From: Tejun Heo <tj@kernel.org>
To: davem@davemloft.net, pablo@netfilter.org, kaber@trash.net,
kadlec@blackhole.kfki.hu, daniel@iogearbox.net,
daniel.wagner@bmw-carit.de, nhorman@tuxdriver.co
Cc: lizefan@huawei.com, hannes@cmpxchg.org, netdev@vger.kernel.org,
netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
cgroups@vger.kernel.org, linux-kernel@vger.kernel.org,
kernel-team@fb.com, ninasc@fb.com, Tejun Heo <tj@kernel.org>
Subject: [PATCH 6/9] net: wrap sock->sk_cgrp_prioidx and ->sk_classid inside a struct
Date: Sat, 21 Nov 2015 11:13:58 -0500 [thread overview]
Message-ID: <1448122441-9335-7-git-send-email-tj@kernel.org> (raw)
In-Reply-To: <1448122441-9335-1-git-send-email-tj@kernel.org>
Introduce sock->sk_cgrp_data which is a struct sock_cgroup_data.
->sk_cgroup_prioidx and ->sk_classid are moved into it. The struct
and its accessors are defined in cgroup-defs.h. This is to prepare
for overloading the fields with a cgroup pointer.
This patch mostly performs equivalent conversions but the followings
are noteworthy.
* Equality test before updating classid is removed from
sock_update_classid(). This shouldn't make any noticeable
difference and a similar test will be implemented on the helper side
later.
* sock_update_netprioidx() now takes struct sock_cgroup_data and can
be moved to netprio_cgroup.h without causing include dependency
loop. Moved.
* The dummy version of sock_update_netprioidx() converted to a static
inline function while at it.
Signed-off-by: Tejun Heo <tj@kernel.org>
---
include/linux/cgroup-defs.h | 36 ++++++++++++++++++++++++++++++++++++
include/net/cls_cgroup.h | 11 +++++------
include/net/netprio_cgroup.h | 16 +++++++++++++---
include/net/sock.h | 11 +++--------
net/Kconfig | 6 ++++++
net/core/dev.c | 3 ++-
net/core/netclassid_cgroup.c | 4 ++--
net/core/netprio_cgroup.c | 3 ++-
net/core/scm.c | 4 ++--
net/core/sock.c | 15 ++-------------
net/netfilter/nft_meta.c | 2 +-
net/netfilter/xt_cgroup.c | 3 ++-
12 files changed, 76 insertions(+), 38 deletions(-)
diff --git a/include/linux/cgroup-defs.h b/include/linux/cgroup-defs.h
index 504d859..ed128fed 100644
--- a/include/linux/cgroup-defs.h
+++ b/include/linux/cgroup-defs.h
@@ -542,4 +542,40 @@ static inline void cgroup_threadgroup_change_end(struct task_struct *tsk) {}
#endif /* CONFIG_CGROUPS */
+#ifdef CONFIG_SOCK_CGROUP_DATA
+
+struct sock_cgroup_data {
+ u16 prioidx;
+ u32 classid;
+};
+
+static inline u16 sock_cgroup_prioidx(struct sock_cgroup_data *skcd)
+{
+ return skcd->prioidx;
+}
+
+static inline u32 sock_cgroup_classid(struct sock_cgroup_data *skcd)
+{
+ return skcd->classid;
+}
+
+static inline void sock_cgroup_set_prioidx(struct sock_cgroup_data *skcd,
+ u16 prioidx)
+{
+ skcd->prioidx = prioidx;
+}
+
+static inline void sock_cgroup_set_classid(struct sock_cgroup_data *skcd,
+ u32 classid)
+{
+ skcd->classid = classid;
+}
+
+#else /* CONFIG_SOCK_CGROUP_DATA */
+
+struct sock_cgroup_data {
+};
+
+#endif /* CONFIG_SOCK_CGROUP_DATA */
+
#endif /* _LINUX_CGROUP_DEFS_H */
diff --git a/include/net/cls_cgroup.h b/include/net/cls_cgroup.h
index ccd6d8b..c0a92e2 100644
--- a/include/net/cls_cgroup.h
+++ b/include/net/cls_cgroup.h
@@ -41,13 +41,12 @@ static inline u32 task_cls_classid(struct task_struct *p)
return classid;
}
-static inline void sock_update_classid(struct sock *sk)
+static inline void sock_update_classid(struct sock_cgroup_data *skcd)
{
u32 classid;
classid = task_cls_classid(current);
- if (classid != sk->sk_classid)
- sk->sk_classid = classid;
+ sock_cgroup_set_classid(skcd, classid);
}
static inline u32 task_get_classid(const struct sk_buff *skb)
@@ -64,17 +63,17 @@ static inline u32 task_get_classid(const struct sk_buff *skb)
* softirqs always disables bh.
