feat: 支持mnt容器及增强能力

BREAKING CHANGE: 支持mnt容器及增强对外变更: 1.clone 支持CLONE_NEWNS 2.增加”/proc/[pid]/container/mnt" 用于查询容器信息 3.新增chroot接口 Close #I6APW2 Signed-off-by: zhushengle <zhushengle@huawei.com> Change-Id: I5e8843a0f59bb5b0e6a66a6810dc552e8184a03e
2023-01-16 15:28:40 +08:00
parent d4794ebc38
commit e2d903b663
32 changed files with 1402 additions and 17 deletions
--- a/kernel/Kconfig
+++ b/kernel/Kconfig
@@ -83,6 +83,16 @@ config UTS_CONTAINER
    default n
    depends on KERNEL_CONTAINER

+config MNT_CONTAINER
+    bool "Enable MNT container Feature"
+    default n
+    depends on KERNEL_CONTAINER
+
+config CHROOT
+    bool "Enable chroot"
+    default n
+    depends on MNT_CONTAINER
+
 ######################### config options of extended #####################
 source "kernel/extended/Kconfig"

--- a/kernel/base/BUILD.gn
+++ b/kernel/base/BUILD.gn
@@ -33,6 +33,7 @@ module_name = get_path_info(rebase_path("."), "name")
 kernel_module(module_name) {
  sources = [
    "container/los_container.c",
+    "container/los_mnt_container.c",
    "container/los_pid_container.c",
    "container/los_uts_container.c",
    "core/los_bitmap.c",
--- a/kernel/base/container/los_container.c
+++ b/kernel/base/container/los_container.c
@@ -56,6 +56,9 @@ VOID OsInitRootContainer(VOID)
 #endif
 #ifdef LOSCFG_UTS_CONTAINER
    (VOID)OsInitRootUtsContainer(&g_rootContainer.utsContainer);
+#endif
+#ifdef LOSCFG_MNT_CONTAINER
+    (VOID)OsInitRootMntContainer(&g_rootContainer.mntContainer);
 #endif
    return;
 }
@@ -106,6 +109,12 @@ UINT32 OsCopyContainers(UINTPTR flags, LosProcessCB *child, LosProcessCB *parent
    if (ret != LOS_OK) {
        return ret;
    }
+#endif
+#ifdef LOSCFG_MNT_CONTAINER
+    ret = OsCopyMntContainer(flags, child, parent);
+    if (ret != LOS_OK) {
+        return ret;
+    }
 #endif
    return ret;
 }
@@ -123,6 +132,10 @@ VOID OsContainersDestroy(LosProcessCB *processCB)
    OsUtsContainersDestroy(processCB);
 #endif

