From: Vasiliy Kovalev <kovalev@altlinux.org>
To: stable@vger.kernel.org
Cc: netdev@vger.kernel.org, Eric Dumazet <edumazet@google.com>,
Yajun Deng <yajun.deng@linux.dev>,
"David S . Miller" <davem@davemloft.net>,
Hazem Mohamed Abuelfotoh <abuehaze@amazon.com>,
lvc-project@linuxtesting.org, kovalev@altlinux.org
Subject: [PATCH v3 5.10 1/2] net: net_namespace: Optimize the code
Date: Wed, 29 Jan 2025 01:15:21 +0300 [thread overview]
Message-ID: <20250128221522.21706-2-kovalev@altlinux.org> (raw)
In-Reply-To: <20250128221522.21706-1-kovalev@altlinux.org>
From: Yajun Deng <yajun.deng@linux.dev>
commit 41467d2ff4dfe1837cbb0f45e2088e6e787580c6 upstream.
There is only one caller for ops_free(), so inline it.
Separate net_drop_ns() and net_free(), so the net_free()
can be called directly.
Add free_exit_list() helper function for free net_exit_list.
====================
v2:
- v1 does not apply, rebase it.
====================
Signed-off-by: Yajun Deng <yajun.deng@linux.dev>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>
---
net/core/net_namespace.c | 52 +++++++++++++++++++---------------------
1 file changed, 24 insertions(+), 28 deletions(-)
diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
index 6192a05ebcce2c..ef19a0eaa55aa3 100644
--- a/net/core/net_namespace.c
+++ b/net/core/net_namespace.c
@@ -113,7 +113,7 @@ static int net_assign_generic(struct net *net, unsigned int id, void *data)
}
ng = net_alloc_generic();
- if (ng == NULL)
+ if (!ng)
return -ENOMEM;
/*
@@ -170,13 +170,6 @@ static int ops_init(const struct pernet_operations *ops, struct net *net)
return err;
}
-static void ops_free(const struct pernet_operations *ops, struct net *net)
-{
- if (ops->id && ops->size) {
- kfree(net_generic(net, *ops->id));
- }
-}
-
static void ops_pre_exit_list(const struct pernet_operations *ops,
struct list_head *net_exit_list)
{
@@ -208,7 +201,7 @@ static void ops_free_list(const struct pernet_operations *ops,
struct net *net;
if (ops->size && ops->id) {
list_for_each_entry(net, net_exit_list, exit_list)
- ops_free(ops, net);
+ kfree(net_generic(net, *ops->id));
}
}
@@ -454,15 +447,18 @@ static struct net *net_alloc(void)
static void net_free(struct net *net)
{
- kfree(rcu_access_pointer(net->gen));
- kmem_cache_free(net_cachep, net);
+ if (refcount_dec_and_test(&net->passive)) {
+ kfree(rcu_access_pointer(net->gen));
+ kmem_cache_free(net_cachep, net);
+ }
}
void net_drop_ns(void *p)
{
- struct net *ns = p;
- if (ns && refcount_dec_and_test(&ns->passive))
- net_free(ns);
+ struct net *net = (struct net *)p;
+
+ if (net)
+ net_free(net);
}
struct net *copy_net_ns(unsigned long flags,
@@ -502,7 +498,7 @@ struct net *copy_net_ns(unsigned long flags,
key_remove_domain(net->key_domain);
#endif
put_user_ns(user_ns);
- net_drop_ns(net);
+ net_free(net);
dec_ucounts:
dec_net_namespaces(ucounts);
return ERR_PTR(rv);
@@ -636,7 +632,7 @@ static void cleanup_net(struct work_struct *work)
key_remove_domain(net->key_domain);
#endif
put_user_ns(net->user_ns);
- net_drop_ns(net);
+ net_free(net);
}
}
@@ -1160,6 +1156,14 @@ static int __init net_ns_init(void)
pure_initcall(net_ns_init);
+static void free_exit_list(struct pernet_operations *ops, struct list_head *net_exit_list)
+{
+ ops_pre_exit_list(ops, net_exit_list);
+ synchronize_rcu();
+ ops_exit_list(ops, net_exit_list);
+ ops_free_list(ops, net_exit_list);
+}
+
#ifdef CONFIG_NET_NS
static int __register_pernet_operations(struct list_head *list,
struct pernet_operations *ops)
@@ -1185,10 +1189,7 @@ static int __register_pernet_operations(struct list_head *list,
out_undo:
/* If I have an error cleanup all namespaces I initialized */
list_del(&ops->list);
- ops_pre_exit_list(ops, &net_exit_list);
- synchronize_rcu();
- ops_exit_list(ops, &net_exit_list);
- ops_free_list(ops, &net_exit_list);
+ free_exit_list(ops, &net_exit_list);
return error;
}
@@ -1201,10 +1202,8 @@ static void __unregister_pernet_operations(struct pernet_operations *ops)
/* See comment in __register_pernet_operations() */
for_each_net(net)
list_add_tail(&net->exit_list, &net_exit_list);
- ops_pre_exit_list(ops, &net_exit_list);
- synchronize_rcu();
- ops_exit_list(ops, &net_exit_list);
- ops_free_list(ops, &net_exit_list);
+
+ free_exit_list(ops, &net_exit_list);
}
#else
@@ -1227,10 +1226,7 @@ static void __unregister_pernet_operations(struct pernet_operations *ops)
} else {
LIST_HEAD(net_exit_list);
list_add(&init_net.exit_list, &net_exit_list);
- ops_pre_exit_list(ops, &net_exit_list);
- synchronize_rcu();
- ops_exit_list(ops, &net_exit_list);
- ops_free_list(ops, &net_exit_list);
+ free_exit_list(ops, &net_exit_list);
}
}
--
2.33.8
next prev parent reply other threads:[~2025-01-28 22:15 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-28 22:15 [PATCH v3 5.10 0/2] net: Backport to fix CVE-2024-56658 Vasiliy Kovalev
2025-01-28 22:15 ` Vasiliy Kovalev [this message]
2025-01-28 22:15 ` [PATCH v3 5.10 2/2] net: defer final 'struct net' free in netns dismantle Vasiliy Kovalev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250128221522.21706-2-kovalev@altlinux.org \
--to=kovalev@altlinux.org \
--cc=abuehaze@amazon.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=lvc-project@linuxtesting.org \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=yajun.deng@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).