* Re: [PATCH] SELinux: Fix RCU deref check warning in sel_netport_insert()
From: Paul Moore @ 2011-10-03 21:30 UTC (permalink / raw)
To: David Howells; +Cc: selinux, netdev
In-Reply-To: <20111003135824.15303.10147.stgit@warthog.procyon.org.uk>
On Monday, October 03, 2011 02:58:24 PM David Howells wrote:
> Fix the following bug in sel_netport_insert() where rcu_dereference() should
> be rcu_dereference_protected() as sel_netport_lock is held.
>
> ===================================================
> [ INFO: suspicious rcu_dereference_check() usage. ]
> ---------------------------------------------------
> security/selinux/netport.c:127 invoked rcu_dereference_check() without
> protection!
>
> other info that might help us debug this:
>
>
> rcu_scheduler_active = 1, debug_locks = 0
> 1 lock held by ossec-rootcheck/3323:
> #0: (sel_netport_lock){+.....}, at: [<ffffffff8117d775>]
> sel_netport_sid+0xbb/0x226
>
> stack backtrace:
> Pid: 3323, comm: ossec-rootcheck Not tainted 3.1.0-rc8-fsdevel+ #1095
> Call Trace:
> [<ffffffff8105cfb7>] lockdep_rcu_dereference+0xa7/0xb0
> [<ffffffff8117d871>] sel_netport_sid+0x1b7/0x226
> [<ffffffff8117d6ba>] ? sel_netport_avc_callback+0xbc/0xbc
> [<ffffffff8117556c>] selinux_socket_bind+0x115/0x230
> [<ffffffff810a5388>] ? might_fault+0x4e/0x9e
> [<ffffffff810a53d1>] ? might_fault+0x97/0x9e
> [<ffffffff81171cf4>] security_socket_bind+0x11/0x13
> [<ffffffff812ba967>] sys_bind+0x56/0x95
> [<ffffffff81380dac>] ? sysret_check+0x27/0x62
> [<ffffffff8105b767>] ? trace_hardirqs_on_caller+0x11e/0x155
> [<ffffffff81076fcd>] ? audit_syscall_entry+0x17b/0x1ae
> [<ffffffff811b5eae>] ? trace_hardirqs_on_thunk+0x3a/0x3f
> [<ffffffff81380d7b>] system_call_fastpath+0x16/0x1b
>
> Signed-off-by: David Howells <dhowells@redhat.com>
> ---
>
> security/selinux/netport.c | 4 +++-
> 1 files changed, 3 insertions(+), 1 deletions(-)
We should probably do the same for the security/selinux/netif.c as it uses the
same logic; David is this something you want to tackle?
Acked-by: Paul Moore <paul@paul-moore.com>
> diff --git a/security/selinux/netport.c b/security/selinux/netport.c
> index 0b62bd1..39e2138 100644
> --- a/security/selinux/netport.c
> +++ b/security/selinux/netport.c
> @@ -123,7 +123,9 @@ static void sel_netport_insert(struct sel_netport *port)
> if (sel_netport_hash[idx].size == SEL_NETPORT_HASH_BKT_LIMIT) {
> struct sel_netport *tail;
> tail = list_entry(
> - rcu_dereference(sel_netport_hash[idx].list.prev),
> + rcu_dereference_protected(
> + sel_netport_hash[idx].list.prev,
> + spin_is_locked(&sel_netport_lock)),
> struct sel_netport, list);
> list_del_rcu(&tail->list);
> kfree_rcu(tail, rcu);
>
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
paul moore
www.paul-moore.com
^ permalink raw reply
* Re: [PATCH] SELinux: Fix RCU deref check warning in sel_netport_insert()
From: David Howells @ 2011-10-03 23:07 UTC (permalink / raw)
To: Paul Moore
Cc: dhowells-H+wXaHxf7aLQT0dZR+AlfA, selinux-+05T5uksL2qpZYMLLGbcSA,
netdev-u79uwXL29TY76Z2rM5mHXA
In-Reply-To: <2230709.7n5noARWFd@sifl>
Paul Moore <paul-r2n+y4ga6xFZroRs9YW3xA@public.gmane.org> wrote:
> We should probably do the same for the security/selinux/netif.c as it uses
> the same logic; David is this something you want to tackle?
