From: ebiederm@xmission.com (Eric W. Biederman)
To: Stephen Hemminger <shemminger@vyatta.com>
Cc: netdev@vger.kernel.org
Subject: Re: network namespace and kernel bind issue
Date: Mon, 01 Oct 2012 15:40:56 -0700 [thread overview]
Message-ID: <87fw5xeryf.fsf@xmission.com> (raw)
In-Reply-To: <20121001145838.5eafef4c@nehalam.linuxnetplumber.net> (Stephen Hemminger's message of "Mon, 1 Oct 2012 14:58:38 -0700")
Stephen Hemminger <shemminger@vyatta.com> writes:
> On Mon, 1 Oct 2012 14:16:09 -0700
> Stephen Hemminger <shemminger@vyatta.com> wrote:
>
>> When testing VXLAN I noticed that the kernel bind seems to be a problem for
>> network tunnels. The init_net function is called repeatedly for the same
>> network namespace!
It definitely should not be.
>> 1. Create vxlan device:
>> # ip li add vxlan0 type vxlan id 11 group 239.1.1.1 dev eth0
>> # dmesg | tail
>> [11580.671016] vxlan: vxlan_init_net in net 1
Net 1? What are you printing out? It isn't the net_id by any chance?
>> 2. Start Chrome (or other application using namespaces)
>>
>> dmesg | tail
>> [11587.371195] vxlan: vxlan_init_net in net 1
>> [11587.371211] vxlan: bind for UDP socket 0.0.0.0:8472 (-98)
>>
>>
>> Isn't init_net supposed to be unique. The current semantics also break
>> L2TP.
The init method should be called exactly once per network namespace.
The timing of the init methods you report seems correct.
The vxlan code isn't in net-next or I would take a look.
I took a quick look at l2tp and the code is doing some weird things.
There are a bunch of references to &init_net that I would expect
to references to either sk_net() or dev_net().
Adding support for multiple network namespaces and then reaching
out to the initial network namespace for things is definitely a recipe
for getting confused.
So my blind guess would be that someone half implemented network
namespace support for l2tp and vxlan copied the bugs.
Eric
>> This is with 3.6.0-rc7-net-next
>
> Here is back trace from where duplicate network namespace init gets done.
> [13532.579900] vxlan: bind for UDP socket 0.0.0.0:8472 (-98)
> [13532.579903] ------------[ cut here ]------------
> [13532.579906] WARNING: at drivers/net/vxlan.c:1148 vxlan_init_net+0xc9/0x126 [vxlan]()
> [13532.579907] Hardware name: System Product Name
> [13532.579908] Modules linked in: vxlan nfnetlink_log nfnetlink ip6table_filter ip6_tables ebtable_nat ebtables ipt_MASQUERADE iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack ipt_REJECT xt_CHECKSUM iptable_mangle xt_tcpudp iptable_filter ip_tables x_tables tun bridge stp llc cpufreq_stats cpufreq_powersave cpufreq_conservative cpufreq_userspace binfmt_misc fuse loop snd_hda_codec_hdmi snd_hda_codec_realtek i915 hid_belkin hid_generic snd_hda_intel evdev snd_hda_codec drm_kms_helper snd_hwdep drm snd_pcm_oss snd_pcm psmouse microcode snd_page_alloc serio_raw pcspkr i2c_i801 snd_timer i2c_algo_bit i2c_core acpi_cpufreq mperf processor video button btrfs libcrc32c lzo_compress zlib_deflate crc32c_intel ghash_clmulni_intel aesni_intel aes_x86_64 ablk_hel
per cryptd usbhid hid ixgbe r8169 mii mdio thermal [last unloaded: vxlan]
> [13532.579965] Pid: 7130, comm: chromium-sandbo Not tainted 3.6.0-rc7-net-next+ #10
> [13532.579966] Call Trace:
> [13532.579972] [<ffffffff8106674e>] warn_slowpath_common+0x83/0x9c
> [13532.579974] [<ffffffff81066781>] warn_slowpath_null+0x1a/0x1c
> [13532.579976] [<ffffffffa03ea87d>] vxlan_init_net+0xc9/0x126 [vxlan]
> [13532.579980] [<ffffffff8136b4dd>] ops_init+0xcd/0xfc
> [13532.579982] [<ffffffff8136b824>] setup_net+0x51/0xd8
> [13532.579984] [<ffffffff8136bd37>] copy_net_ns+0x6c/0xd7
> [13532.579987] [<ffffffff810882bb>] create_new_namespaces+0xd8/0x14f
> [13532.579989] [<ffffffff81088417>] copy_namespaces+0x69/0x9e
> [13532.579991] [<ffffffff81065b10>] copy_process.part.27+0x12ae/0x12f5
> [13532.579994] [<ffffffff8144170f>] ? do_page_fault+0x2fb/0x37c
> [13532.579997] [<ffffffff8111d4d8>] ? might_fault+0x5c/0xac
> [13532.579998] [<ffffffff81065cb2>] do_fork+0x120/0x2fc
> [13532.580001] [<ffffffff810e7343>] ? time_hardirqs_off+0x15/0x2a
> [13532.580004] [<ffffffff8143ea53>] ? error_sti+0x5/0x6
> [13532.580007] [<ffffffff810a7204>] ? trace_hardirqs_off_caller+0x3f/0x9e
> [13532.580009] [<ffffffff8143e646>] ? retint_swapgs+0xe/0x13
> [13532.580012] [<ffffffff8103e541>] sys_clone+0x28/0x2a
> [13532.580014] [<ffffffff814450e3>] stub_clone+0x13/0x20
> [13532.580016] [<ffffffff81444d92>] ? system_call_fastpath+0x16/0x1b
> [13532.580018] ---[ end trace 2c2b222e23a4d880 ]---
> [13573.765721] vxlan: bind for UDP socket 0.0.0.0:8472 (-98)
next parent reply other threads:[~2012-10-01 22:41 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20121001141609.14639bc0@nehalam.linuxnetplumber.net>
[not found] ` <20121001145838.5eafef4c@nehalam.linuxnetplumber.net>
2012-10-01 22:40 ` Eric W. Biederman [this message]
2012-10-01 22:57 ` network namespace and kernel bind issue Stephen Hemminger
2012-10-01 23:11 ` Eric W. Biederman
2012-10-01 23:32 ` Stephen Hemminger
2012-10-02 0:35 ` Eric W. Biederman
2012-10-02 0:48 ` Stephen Hemminger
2012-10-02 6:15 ` Julian Anastasov
2012-10-02 15:51 ` Stephen Hemminger
2012-10-02 0:51 ` [PATCH net-next] vxlan: put UDP socket in correct namespace Stephen Hemminger
2012-10-02 0:58 ` Eric W. Biederman
2012-10-02 4:49 ` [PATCHv2 " Stephen Hemminger
2012-10-02 15:18 ` Eric W. Biederman
2012-10-02 18:39 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87fw5xeryf.fsf@xmission.com \
--to=ebiederm@xmission.com \
--cc=netdev@vger.kernel.org \
--cc=shemminger@vyatta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.