*/
if (in_serving_softirq()) {
- /* If there is an sk_classid we'll use that. */
+ /* If there is an sock_cgroup_classid we'll use that. */
if (!skb->sk)
return 0;
- classid = skb->sk->sk_classid;
+ classid = sock_cgroup_classid(&skb->sk->sk_cgrp_data);
}
return classid;
}
#else /* !CONFIG_CGROUP_NET_CLASSID */
-static inline void sock_update_classid(struct sock *sk)
+static inline void sock_update_classid(struct sock_cgroup_data *skcd)
{
}
diff --git a/include/net/netprio_cgroup.h b/include/net/netprio_cgroup.h
index f2a9597..6041905 100644
--- a/include/net/netprio_cgroup.h
+++ b/include/net/netprio_cgroup.h
@@ -25,8 +25,6 @@ struct netprio_map {
u32 priomap[];
};
-void sock_update_netprioidx(struct sock *sk);
-
static inline u32 task_netprioidx(struct task_struct *p)
{
struct cgroup_subsys_state *css;
@@ -38,13 +36,25 @@ static inline u32 task_netprioidx(struct task_struct *p)
rcu_read_unlock();
return idx;
}
+
+static inline void sock_update_netprioidx(struct sock_cgroup_data *skcd)
+{
+ if (in_interrupt())
+ return;
+
+ sock_cgroup_set_prioidx(skcd, task_netprioidx(current));
+}
+
#else /* !CONFIG_CGROUP_NET_PRIO */
+
static inline u32 task_netprioidx(struct task_struct *p)
{
return 0;
}
-#define sock_update_netprioidx(sk)
+static inline void sock_update_netprioidx(struct sock_cgroup_data *skcd)
+{
+}
#endif /* CONFIG_CGROUP_NET_PRIO */
#endif /* _NET_CLS_CGROUP_H */
diff --git a/include/net/sock.h b/include/net/sock.h
index b517351..c4e3a30 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -58,6 +58,7 @@
#include <linux/memcontrol.h>
#include <linux/static_key.h>
#include <linux/sched.h>
+#include <linux/cgroup-defs.h>
#include <linux/filter.h>
#include <linux/rculist_nulls.h>
@@ -308,8 +309,7 @@ struct cg_proto;
* @sk_send_head: front of stuff to transmit
* @sk_security: used by security modules
* @sk_mark: generic packet mark
- * @sk_cgrp_prioidx: socket group's priority map index
- * @sk_classid: this socket's cgroup classid
+ * @sk_cgrp_data: cgroup data for this cgroup
* @sk_cgrp: this socket's cgroup-specific proto data
* @sk_write_pending: a write to stream socket waits to start
* @sk_state_change: callback to indicate change in the state of the sock
@@ -441,12 +441,7 @@ struct sock {
#ifdef CONFIG_SECURITY
void *sk_security;
#endif
-#if IS_ENABLED(CONFIG_CGROUP_NET_PRIO)
- u16 sk_cgrp_prioidx;
-#endif
-#ifdef CONFIG_CGROUP_NET_CLASSID
- u32 sk_classid;
-#endif
+ struct sock_cgroup_data sk_cgrp_data;
struct cg_proto *sk_cgrp;
void (*sk_state_change)(struct sock *sk);
void (*sk_data_ready)(struct sock *sk);
diff --git a/net/Kconfig b/net/Kconfig
index 127da94..11f8c22 100644
--- a/net/Kconfig
+++ b/net/Kconfig
@@ -250,9 +250,14 @@ config XPS
depends on SMP
default y
+config SOCK_CGROUP_DATA
+ bool
+ default n
+
config CGROUP_NET_PRIO
bool "Network priority cgroup"
depends on CGROUPS
+ select SOCK_CGROUP_DATA
---help---
Cgroup subsystem for use in assigning processes to network priorities on
a per-interface basis.