I can have a look, but it won't be before Wednesday.
David
^ permalink raw reply
* Re: [PATCH] virtio-net: Read MAC only after initializing MSI-X
From: Rusty Russell @ 2011-10-03 23:51 UTC (permalink / raw)
To: Michael S. Tsirkin
Cc: Sasha Levin, linux-kernel, virtualization, netdev, kvm,
David Gibson
In-Reply-To: <20111002090900.GA29706@redhat.com>
On Sun, 2 Oct 2011 11:09:00 +0200, "Michael S. Tsirkin" <mst@redhat.com> wrote:
> On Mon, Sep 19, 2011 at 05:19:49PM +0930, Rusty Russell wrote:
> > On Mon, 19 Sep 2011 09:01:50 +0300, "Michael S. Tsirkin" <mst@redhat.com> wrote:
> > > On Mon, Sep 19, 2011 at 01:05:17PM +0930, Rusty Russell wrote:
> > > > On Sat, 20 Aug 2011 23:00:44 +0300, "Michael S. Tsirkin" <mst@redhat.com> wrote:
> > > > > On Fri, Aug 19, 2011 at 07:33:07PM +0300, Sasha Levin wrote:
> > > > > > Maybe this is better solved by copying the way it was done in PCI itself
> > > > > > with capability linked list?
> > > > >
> > > > > There are any number of ways to lay out the structure. I went for what
> > > > > seemed a simplest one. For MSI-X the train has left the station. We
> > > > > can probably still tweak where the high 32 bit features
> > > > > for 64 bit features are. No idea if it's worth it.
> > > >
> > > > Sorry, this has been in the back of my mind. I think it's a good idea;
> > > > can we use the capability linked list for pre-device specific stuff from
> > > > now on?
> > > >
> > > > Thanks,
> > > > Rusty.
> > >
> > > Do we even want capability bits then?
> > > We can give each capability an ack flag ...
> >
> > We could have, and if I'd known PCI when I designed virtio I might have.
> >
> > But it's not easy now to map structure offsets to that scheme, and we
> > can't really force such a change on the non-PCI users. So I'd say we
> > should only do it for the non-device-specific options. ie. we'll still
> > have the MSI-X case move the device-specific config, but we'll use a
> > linked list from now on, eg. for the next 32 features bits...
> >
> > Thoughts?
> > Rusty.
>
> So I thought about this some more. It probably makes sense to
> stop adding info in the io space, and start adding new stuff in
> memory space which is much less contrained.
>
> As we need to keep compatibility, and also because memory access is
> much slower with kvm so we prefer io for datapath, we could have the
> first X bytes still mirrored in io space.
>
> MSIX is there, and it's pointed to from config space,
> so we could just put our stuff at offset 0.
>
> Or if we wanted a lot of flexibility, we could add pointers, in config
> space, to device specific and non device specific regions in memory
> space.
>
> Makes sense?
I've cc'd David Gibson who has noted in the past that I/O space on PPC
is icky.
I think a linked list for future virtio-pci extensions makes sense (not
device-specific stuff, that's great as a simple structure). I think
mirroring everything in mem space makes sense, too.
Thanks,
Rusty.
^ permalink raw reply
* Re: [PATCH] SELinux: Fix RCU deref check warning in sel_netport_insert()
From: Paul Moore @ 2011-10-04 0:06 UTC (permalink / raw)
To: David Howells; +Cc: selinux, netdev
In-Reply-To: <25906.1317683262@redhat.com>
On Tuesday, October 4, 2011 12:07:42 AM David Howells wrote:
> Paul Moore <paul@paul-moore.com> wrote:
> > We should probably do the same for the security/selinux/netif.c as it
> > uses the same logic; David is this something you want to tackle?
