Re: [Devel] [PATCH vz7 2/3] venet: add newlink and dellink callbacks to rtnetlink operations

On Tue, Sep 22, 2015 at 01:20:11PM +0200, Stanislav Kinsburskiy wrote: > > > 22.09.2015 13:15, Andrew Vagin пишет: > >On Tue, Sep 22, 2015 at 11:40:03AM +0200, Stanislav Kinsburskiy wrote: > >> > >>22.09.2015 11:36, Andrew Vagin пишет: > >>>On Mon

Re: [Devel] [PATCH vz7 2/3] venet: add newlink and dellink callbacks to rtnetlink operations

On Tue, Sep 22, 2015 at 02:38:45PM +0200, Stanislav Kinsburskiy wrote: > > > 22.09.2015 13:28, Andrew Vagin пишет: > >On Tue, Sep 22, 2015 at 01:20:11PM +0200, Stanislav Kinsburskiy wrote: > >> > >>22.09.2015 13:15, Andrew Vagin пишет: > >>>On Tue

Re: [Devel] [PATCH vz7 v3 0/3] Series short description

Acked-by: Andrew Vagin Thanks. On Tue, Sep 22, 2015 at 05:49:07PM +0400, Stanislav Kinsburskiy wrote: > This series add venet device creation and destruction support via netlink. > It also removes device creation via per-net init hook. > > https://jira.sw.ru/browse/PSBM-23441 >

Re: [Devel] [PATCH rh7 v2] fs: Allow to mount ext4 and binfmt_misc under non-root ns

On Mon, Oct 05, 2015 at 02:47:49PM +0300, Kirill Tkhai wrote: > https://jira.sw.ru/browse/PSBM-40100 > > v2: Check that user_ns is initial for the ve. > NB: "vzctl enter" does not use initial cred, > so I tested that using /etc/rc.local script. > > Signed-off-by: Kirill Tkhai > --- > fs/binfmt_

[Devel] [PATCH] fs: don't add MNT_NODEV for ve mounts

Reported-by: Pavel Tikhomirov Signed-off-by: Andrew Vagin --- fs/namespace.c |8 +++- scripts/basic/fixdep | Bin 13875 -> 14262 bytes 2 files changed, 7 insertions(+), 1 deletions(-) diff --git a/fs/namespace.c b/fs/namespace.c index 77a1ede..1377488 100644 --- a/fs/namespac

Re: [Devel] [PATCH RH7 2/2] Revert "Revert "ve: caps: ignore setting wrong caps with CAP_SETPCAP""

On Wed, Oct 07, 2015 at 11:51:07AM +0300, Pavel Tikhomirov wrote: > This reverts commit 750558eb81ef22527ee1d5fc5b5081410cffda29. Pls, write commit message with explanation why do we need this changes. In this case we need to find out who drop this capabilities. I think vzctl does this. You can l

Re: [Devel] [PATCH rh7] user_ns: Enable USER_NS /proc/$pid/ns/user link

On Tue, Oct 06, 2015 at 01:15:38PM +0300, Kirill Tkhai wrote: > Since we use user_ns inside a CT, vzctl should have > a possibility to enter a VE using it's init_cred->user_ns. > > setns is allowed for a tasks who are CAP_SYSADMIN in the ns, > i.e. a task from a parent user_ns, but vice versa is n

[Devel] [PATCH 07/13] mm: allow drivers to prevent new writable mappings

Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Andrew Vagin --- fs/inode.c |1 + include/linux/fs.h | 29 +++-- kernel/fork.c |2 +- mm/mmap.c | 30 -- mm/swap_state.c|1 + 5

[Devel] [PATCH 03/13] prctl: PR_SET_MM -- introduce PR_SET_MM_MAP operation

nterface is implemented in the kernel one can pass PR_SET_MM_MAP_SIZE opcode and the kernel returns the size of currently supported struct prctl_mm_map. [a...@linux-foundation.org: fix 80-col wordwrap in macro definitions] Signed-off-by: Cyrill Gorcunov Cc: Kees Cook Cc: Tejun Heo Acked-by: Andrew Vagin Tes

[Devel] [PATCH 01/13] mm: introduce check_data_rlimit helper

From: Cyrill Gorcunov ML: 9c5990240e076ae564cccbd921868cd08f6daaa5 To eliminate code duplication lets introduce check_data_rlimit helper which we will use in brk() and prctl() syscalls. Signed-off-by: Cyrill Gorcunov Cc: Kees Cook Cc: Tejun Heo Cc: Andrew Vagin Cc: Eric W. Biederman Cc: H

[Devel] [PATCH 10/13] selftests: add memfd_create() + sealing tests

: Daniel Mack Cc: Andy Lutomirski Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Andrew Vagin --- tools/testing/selftests/Makefile |1 + tools/testing/selftests/memfd/.gitignore |2 + tools/testing/selftests/memfd/Makefile | 29 + tools/testing

[Devel] [PATCH 02/13] prctl: PR_SET_MM -- factor out mmap_sem when updating mm::exe_file

Cc: Kees Cook Cc: Tejun Heo Cc: Andrew Vagin Cc: Eric W. Biederman Cc: H. Peter Anvin Acked-by: Serge Hallyn Cc: Pavel Emelyanov Cc: Vasiliy Kulikov Cc: KAMEZAWA Hiroyuki Cc: Michael Kerrisk Cc: Julien Tinnes Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: And

[Devel] [PATCH 09/13] shm: add memfd_create() syscall

6/syscalls/syscall_32.tbl arch/x86/syscalls/syscall_64.tbl Signed-off-by: Andrew Vagin --- arch/x86/syscalls/syscall_32.tbl |1 + arch/x86/syscalls/syscall_64.tbl |1 + include/linux/syscalls.h |1 + kernel/sys_ni.c |1 + mm/shmem.c

[Devel] [PATCH 11/13] selftests: add memfd/sealing page-pinning tests

ndrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Andrew Vagin --- tools/testing/selftests/memfd/.gitignore |2 + tools/testing/selftests/memfd/Makefile | 14 +- tools/testing/selftests/memfd/fuse_mnt.c | 110 + tools/testing/selftests/memfd/fuse_t

[Devel] [PATCH 00/13] backport patches which are required for CRIU

Cc: Kirill Gorkunov ___ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel

[Devel] [PATCH 06/13] mm: mmap_region: kill correct_wcount/inode, use allow_write_access()

y: Oleg Nesterov Cc: Hugh Dickins Cc: Al Viro Cc: Colin Cross Cc: David Rientjes Cc: KOSAKI Motohiro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Andrew Vagin --- mm/mmap.c | 14 +- 1 files changed, 5 insertions(+), 9 deletions(-) diff --git a/m

[Devel] [PATCH 08/13] shm: add sealing API

by: Hugh Dickins Cc: Michael Kerrisk Cc: Ryan Lortie Cc: Lennart Poettering Cc: Daniel Mack Cc: Andy Lutomirski Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Conflicts: fs/fcntl.c Signed-off-by: Andrew Vagin --- fs/fcntl.c |5 ++ include/linux

[Devel] [PATCH 05/13] sched: add cond_resched_rcu() helper

Signed-off-by: Simon Horman Acked-by: Peter Zijlstra Signed-off-by: Pablo Neira Ayuso Signed-off-by: Andrew Vagin --- include/linux/sched.h |9 + 1 files changed, 9 insertions(+), 0 deletions(-) diff --git a/include/linux/sched.h b/include/linux/sched.h index eb1585a..ea9927c 100644

  1   2   >