/
ve.h
306 lines (244 loc) · 8.63 KB
/
ve.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
/*
* include/linux/ve.h
*
* Copyright (c) 2005-2008 SWsoft
* Copyright (c) 2009-2015 Parallels IP Holdings GmbH
* Copyright (c) 2017-2019 Virtuozzo International GmbH. All rights reserved.
*
*/
#ifndef _LINUX_VE_H
#define _LINUX_VE_H
#include <linux/types.h>
#include <linux/capability.h>
#include <linux/sysctl.h>
#include <linux/net.h>
#include <linux/vzstat.h>
#include <linux/kobject.h>
#include <linux/pid.h>
#include <linux/path.h>
#include <linux/socket.h>
#include <linux/kthread.h>
#include <linux/ve_proto.h>
#include <net/inet_frag.h>
#include <linux/cgroup.h>
#include <linux/binfmts.h>
#include <linux/kmapset.h>
struct tty_driver;
struct file_system_type;
struct veip_struct;
struct nsproxy;
struct user_namespace;
struct cn_private;
extern struct user_namespace init_user_ns;
struct ve_struct {
struct cgroup_subsys_state css;
const char *ve_name;
struct list_head ve_list;
envid_t veid;
unsigned int class_id;
struct rw_semaphore op_sem;
int is_running;
int is_pseudosuper;
atomic_t suspend;
/* see vzcalluser.h for VE_FEATURE_XXX definitions */
__u64 features;
struct task_struct *ve_kthread_task;
struct kthread_worker ve_kthread_worker;
struct task_struct *ve_umh_task;
struct kthread_worker ve_umh_worker;
struct super_block *dev_sb;
struct super_block *devpts_sb;
#if IS_ENABLED(CONFIG_BINFMT_MISC)
struct binfmt_misc *binfmt_misc;
#endif
struct list_head devices;
#if defined(CONFIG_VE_NETDEV) || defined (CONFIG_VE_NETDEV_MODULE)
struct veip_struct *veip;
struct net_device *_venet_dev;
#endif
/* per VE CPU stats*/
struct timespec start_timespec; /* monotonic time */
struct timespec real_start_timespec; /* boot based time */
u64 start_jiffies; /* Deprecated */
struct kstat_lat_pcpu_struct sched_lat_ve;
#ifdef CONFIG_INET
struct venet_stat *stat;
#ifdef CONFIG_VE_IPTABLES
/* core/netfilter.c virtualization */
__u64 ipt_mask;
#endif /* CONFIG_VE_IPTABLES */
#endif
void *log_state;
#define VE_LOG_BUF_LEN 4096
unsigned long down_at;
struct list_head cleanup_list;
unsigned long meminfo_val;
int _randomize_va_space;
int odirect_enable;
int fsync_enable;
u64 _uevent_seqnum;
struct nsproxy __rcu *ve_ns;
struct task_struct *init_task;
struct cred *init_cred;
struct net *ve_netns;
struct list_head devmnt_list;
struct mutex devmnt_mutex;
#ifdef CONFIG_AIO
spinlock_t aio_nr_lock;
unsigned long aio_nr;
unsigned long aio_max_nr;
#endif
atomic_t netns_avail_nr;
int netns_max_nr;
atomic_t netif_avail_nr;
int netif_max_nr;
atomic_t arp_neigh_nr;
atomic_t nd_neigh_nr;
atomic_t mnt_nr; /* number of present VE mounts */
#ifdef CONFIG_COREDUMP
char core_pattern[CORENAME_MAX_SIZE];
#endif
#ifdef CONFIG_CONNECTOR
struct cn_private *cn;
#endif
struct kmapset_key sysfs_perms_key;
};
struct ve_devmnt {
struct list_head link;
dev_t dev;
char *allowed_options;
char *hidden_options; /* balloon_ino, etc. */
};
#define NETNS_MAX_NR_DEFAULT 256 /* number of net-namespaces per-VE */
#define NETIF_MAX_NR_DEFAULT 256 /* number of net-interfaces per-VE */
#define VE_MEMINFO_DEFAULT 1 /* default behaviour */
#define VE_MEMINFO_SYSTEM 0 /* disable meminfo virtualization */
#define capable_setveid() \
(ve_is_super(get_exec_env()) && capable(CAP_SYS_ADMIN))
extern int nr_ve;
extern struct proc_dir_entry *proc_vz_dir;
extern struct cgroup_subsys ve_subsys;
extern unsigned int sysctl_ve_mount_nr;
#ifdef CONFIG_VE
#define ve_uevent_seqnum (get_exec_env()->_uevent_seqnum)
extern int vz_security_family_check(struct net *net, int family, int type);
extern int vz_security_protocol_check(struct net *net, int protocol);
extern struct task_struct *kthread_create_on_node_ve(struct ve_struct *ve,
int (*threadfn)(void *data),
void *data, int node,
const char namefmt[], ...);
#define kthread_create_ve(ve, threadfn, data, namefmt, arg...) \
kthread_create_on_node_ve(ve, threadfn, data, -1, namefmt, ##arg)
#define kthread_run_ve(ve, threadfn, data, namefmt, ...) \
({ \
struct task_struct *__k \
= kthread_create_ve(ve, threadfn, data, namefmt, ## __VA_ARGS__); \
if (!IS_ERR(__k)) \
wake_up_process(__k); \
__k; \
})
struct subprocess_info;
extern int call_usermodehelper_fns_ve(struct ve_struct *ve,
char *path, char **argv, char **envp, int wait,
