Re: [RFC] net: make net.core.{r,w}mem_{default,max} namespaced

public inbox for netdev@vger.kernel.org
 help / color / mirror / Atom feed

From: Hannes Frederic Sowa <hannes@stressinduktion.org>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Matteo Croce <mcroce@redhat.com>, netdev@vger.kernel.org
Subject: Re: [RFC] net: make net.core.{r,w}mem_{default,max} namespaced
Date: Tue, 01 Aug 2017 02:17:20 -0400	[thread overview]
Message-ID: <87wp6nerrj.fsf@stressinduktion.org> (raw)
In-Reply-To: <1501495652.1876.17.camel@edumazet-glaptop3.roam.corp.google.com> (Eric Dumazet's message of "Mon, 31 Jul 2017 03:07:32 -0700")

Eric Dumazet <eric.dumazet@gmail.com> writes:

> On Wed, 2017-07-26 at 19:03 +0200, Matteo Croce wrote:
>> The following sysctl are global and can't be read or set from a netns:
>> 
>> net.core.rmem_default
>> net.core.rmem_max
>> net.core.wmem_default
>> net.core.wmem_max
>> 
>> Make the following sysctl parameters available from within a network
>> namespace, allowing to set unique values per network namespace.
>> 
>> My concern is about the initial value of this sysctl in the newly
>> creates netns: I'm not sure if is better to copy them from the init
>> namespace or set them to the default values.
>> 
>> Setting them to the default value has the advantage that a new namespace
>> behaves like a freshly booted system, while copying them from the init
>> netns has the advantage of keeping the current behaviour as the values
>> from the init netns are used.
>> 
>> Signed-off-by: Matteo Croce <mcroce@redhat.com>
>> ---
>
> It looks that these sysctls were giving some kind of isolation.
>
> If we make them per namespace, a malicious usage could eat all memory
> and hurt other namespaces.

We do account rmem as well as wmem allocated memory to the apropriate
mem_cgs. In theory this should be okay.

Bye,
Hannes

next prev parent reply	other threads:[~2017-08-01  6:17 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-07-26 17:03 [RFC] net: make net.core.{r,w}mem_{default,max} namespaced Matteo Croce
2017-07-28 20:51 ` Hannes Frederic Sowa
2017-07-31 10:07 ` Eric Dumazet
2017-08-01  6:17   ` Hannes Frederic Sowa [this message]
2017-08-01  7:18     ` Eric Dumazet
2017-08-01  9:33       ` Hannes Frederic Sowa

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87wp6nerrj.fsf@stressinduktion.org \
    --to=hannes@stressinduktion.org \
    --cc=eric.dumazet@gmail.com \
    --cc=mcroce@redhat.com \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox