From: Fan Du <fan.du@windriver.com>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: 王聪 <xiyou.wangcong@gmail.com>,
steffen.klassert@secunet.com, davem@davemloft.net,
netdev@vger.kernel.org
Subject: [PATCHv4 net-next] xfrm: Namespacify xfrm_policy_sk_bundles
Date: Fri, 20 Dec 2013 11:34:41 +0800 [thread overview]
Message-ID: <52B3BAD1.30205@windriver.com> (raw)
In-Reply-To: <1387424650.19078.355.camel@edumazet-glaptop2.roam.corp.google.com>
On 2013年12月19日 11:44, Eric Dumazet wrote:
> On Thu, 2013-12-19 at 11:17 +0800, Fan Du wrote:
>>
>
>> diff --git a/include/net/netns/xfrm.h b/include/net/netns/xfrm.h
>> index 1006a26..22f4f90 100644
>> --- a/include/net/netns/xfrm.h
>> +++ b/include/net/netns/xfrm.h
>> @@ -58,9 +58,9 @@ struct netns_xfrm {
>> struct dst_ops xfrm6_dst_ops;
>> #endif
>> spinlock_t xfrm_state_lock;
>> - spinlock_t xfrm_policy_sk_bundle_lock;
>> rwlock_t xfrm_policy_lock;
>> struct mutex xfrm_cfg_mutex;
>> + struct llist_head xp_sk_bundles_list;
>> };
>>
>> #endif
>> diff --git a/include/net/xfrm.h b/include/net/xfrm.h
>> index 59f5d0a..05296ab 100644
>> --- a/include/net/xfrm.h
>> +++ b/include/net/xfrm.h
>> @@ -957,6 +957,7 @@ struct xfrm_dst {
>> u32 child_mtu_cached;
>> u32 route_cookie;
>> u32 path_cookie;
>> + struct llist_node xdst_llist;
>> };
>>
>
> Hmm... Thats not very nice.
>
> Please reuse the storage adding a llist_node in the union ?
>
> diff --git a/include/net/dst.h b/include/net/dst.h
> index 44995c13e941..3f604f47cc58 100644
> --- a/include/net/dst.h
> +++ b/include/net/dst.h
> @@ -14,6 +14,7 @@
> #include<linux/rcupdate.h>
> #include<linux/bug.h>
> #include<linux/jiffies.h>
> +#include<linux/llist.h>
> #include<net/neighbour.h>
> #include<asm/processor.h>
>
> @@ -103,6 +104,7 @@ struct dst_entry {
> struct rtable __rcu *rt_next;
> struct rt6_info *rt6_next;
> struct dn_route __rcu *dn_next;
> + struct llist_node llist;
> };
> };
Hi, Eric
You are correct on this, have fix the patch wrt your comments.
Thank you very much.
From 1b929e1cdea978d0c8d10d731af84969bd37004b Mon Sep 17 00:00:00 2001
From: Fan Du <fan.du@windriver.com>
Date: Fri, 20 Dec 2013 11:23:27 +0800
Subject: [PATCHv4 net-next] xfrm: Namespacify xfrm_policy_sk_bundles
xfrm_policy_sk_bundles, protected by net->xfrm.xfrm_policy_sk_bundle_lock
should be put into netns xfrm structure, otherwise xfrm_policy_sk_bundles
can be corrupted from different net namespace.
Moreover current xfrm_policy_sk_bundle_lock used in below two scenarios:
1. xfrm_lookup(Process context) vs __xfrm_garbage_collect(softirq context)
2. xfrm_lookup(Process context) vs __xfrm_garbage_collect(Process context
when SPD change or dev down)
We can use lock less list to cater to those two scenarios as suggested by
Eric Dumazet.
Signed-off-by: Fan Du <fan.du@windriver.com>
Assisted-by: Eric Dumazet <edumazet@google.com>
---
v2:
Fix incorrect commit log.
v3:
Drop xchg, use llist instead, adviced by Eric Dumazet.
v4:
Incorporate Eric's comments.
-Union llist with dst_entry->next, which is used for queuing previous,
then it's safe to do so.
-Use llist_for_each_entry_safe for purging list.
-Rebase with net-next, as ipsec-next got pulled.