@@ -260,6 +265,7 @@ config CGROUP_NET_PRIO
config CGROUP_NET_CLASSID
bool "Network classid cgroup"
depends on CGROUPS
+ select SOCK_CGROUP_DATA
---help---
Cgroup subsystem for use as general purpose socket classid marker that is
being used in cls_cgroup and for netfilter matching.
diff --git a/net/core/dev.c b/net/core/dev.c
index ab9b8d0..2346cfd 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -2925,7 +2925,8 @@ static void skb_update_prio(struct sk_buff *skb)
struct netprio_map *map = rcu_dereference_bh(skb->dev->priomap);
if (!skb->priority && skb->sk && map) {
- unsigned int prioidx = skb->sk->sk_cgrp_prioidx;
+ unsigned int prioidx =
+ sock_cgroup_prioidx(&skb->sk->sk_cgrp_data);
if (prioidx < map->priomap_len)
skb->priority = map->priomap[prioidx];
diff --git a/net/core/netclassid_cgroup.c b/net/core/netclassid_cgroup.c
index 2e4df84..e60ded4 100644
--- a/net/core/netclassid_cgroup.c
+++ b/net/core/netclassid_cgroup.c
@@ -62,8 +62,8 @@ static int update_classid_sock(const void *v, struct file *file, unsigned n)
struct socket *sock = sock_from_file(file, &err);
if (sock)
- sock->sk->sk_classid = (u32)(unsigned long)v;
-
+ sock_cgroup_set_classid(&sock->sk->sk_cgrp_data,
+ (unsigned long)v);
return 0;
}
diff --git a/net/core/netprio_cgroup.c b/net/core/netprio_cgroup.c
index 2b9159b..de42aa7 100644
--- a/net/core/netprio_cgroup.c
+++ b/net/core/netprio_cgroup.c
@@ -223,7 +223,8 @@ static int update_netprio(const void *v, struct file *file, unsigned n)
int err;
struct socket *sock = sock_from_file(file, &err);
if (sock)
- sock->sk->sk_cgrp_prioidx = (u32)(unsigned long)v;
+ sock_cgroup_set_prioidx(&sock->sk->sk_cgrp_data,
+ (unsigned long)v);
return 0;
}
diff --git a/net/core/scm.c b/net/core/scm.c
index 3b6899b..2a3c7e2 100644
--- a/net/core/scm.c
+++ b/net/core/scm.c
@@ -289,8 +289,8 @@ void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm)
/* Bump the usage count and install the file. */
sock = sock_from_file(fp[i], &err);
if (sock) {
- sock_update_netprioidx(sock->sk);
- sock_update_classid(sock->sk);
+ sock_update_netprioidx(&sock->sk->sk_cgrp_data);
+ sock_update_classid(&sock->sk->sk_cgrp_data);
}
fd_install(new_fd, get_file(fp[i]));
}
diff --git a/net/core/sock.c b/net/core/sock.c
index 1e4dd54..35af060 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -1393,17 +1393,6 @@ static void sk_prot_free(struct proto *prot, struct sock *sk)
module_put(owner);
}
-#if IS_ENABLED(CONFIG_CGROUP_NET_PRIO)
-void sock_update_netprioidx(struct sock *sk)
-{
- if (in_interrupt())
- return;
-
- sk->sk_cgrp_prioidx = task_netprioidx(current);
-}
-EXPORT_SYMBOL_GPL(sock_update_netprioidx);
-#endif
-
/**
* sk_alloc - All socket objects are allocated here
* @net: the applicable net namespace
@@ -1432,8 +1421,8 @@ struct sock *sk_alloc(struct net *net, int family, gfp_t priority,
sock_net_set(sk, net);
