From: Daniel Wagner <wagi-kQCPcA+X3s7YtjvyW6yDsg@public.gmane.org>
To: John Fastabend <john.fastabend-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Cc: Li Zefan <lizefan-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>,
John Fastabend
<john.r.fastabend-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
Neil Horman <nhorman-2XuSBdqkA4R54TAoqtyWWQ@public.gmane.org>,
Daniel Wagner
<daniel.wagner-98C5kh4wR6ohFhg+JK9F0w@public.gmane.org>,
LKML <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Cgroups <cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: [BUG] Bug in netprio_cgroup and netcls_cgroup ?
Date: Wed, 23 Jan 2013 10:24:31 +0100 [thread overview]
Message-ID: <50FFAC4F.6010602@monom.org> (raw)
In-Reply-To: <50FF287C.70906-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
On 23.01.2013 01:02, John Fastabend wrote:
> [...]
>
>>>
>>> OK, I guess we should do something similar in the netprio, netcls
>>> cgroups and
>>> yes document it as you noted in your last comment.
>>
>> Here is my attempt to add such a check. I really don't know if this is
>> the
>> correct way to do so. To test this I have written a test program, which
>> seems to test the right thing. Please have a look and let me know if
>> it is correct: http://www.monom.org/misc/scm_rights.c
>>
>> And here a dirty first version of the patch:
>>
>>
>> From 49a78d907eaf31c16673025e7e3b4844e419e416 Mon Sep 17 00:00:00 2001
>> From: Daniel Wagner <daniel.wagner-98C5kh4wR6ohFhg+JK9F0w@public.gmane.org>
>> Date: Tue, 22 Jan 2013 11:08:22 +0100
>> Subject: [PATCH] net: net_prio: Block attach if a socket is shared
>>
>> ---
>> net/core/netprio_cgroup.c | 30 ++++++++++++++++++++++++++++++
>> 1 file changed, 30 insertions(+)
>>
>> diff --git a/net/core/netprio_cgroup.c b/net/core/netprio_cgroup.c
>> index 847c02b..de4e6c5 100644
>> --- a/net/core/netprio_cgroup.c
>> +++ b/net/core/netprio_cgroup.c
>> @@ -274,9 +274,39 @@ static struct cftype ss_files[] = {
>> { } /* terminate */
>> };
>>
>> +static int check_cnt(const void *v, struct file *file, unsigned n)
>> +{
>> + unsigned *flag = (unsigned *)v;
>> + int err;
>> +
>> + struct socket *sock = sock_from_file(file, &err);
>> + if (sock && file_count(file) > 1)
>> + *flag = 1;
>> +
>
> I think this check will catch a lot of cases that are not necessarily
> sharing a socket across tasks though. For example iscsid passes a file
> descriptor to the kernel which does a sockfd_lookup() incrementing
> f_count. Similarly look at dup/clone/etc.
Yep, I expected that this patch was too simple.
> In many of these cases I believe it should be OK to move the task
> around when the sockets are not shared between multiple tasks.
Do you know of a different way to identify the shared sockets?
thanks,
daniel
WARNING: multiple messages have this Message-ID (diff)
From: Daniel Wagner <wagi@monom.org>
To: John Fastabend <john.fastabend@gmail.com>
Cc: Li Zefan <lizefan@huawei.com>,
John Fastabend <john.r.fastabend@intel.com>,
Neil Horman <nhorman@tuxdriver.com>,
Daniel Wagner <daniel.wagner@bmw-carit.de>,
LKML <linux-kernel@vger.kernel.org>,
netdev@vger.kernel.org, Cgroups <cgroups@vger.kernel.org>
Subject: Re: [BUG] Bug in netprio_cgroup and netcls_cgroup ?
Date: Wed, 23 Jan 2013 10:24:31 +0100 [thread overview]
Message-ID: <50FFAC4F.6010602@monom.org> (raw)
In-Reply-To: <50FF287C.70906@gmail.com>
On 23.01.2013 01:02, John Fastabend wrote:
> [...]
>
>>>
>>> OK, I guess we should do something similar in the netprio, netcls
>>> cgroups and
>>> yes document it as you noted in your last comment.