int (*init)(struct subprocess_info *info, struct cred *new),
void (*cleanup)(struct subprocess_info *), void *data);
static inline int
call_usermodehelper_ve(struct ve_struct *ve, char *path, char **argv,
char **envp, int wait)
{
return call_usermodehelper_fns_ve(ve, path, argv, envp, wait,
NULL, NULL, NULL);
}
void do_update_load_avg_ve(void);
extern struct ve_struct *get_ve(struct ve_struct *ve);
extern void put_ve(struct ve_struct *ve);
struct cgroup_subsys_state *ve_get_init_css(struct ve_struct *ve, int subsys_id);
static inline struct ve_struct *cgroup_ve(struct cgroup *cgroup)
{
return container_of(cgroup_subsys_state(cgroup, ve_subsys_id),
struct ve_struct, css);
}
static inline void ve_try_set_task_start_time(struct ve_struct *ve,
struct task_struct *t)
{
struct timespec host_uptime;
/*
* mitigate memory access reordering risks by doing double check,
* 'is_running' could be read as 1 before we see
* 'real_start_timespec' updated here. If it's still 0,
* we know 'is_running' is being modified right NOW in
* parallel so it's safe to say that start time is also 0
*/
if (!ve->is_running || !timespec_to_ns(&ve->real_start_timespec)) {
t->real_start_time_ct.tv_sec = 0;
t->real_start_time_ct.tv_nsec = 0;
} else {
do_posix_clock_monotonic_gettime(&host_uptime);
monotonic_to_bootbased(&host_uptime);
t->real_start_time_ct = timespec_sub(host_uptime,
ve->real_start_timespec);
}
}
extern unsigned long long ve_relative_clock(struct timespec * ts);
extern void monotonic_abs_to_ve(clockid_t which_clock, struct timespec *tp);
extern void monotonic_ve_to_abs(clockid_t which_clock, struct timespec *tp);
void ve_stop_ns(struct pid_namespace *ns);
void ve_exit_ns(struct pid_namespace *ns);
static inline struct ve_struct *css_to_ve(struct cgroup_subsys_state *css)
{
return css ? container_of(css, struct ve_struct, css) : NULL;
}
extern bool current_user_ns_initial(void);
struct user_namespace *ve_init_user_ns(void);
int ve_net_hide_sysctl(struct net *net);
#ifdef CONFIG_TTY
extern struct tty_driver *vtty_driver(dev_t dev, int *index);
extern struct tty_driver *vtty_console_driver(int *index);
extern int vtty_open_master(envid_t veid, int idx);
extern void vtty_release(struct tty_struct *tty, struct tty_struct *o_tty,
int *tty_closing, int *o_tty_closing);
extern bool vtty_is_master(struct tty_struct *tty);
#endif /* CONFIG_TTY */
extern struct cgroup *cgroup_get_ve_root(struct cgroup *cgrp);
#else /* CONFIG_VE */
#define ve_uevent_seqnum uevent_seqnum
static inline int vz_security_family_check(struct net *net, int family, int type) { return 0; }
static inline int vz_security_protocol_check(struct net *net, int protocol) { return 0; }
#define ve_utsname system_utsname
#define get_ve(ve) (NULL)
#define put_ve(ve) do { } while (0)
static inline void ve_stop_ns(struct pid_namespace *ns) { }
static inline void ve_exit_ns(struct pid_namespace *ns) { }
static inline bool current_user_ns_initial(void)
{
return current_user_ns() == init_cred.user_ns;
}
static inline struct user_namespace *ve_init_user_ns(void)
{
return &init_user_ns;
}
#define kthread_create_on_node_ve(ve, threadfn, data, node, namefmt...) \
kthread_create_on_node_ve(threadfn, data, node, namefmt...)
static inline void monotonic_abs_to_ve(clockid_t which_clock,
struct timespec *tp) { }
static inline void monotonic_ve_to_abs(clockid_t which_clock,
struct timepsec *tp) { }
static inline struct cgroup *cgroup_get_ve_root(struct cgroup *cgrp)
{
return NULL;
}
#endif /* CONFIG_VE */
struct seq_file;
struct kernel_cpustat;
#if defined(CONFIG_VE) && defined(CONFIG_CGROUP_SCHED)
int ve_show_cpu_stat(struct ve_struct *ve, struct seq_file *p);
int ve_show_loadavg(struct ve_struct *ve, struct seq_file *p);
int ve_get_cpu_avenrun(struct ve_struct *ve, unsigned long *avenrun);
int ve_get_cpu_stat(struct ve_struct *ve, struct kernel_cpustat *kstat);
#else
static inline int ve_show_cpu_stat(struct ve_struct *ve, struct seq_file *p) { return -ENOSYS; }
static inline int ve_show_loadavg(struct ve_struct *ve, struct seq_file *p) { return -ENOSYS; }
static inline int ve_get_cpu_avenrun(struct ve_struct *ve, unsigned long *avenrun) { return -ENOSYS; }
static inline int ve_get_cpu_stat(struct ve_struct *ve, struct kernel_cpustat *kstat) { return -ENOSYS; }
#endif
#endif /* _LINUX_VE_H */