---
include/net/dst.h | 5 +++++
include/net/netns/xfrm.h | 2 +-
net/xfrm/xfrm_policy.c | 26 ++++++--------------------
3 files changed, 12 insertions(+), 21 deletions(-)
diff --git a/include/net/dst.h b/include/net/dst.h
index 77eb53f..e9b81f0 100644
--- a/include/net/dst.h
+++ b/include/net/dst.h
@@ -14,6 +14,7 @@
#include <linux/rcupdate.h>
#include <linux/bug.h>
#include <linux/jiffies.h>
+#include <linux/llist.h>
#include <net/neighbour.h>
#include <asm/processor.h>
@@ -103,6 +104,10 @@ struct dst_entry {
struct rtable __rcu *rt_next;
struct rt6_info *rt6_next;
struct dn_route __rcu *dn_next;
+#ifdef CONFIG_XFRM
+ /* Used to queue each policy sk dst */
+ struct llist_node llist;
+#endif
};
};
diff --git a/include/net/netns/xfrm.h b/include/net/netns/xfrm.h
index 1006a26..22f4f90 100644
--- a/include/net/netns/xfrm.h
+++ b/include/net/netns/xfrm.h
@@ -58,9 +58,9 @@ struct netns_xfrm {
struct dst_ops xfrm6_dst_ops;
#endif
spinlock_t xfrm_state_lock;
- spinlock_t xfrm_policy_sk_bundle_lock;
rwlock_t xfrm_policy_lock;
struct mutex xfrm_cfg_mutex;
+ struct llist_head xp_sk_bundles_list;
};
#endif
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index a7487f3..0cc7446 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -39,8 +39,6 @@
#define XFRM_QUEUE_TMO_MAX ((unsigned)(60*HZ))
#define XFRM_MAX_QUEUE_LEN 100
-static struct dst_entry *xfrm_policy_sk_bundles;
-
static DEFINE_SPINLOCK(xfrm_policy_afinfo_lock);
static struct xfrm_policy_afinfo __rcu *xfrm_policy_afinfo[NPROTO]
__read_mostly;
@@ -2108,12 +2106,7 @@ struct dst_entry *xfrm_lookup(struct net *net, struct dst_entry *dst_orig,
}
dst_hold(&xdst->u.dst);
-
- spin_lock_bh(&net->xfrm.xfrm_policy_sk_bundle_lock);
- xdst->u.dst.next = xfrm_policy_sk_bundles;
- xfrm_policy_sk_bundles = &xdst->u.dst;
- spin_unlock_bh(&net->xfrm.xfrm_policy_sk_bundle_lock);
-
+ llist_add(&xdst->u.dst.llist, &net->xfrm.xp_sk_bundles_list);
route = xdst->route;
}
}
@@ -2549,18 +2542,12 @@ static struct dst_entry *xfrm_negative_advice(struct dst_entry *dst)
static void __xfrm_garbage_collect(struct net *net)
{
- struct dst_entry *head, *next;
+ struct llist_node *head;
+ struct dst_entry *dst, *tmp;
- spin_lock_bh(&net->xfrm.xfrm_policy_sk_bundle_lock);
- head = xfrm_policy_sk_bundles;
- xfrm_policy_sk_bundles = NULL;
- spin_unlock_bh(&net->xfrm.xfrm_policy_sk_bundle_lock);
-
- while (head) {
- next = head->next;
- dst_free(head);
- head = next;
- }
+ head = llist_del_all(&net->xfrm.xp_sk_bundles_list);
+ llist_for_each_entry_safe(dst, tmp, head, llist)
+ dst_free(dst);
}
void xfrm_garbage_collect(struct net *net)
@@ -2942,7 +2929,6 @@ static int __net_init xfrm_net_init(struct net *net)
/* Initialize the per-net locks here */
spin_lock_init(&net->xfrm.xfrm_state_lock);
rwlock_init(&net->xfrm.xfrm_policy_lock);
- spin_lock_init(&net->xfrm.xfrm_policy_sk_bundle_lock);
mutex_init(&net->xfrm.xfrm_cfg_mutex);
return 0;
--
1.7.9.5
--
浮沉随浪只记今朝笑
--fan
next prev parent reply other threads:[~2013-12-20 3:34 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-18 3:34 [PATCHv2 ipsec-next] xfrm: Namespacify xfrm_policy_sk_bundles Fan Du
2013-12-18 4:50 ` Eric Dumazet
2013-12-18 5:33 ` Cong Wang
2013-12-18 5:33 ` Fan Du
2013-12-18 5:44 ` Eric Dumazet
2013-12-19 1:35 ` Fan Du
2013-12-19 2:15 ` Eric Dumazet
2013-12-19 3:17 ` [PATCHv3 net-next] " Fan Du
2013-12-19 3:44 ` Eric Dumazet
2013-12-19 7:47 ` Fan Du
2013-12-20 3:34 ` Fan Du [this message]
2013-12-24 1:12 ` [PATCHv4 " Fan Du
2013-12-24 5:31 ` David Miller
2013-12-24 5:39 ` Fan Du
2013-12-24 9:50 ` Steffen Klassert
2013-12-24 9:56 ` Fan Du
2013-12-24 17:54 ` David Miller
2013-12-24 10:35 ` Steffen Klassert
2013-12-25 6:40 ` Fan Du
2013-12-25 8:11 ` Timo Teras
2013-12-25 8:44 ` Fan Du
2014-01-06 10:35 ` Steffen Klassert
2014-01-07 2:43 ` Fan Du
2014-01-09 12:38 ` Steffen Klassert
2014-01-10 9:23 ` Fan Du
2013-12-19 3:48 ` [PATCHv3 " Eric Dumazet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52B3BAD1.30205@windriver.com \
--to=fan.du@windriver.com \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=steffen.klassert@secunet.com \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.