>>
>> Here is my attempt to add such a check. I really don't know if this is
>> the
>> correct way to do so. To test this I have written a test program, which
>> seems to test the right thing. Please have a look and let me know if
>> it is correct: http://www.monom.org/misc/scm_rights.c
>>
>> And here a dirty first version of the patch:
>>
>>
>> From 49a78d907eaf31c16673025e7e3b4844e419e416 Mon Sep 17 00:00:00 2001
>> From: Daniel Wagner <daniel.wagner@bmw-carit.de>
>> Date: Tue, 22 Jan 2013 11:08:22 +0100
>> Subject: [PATCH] net: net_prio: Block attach if a socket is shared
>>
>> ---
>> net/core/netprio_cgroup.c | 30 ++++++++++++++++++++++++++++++
>> 1 file changed, 30 insertions(+)
>>
>> diff --git a/net/core/netprio_cgroup.c b/net/core/netprio_cgroup.c
>> index 847c02b..de4e6c5 100644
>> --- a/net/core/netprio_cgroup.c
>> +++ b/net/core/netprio_cgroup.c
>> @@ -274,9 +274,39 @@ static struct cftype ss_files[] = {
>> { } /* terminate */
>> };
>>
>> +static int check_cnt(const void *v, struct file *file, unsigned n)
>> +{
>> + unsigned *flag = (unsigned *)v;
>> + int err;
>> +
>> + struct socket *sock = sock_from_file(file, &err);
>> + if (sock && file_count(file) > 1)
>> + *flag = 1;
>> +
>
> I think this check will catch a lot of cases that are not necessarily
> sharing a socket across tasks though. For example iscsid passes a file
> descriptor to the kernel which does a sockfd_lookup() incrementing
> f_count. Similarly look at dup/clone/etc.
Yep, I expected that this patch was too simple.
> In many of these cases I believe it should be OK to move the task
> around when the sockets are not shared between multiple tasks.
Do you know of a different way to identify the shared sockets?
thanks,
daniel
next prev parent reply other threads:[~2013-01-23 9:24 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-21 6:08 [BUG] Bug in netprio_cgroup and netcls_cgroup ? Li Zefan
2013-01-21 6:08 ` Li Zefan
2013-01-21 6:08 ` Li Zefan
[not found] ` <50FCDB5C.4050608-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-01-21 8:50 ` Daniel Wagner
2013-01-21 8:50 ` Daniel Wagner
[not found] ` <50FD0144.1000401-kQCPcA+X3s7YtjvyW6yDsg@public.gmane.org>
2013-01-21 9:01 ` Li Zefan
2013-01-21 9:01 ` Li Zefan
2013-01-21 9:01 ` Li Zefan
[not found] ` <50FD0402.6060400-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2013-01-21 9:21 ` John Fastabend
2013-01-21 9:21 ` John Fastabend
[not found] ` <50FD0893.1050805-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2013-01-21 9:52 ` Li Zefan
2013-01-21 9:52 ` Li Zefan
2013-01-21 9:52 ` Li Zefan
2013-01-21 9:27 ` Daniel Wagner
2013-01-21 9:27 ` Daniel Wagner
2013-01-21 9:57 ` Li Zefan
2013-01-21 9:57 ` Li Zefan
2013-01-21 17:18 ` John Fastabend
[not found] ` <50FD786E.4050108-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2013-01-22 10:09 ` Daniel Wagner
2013-01-22 10:09 ` Daniel Wagner
2013-01-22 10:09 ` Daniel Wagner
2013-01-23 0:02 ` John Fastabend
[not found] ` <50FF287C.70906-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2013-01-23 9:24 ` Daniel Wagner [this message]
2013-01-23 9:24 ` Daniel Wagner
2013-01-25 8:39 ` Li Zefan
2013-01-25 8:39 ` Li Zefan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50FFAC4F.6010602@monom.org \
--to=wagi-kqcpca+x3s7ytjvyw6ydsg@public.gmane.org \
--cc=cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=daniel.wagner-98C5kh4wR6ohFhg+JK9F0w@public.gmane.org \
--cc=john.fastabend-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=john.r.fastabend-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=lizefan-hv44wF8Li93QT0dZR+AlfA@public.gmane.org \
--cc=netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=nhorman-2XuSBdqkA4R54TAoqtyWWQ@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.