From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754468AbbCaDPZ (ORCPT ); Mon, 30 Mar 2015 23:15:25 -0400 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:39928 "EHLO out2-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754448AbbCaDPU (ORCPT ); Mon, 30 Mar 2015 23:15:20 -0400 X-Sasl-enc: gkMgP0RVNkihSAIjHJNEntTqx5eCmZZpXjgyyn5EoioK 1427771719 Subject: [RFC PATCH 5 4/7] nfs - cache_lib use service thread if not executing in init namespace From: Ian Kent To: Kernel Mailing List Cc: David Howells , Oleg Nesterov , Trond Myklebust , "J. Bruce Fields" , Benjamin Coddington , Al Viro , Jeff Layton , "Eric W. Biederman" Date: Tue, 31 Mar 2015 11:15:06 +0800 Message-ID: <20150331031505.10464.24498.stgit@pluto.fritz.box> In-Reply-To: <20150331030340.10464.30272.stgit@pluto.fritz.box> References: <20150331030340.10464.30272.stgit@pluto.fritz.box> User-Agent: StGit/0.17-dirty MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Ian Kent If pipefs is registered within a container pipefs requests should be run within their originating container also. To do that get a token to a service thread created within the container environment for usermode helper calls. Signed-off-by: Ian Kent Cc: Benjamin Coddington Cc: Al Viro Cc: J. Bruce Fields Cc: David Howells Cc: Trond Myklebust Cc: Oleg Nesterov Cc: Eric W. Biederman Cc: Jeff Layton --- fs/nfs/cache_lib.c | 7 ++++++- include/linux/sunrpc/cache.h | 2 ++ net/sunrpc/cache.c | 5 +++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/fs/nfs/cache_lib.c b/fs/nfs/cache_lib.c index 5f7b053..78f9b6e 100644 --- a/fs/nfs/cache_lib.c +++ b/fs/nfs/cache_lib.c @@ -48,7 +48,12 @@ int nfs_cache_upcall(struct cache_detail *cd, char *entry_name) if (nfs_cache_getent_prog[0] == '\0') goto out; - ret = call_usermodehelper(argv[0], argv, envp, UMH_WAIT_EXEC); + if (cd->u.pipefs.umh_token) { + int token = cd->u.pipefs.umh_token; + ret = call_usermodehelper_service(argv[0], argv, envp, + token, UMH_WAIT_EXEC); + } else + ret = call_usermodehelper(argv[0], argv, envp, UMH_WAIT_EXEC); /* * Disable the upcall mechanism if we're getting an ENOENT or * EACCES error. The admin can re-enable it on the fly by using diff --git a/include/linux/sunrpc/cache.h b/include/linux/sunrpc/cache.h index 437ddb6..bb57c7e 100644 --- a/include/linux/sunrpc/cache.h +++ b/include/linux/sunrpc/cache.h @@ -68,6 +68,8 @@ struct cache_detail_procfs { struct cache_detail_pipefs { struct dentry *dir; + /* Namespace token */ + int umh_token; }; struct cache_detail { diff --git a/net/sunrpc/cache.c b/net/sunrpc/cache.c index 5199bb1..eabc0d0 100644 --- a/net/sunrpc/cache.c +++ b/net/sunrpc/cache.c @@ -1811,6 +1811,9 @@ int sunrpc_cache_register_pipefs(struct dentry *parent, if (IS_ERR(dir)) return PTR_ERR(dir); cd->u.pipefs.dir = dir; + if (cd->net != &init_net) + cd->u.pipefs.umh_token = + umh_wq_get_token(cd->u.pipefs.umh_token, "pipefs"); return 0; } EXPORT_SYMBOL_GPL(sunrpc_cache_register_pipefs); @@ -1819,6 +1822,8 @@ void sunrpc_cache_unregister_pipefs(struct cache_detail *cd) { rpc_remove_cache_dir(cd->u.pipefs.dir); cd->u.pipefs.dir = NULL; + umh_wq_put_token(cd->u.pipefs.umh_token); + cd->u.pipefs.umh_token = 0; } EXPORT_SYMBOL_GPL(sunrpc_cache_unregister_pipefs);