atomic_set(&sk->sk_wmem_alloc, 1);
- sock_update_classid(sk);
- sock_update_netprioidx(sk);
+ sock_update_classid(&sk->sk_cgrp_data);
+ sock_update_netprioidx(&sk->sk_cgrp_data);
}
return sk;
diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c
index 9dfaf4d..1915cab 100644
--- a/net/netfilter/nft_meta.c
+++ b/net/netfilter/nft_meta.c
@@ -174,7 +174,7 @@ void nft_meta_get_eval(const struct nft_expr *expr,
sk = skb_to_full_sk(skb);
if (!sk || !sk_fullsock(sk))
goto err;
- *dest = sk->sk_classid;
+ *dest = sock_cgroup_classid(&sk->sk_cgrp_data);
break;
#endif
default:
diff --git a/net/netfilter/xt_cgroup.c b/net/netfilter/xt_cgroup.c
index a1d126f..54eaeb4 100644
--- a/net/netfilter/xt_cgroup.c
+++ b/net/netfilter/xt_cgroup.c
@@ -42,7 +42,8 @@ cgroup_mt(const struct sk_buff *skb, struct xt_action_param *par)
if (skb->sk == NULL || !sk_fullsock(skb->sk))
return false;
- return (info->id == skb->sk->sk_classid) ^ info->invert;
+ return (info->id == sock_cgroup_classid(&skb->sk->sk_cgrp_data)) ^
+ info->invert;
}
static struct xt_match cgroup_mt_reg __read_mostly = {
--
2.5.0
next prev parent reply other threads:[~2015-11-21 16:13 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-21 16:13 [PATCHSET v3] netfilter, cgroup: implement cgroup2 path match in xt_cgroup Tejun Heo
2015-11-21 16:13 ` Tejun Heo
2015-11-21 16:13 ` [PATCH 1/9] cgroup: record ancestor IDs and reimplement cgroup_is_descendant() using it Tejun Heo
2015-11-21 16:13 ` [PATCH 2/9] kernfs: implement kernfs_walk_and_get() Tejun Heo
2015-11-21 16:13 ` [PATCH 4/9] cgroups: Allow dynamically changing net_classid Tejun Heo
2015-11-21 16:13 ` [PATCH 5/9] netprio_cgroup: limit the maximum css->id to USHRT_MAX Tejun Heo
2015-11-21 16:13 ` Tejun Heo [this message]
2015-11-21 16:13 ` [PATCH 7/9] sock, cgroup: add sock->sk_cgroup Tejun Heo
2015-11-23 13:02 ` Daniel Wagner
2015-11-23 13:02 ` Daniel Wagner
[not found] ` <56530E4B.4090209-98C5kh4wR6ohFhg+JK9F0w@public.gmane.org>
2015-11-23 15:48 ` Tejun Heo
2015-11-23 15:48 ` Tejun Heo
2015-11-23 15:53 ` Daniel Wagner
2015-11-23 15:53 ` Daniel Wagner
2015-11-21 16:14 ` [PATCH 8/9] netfilter: prepare xt_cgroup for multi revisions Tejun Heo
2015-11-23 12:44 ` Daniel Wagner
2015-11-23 12:44 ` Daniel Wagner
2015-11-21 16:14 ` [PATCH 9/9] netfilter: implement xt_cgroup cgroup2 path match Tejun Heo
[not found] ` <1448122441-9335-10-git-send-email-tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2015-11-21 16:56 ` Florian Westphal
2015-11-21 16:56 ` Florian Westphal
[not found] ` <20151121165605.GC25336-E0PNVn5OA6ohrxcnuTQ+TQ@public.gmane.org>
2015-11-21 17:04 ` Tejun Heo
2015-11-21 17:04 ` Tejun Heo
2015-11-21 18:54 ` Florian Westphal
2015-11-21 20:26 ` Jan Engelhardt
2015-11-23 13:43 ` Daniel Borkmann
[not found] ` <565317F0.2030502-FeC+5ew28dpmcu3hnIyYJQ@public.gmane.org>
2015-11-23 13:51 ` Daniel Borkmann