+#ifdef LOSCFG_MNT_CONTAINER
+    OsMntContainersDestroy(processCB);
+#endif
+
 #ifndef LOSCFG_PID_CONTAINER
    LOS_AtomicDec(&curr->container->rc);
    if (LOS_AtomicRead(&processCB->container->rc) == 1) {
@@ -143,6 +156,8 @@ UINT32 OsGetContainerID(Container *container, ContainerType type)
            return OsGetPidContainerID(container->pidContainer);
        case UTS_CONTAINER:
            return OsGetUtsContainerID(container->utsContainer);
+        case MNT_CONTAINER:
+            return OsGetMntContainerID(container->mntContainer);
        default:
            break;
    }
--- a/kernel/base/container/los_mnt_container.c
+++ b/kernel/base/container/los_mnt_container.c
@@ -0,0 +1,165 @@
+/*
+ * Copyright (c) 2023-2023 Huawei Device Co., Ltd. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice, this list of
+ *    conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice, this list
+ *    of conditions and the following disclaimer in the documentation and/or other materials
+ *    provided with the distribution.
+ *
+ * 3. Neither the name of the copyright holder nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <unistd.h>
+#include "los_mnt_container_pri.h"
+#include "los_container_pri.h"
+#include "los_process_pri.h"
+#include "sys/mount.h"
+#include "vnode.h"
+#include "internal.h"
+
+#ifdef LOSCFG_MNT_CONTAINER
+STATIC UINT32 g_currentMntContainerNum;
+
+LIST_HEAD *GetContainerMntList(VOID)
+{
+    return &OsCurrProcessGet()->container->mntContainer->mountList;
+}
+
+STATIC UINT32 CreateMntContainer(MntContainer **newMntContainer)
+{
+    UINT32 intSave;
+    MntContainer *mntContainer = (MntContainer *)LOS_MemAlloc(m_aucSysMem1, sizeof(MntContainer));
+    if (mntContainer == NULL) {
+        return ENOMEM;
+    }
+    mntContainer->containerID = OsAllocContainerID();
+    LOS_AtomicSet(&mntContainer->rc, 1);
+    LOS_ListInit(&mntContainer->mountList);
+
+    SCHEDULER_LOCK(intSave);
+    g_currentMntContainerNum++;
+    *newMntContainer = mntContainer;
+    SCHEDULER_UNLOCK(intSave);
+    return LOS_OK;
+}
+
+STATIC UINT32 CopyMountList(MntContainer *parentContainer, MntContainer *newContainer)
+{
+    struct Mount *mnt = NULL;
+    VnodeHold();
+    LOS_DL_LIST_FOR_EACH_ENTRY(mnt, &parentContainer->mountList, struct Mount, mountList) {
+        struct Mount *newMnt = (struct Mount *)zalloc(sizeof(struct Mount));
+        if (newMnt == NULL) {
+            VnodeDrop();
+            return ENOMEM;
+        }
+        *newMnt = *mnt;
+        LOS_ListTailInsert(&newContainer->mountList, &newMnt->mountList);
+        newMnt->vnodeCovered->mntCount++;
+    }
+    VnodeDrop();
+    return LOS_OK;
+}
+
+UINT32 OsCopyMntContainer(UINTPTR flags, LosProcessCB *child, LosProcessCB *parent)
+{
+    UINT32 ret;
+    UINT32 intSave;
+    MntContainer *currMntContainer = parent->container->mntContainer;
+
+    if (!(flags & CLONE_NEWNS)) {
+        SCHEDULER_LOCK(intSave);
+        LOS_AtomicInc(&currMntContainer->rc);
+        child->container->mntContainer = currMntContainer;
+        SCHEDULER_UNLOCK(intSave);
+        return LOS_OK;
+    }
+
+    ret = CreateMntContainer(&child->container->mntContainer);
+    if (ret != LOS_OK) {
+        return ret;
+    }
+
+    return CopyMountList(currMntContainer, child->container->mntContainer);
+}
+
+STATIC VOID FreeMountList(LIST_HEAD *mountList)
+{
+    struct Mount *mnt = NULL;
+    struct Mount *nextMnt = NULL;
+
+    VnodeHold();
+    if (LOS_ListEmpty(mountList)) {
+        VnodeDrop();
+        return;
+    }
+
+    LOS_DL_LIST_FOR_EACH_ENTRY_SAFE(mnt, nextMnt, mountList, struct Mount, mountList) {
+        if (mnt->vnodeCovered->mntCount > 0) {
+            mnt->vnodeCovered->mntCount--;
+            LOS_ListDelete(&mnt->mountList);
+            free(mnt);
+        } else {
+            umount(mnt->pathName);
+        }
+    }
+    VnodeDrop();
+    return;
+}
+
+VOID OsMntContainersDestroy(LosProcessCB *curr)
+{
+    UINT32 intSave;
+    if (curr->container == NULL) {
+        return;
+    }
+
+    SCHEDULER_LOCK(intSave);
+    MntContainer *mntContainer = curr->container->mntContainer;
+    if (mntContainer != NULL) {
+        if (LOS_AtomicRead(&mntContainer->rc) == 0) {
+            g_currentMntContainerNum--;
+            FreeMountList(&mntContainer->mountList);
+            curr->container->mntContainer = NULL;
+            SCHEDULER_UNLOCK(intSave);
+            (VOID)LOS_MemFree(m_aucSysMem1, mntContainer);
+            return;
+        }
+    }
+    SCHEDULER_UNLOCK(intSave);
+    return;
+}
+
+UINT32 OsGetMntContainerID(MntContainer *mntContainer)
+{
+    if (mntContainer == NULL) {
+        return OS_INVALID_VALUE;
+    }
+
+    return mntContainer->containerID;
+}
+
+UINT32 OsInitRootMntContainer(MntContainer **mntContainer)
+{
+    return CreateMntContainer(mntContainer);
+}
+#endif
--- a/kernel/base/core/los_process.c
+++ b/kernel/base/core/los_process.c
@@ -2058,6 +2058,9 @@ LITE_OS_SEC_TEXT INT32 OsClone(UINT32 flags, UINTPTR sp, UINT32 size)
 #ifdef LOSCFG_UTS_CONTAINER
    cloneFlag |= CLONE_NEWUTS;
 #endif
+#ifdef LOSCFG_MNT_CONTAINER
+    cloneFlag |= CLONE_NEWNS;
+#endif
 #endif