2015-11-23 13:51 ` Daniel Borkmann
2015-11-23 15:40 ` Tejun Heo
2015-11-23 15:40 ` Tejun Heo
2015-11-23 17:35 ` David Laight
[not found] ` <063D6719AE5E284EB5DD2968C1650D6D1CBDA8E2-VkEWCZq2GCInGFn1LkZF6NBPR1lH4CV8@public.gmane.org>
2015-11-23 17:55 ` Jan Engelhardt
2015-11-23 17:55 ` Jan Engelhardt
2015-11-23 17:55 ` Jan Engelhardt
2015-11-23 12:43 ` Daniel Wagner
2015-11-23 12:43 ` Daniel Wagner
2015-11-23 12:43 ` Daniel Wagner
[not found] ` <565309D5.80707-98C5kh4wR6ohFhg+JK9F0w@public.gmane.org>
2015-11-23 15:41 ` Tejun Heo
2015-11-23 15:41 ` Tejun Heo
2015-11-21 16:17 ` [PATCHSET v3] netfilter, cgroup: implement cgroup2 path match in xt_cgroup Tejun Heo
2015-11-21 16:18 ` [PATCH 1/2 iptables] libxt_cgroup: prepare for multi revisions Tejun Heo
[not found] ` <20151121161846.GB3428-piEFEHQLUPpN0TnZuCh8vA@public.gmane.org>
2015-11-21 16:19 ` [PATCH 2/2 iptables] libxt_cgroup: add support for cgroup2 path matching Tejun Heo
2015-11-21 16:19 ` Tejun Heo
2015-11-22 20:31 ` [PATCH 1/2 iptables] libxt_cgroup: prepare for multi revisions Pablo Neira Ayuso
2015-11-22 20:34 ` Pablo Neira Ayuso
2015-11-22 20:34 ` Pablo Neira Ayuso
[not found] ` <1448122441-9335-1-git-send-email-tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2015-11-21 16:13 ` [PATCH 3/9] cgroup: implement cgroup_get_from_path() and expose cgroup_put() Tejun Heo
2015-11-21 16:13 ` Tejun Heo
2015-11-23 7:11 ` [PATCHSET v3] netfilter, cgroup: implement cgroup2 path match in xt_cgroup Daniel Wagner
2015-11-23 7:11 ` Daniel Wagner
2015-11-23 7:11 ` Daniel Wagner
[not found] ` <5652BC3A.1010701-98C5kh4wR6ohFhg+JK9F0w@public.gmane.org>
2015-11-23 8:54 ` Daniel Wagner
2015-11-23 8:54 ` Daniel Wagner
2015-11-23 8:54 ` Daniel Wagner
[not found] ` <5652D448.3080002-98C5kh4wR6ohFhg+JK9F0w@public.gmane.org>
2015-11-23 15:53 ` Tejun Heo
2015-11-23 15:53 ` Tejun Heo
[not found] ` <20151123155346.GE3049-qYNAdHglDFBN0TnZuCh8vA@public.gmane.org>
2015-11-23 15:57 ` Daniel Wagner
2015-11-23 15:57 ` Daniel Wagner
2015-11-23 15:57 ` Daniel Wagner
2015-11-23 19:58 ` Tejun Heo
2015-11-23 20:45 ` David Miller
[not found] ` <20151123.154523.125969708507852672.davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>
2015-11-23 20:54 ` Tejun Heo
2015-11-23 20:54 ` Tejun Heo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1448122441-9335-7-git-send-email-tj@kernel.org \
--to=tj@kernel.org \
--cc=cgroups@vger.kernel.org \
--cc=coreteam@netfilter.org \
--cc=daniel.wagner@bmw-carit.de \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=hannes@cmpxchg.org \
--cc=kaber@trash.net \
--cc=kadlec@blackhole.kfki.hu \
--cc=kernel-team@fb.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lizefan@huawei.com \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=nhorman@tuxdriver.co \
--cc=ninasc@fb.com \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.