    if (flags & (~cloneFlag)) {
--- a/kernel/base/include/los_container_pri.h
+++ b/kernel/base/include/los_container_pri.h
@@ -39,11 +39,15 @@
 #ifdef LOSCFG_UTS_CONTAINER
 #include "los_uts_container_pri.h"
 #endif
+#ifdef LOSCFG_MNT_CONTAINER
+#include "los_mnt_container_pri.h"
+#endif

 typedef enum {
    CONTAINER = 0,
    PID_CONTAINER,
    UTS_CONTAINER,
+    MNT_CONTAINER,
 } ContainerType;

 typedef struct Container {
@@ -54,6 +58,9 @@ typedef struct Container {
 #ifdef LOSCFG_UTS_CONTAINER
    struct UtsContainer *utsContainer;
 #endif
+#ifdef LOSCFG_MNT_CONTAINER
+    struct MntContainer *mntContainer;
+#endif
 } Container;

 VOID OsContainerInitSystemProcess(LosProcessCB *processCB);
--- a/kernel/base/include/los_mnt_container_pri.h
+++ b/kernel/base/include/los_mnt_container_pri.h
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 2023-2023 Huawei Device Co., Ltd. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification,
+ * are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice, this list of
+ *    conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice, this list
+ *    of conditions and the following disclaimer in the documentation and/or other materials
+ *    provided with the distribution.
+ *
+ * 3. Neither the name of the copyright holder nor the names of its contributors may be used
+ *    to endorse or promote products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _LOS_MNT_CONTAINER_PRI_H
+#define _LOS_MNT_CONTAINER_PRI_H
+
+#include "fs/mount.h"
+#include "sched.h"
+#include "los_atomic.h"
+#include "vnode.h"
+#include "stdlib.h"
+
+#ifdef LOSCFG_MNT_CONTAINER
+typedef struct ProcessCB LosProcessCB;
+
+typedef struct MntContainer {
+    Atomic rc;
+    UINT32 containerID;
+    LIST_HEAD mountList;
+} MntContainer;
+
+LIST_HEAD *GetContainerMntList(VOID);
+
+UINT32 OsInitRootMntContainer(MntContainer **mntContainer);
+
+UINT32 OsCopyMntContainer(UINTPTR flags, LosProcessCB *child, LosProcessCB *parent);
+
+VOID OsMntContainersDestroy(LosProcessCB *curr);
+
+UINT32 OsGetMntContainerID(MntContainer *mntContainer);
+
+#endif
+#endif