>
> I can have a look, but it won't be before Wednesday.
Not a problem, if you don't get to it just let me know and I'll put together a
patch.
Thanks.
--
paul moore
www.paul-moore.com
^ permalink raw reply
* Re: [PATCH v4 1/8] Basic kernel memory functionality for the Memory Controller
From: KAMEZAWA Hiroyuki @ 2011-10-04 0:38 UTC (permalink / raw)
To: Glauber Costa
Cc: linux-kernel, paul, lizf, ebiederm, davem, gthelen, netdev,
linux-mm, kirill, avagin
In-Reply-To: <1317637123-18306-2-git-send-email-glommer@parallels.com>
On Mon, 3 Oct 2011 14:18:36 +0400
Glauber Costa <glommer@parallels.com> wrote:
> This patch lays down the foundation for the kernel memory component
> of the Memory Controller.
>
> As of today, I am only laying down the following files:
>
> * memory.independent_kmem_limit
> * memory.kmem.limit_in_bytes (currently ignored)
> * memory.kmem.usage_in_bytes (always zero)
>
> Signed-off-by: Glauber Costa <glommer@parallels.com>
> CC: Paul Menage <paul@paulmenage.org>
> CC: Greg Thelen <gthelen@google.com>
> ---
> Documentation/cgroups/memory.txt | 30 +++++++++++-
> init/Kconfig | 11 ++++
> mm/memcontrol.c | 94 +++++++++++++++++++++++++++++++++++---
> 3 files changed, 126 insertions(+), 9 deletions(-)
>
> diff --git a/Documentation/cgroups/memory.txt b/Documentation/cgroups/memory.txt
> index 6f3c598..6f1954a 100644
> --- a/Documentation/cgroups/memory.txt
> +++ b/Documentation/cgroups/memory.txt
> @@ -44,8 +44,9 @@ Features:
> - oom-killer disable knob and oom-notifier
> - Root cgroup has no limit controls.
>
> - Kernel memory and Hugepages are not under control yet. We just manage
> - pages on LRU. To add more controls, we have to take care of performance.
> + Hugepages is not under control yet. We just manage pages on LRU. To add more
> + controls, we have to take care of performance. Kernel memory support is work
> + in progress, and the current version provides basically functionality.
>
> Brief summary of control files.
>
> @@ -56,8 +57,11 @@ Brief summary of control files.
> (See 5.5 for details)
> memory.memsw.usage_in_bytes # show current res_counter usage for memory+Swap
> (See 5.5 for details)
> + memory.kmem.usage_in_bytes # show current res_counter usage for kmem only.
> + (See 2.7 for details)
> memory.limit_in_bytes # set/show limit of memory usage
> memory.memsw.limit_in_bytes # set/show limit of memory+Swap usage
> + memory.kmem.limit_in_bytes # if allowed, set/show limit of kernel memory
> memory.failcnt # show the number of memory usage hits limits
> memory.memsw.failcnt # show the number of memory+Swap hits limits
> memory.max_usage_in_bytes # show max memory usage recorded
> @@ -72,6 +76,9 @@ Brief summary of control files.
> memory.oom_control # set/show oom controls.
> memory.numa_stat # show the number of memory usage per numa node
>
> + memory.independent_kmem_limit # select whether or not kernel memory limits are
> + independent of user limits
> +
> 1. History
>
> The memory controller has a long history. A request for comments for the memory
> @@ -255,6 +262,25 @@ When oom event notifier is registered, event will be delivered.
> per-zone-per-cgroup LRU (cgroup's private LRU) is just guarded by
> zone->lru_lock, it has no lock of its own.
>
> +2.7 Kernel Memory Extension (CONFIG_CGROUP_MEM_RES_CTLR_KMEM)
> +
> + With the Kernel memory extension, the Memory Controller is able to limit
> +the amount of kernel memory used by the system. Kernel memory is fundamentally
> +different than user memory, since it can't be swapped out, which makes it
> +possible to DoS the system by consuming too much of this precious resource.
> +Kernel memory limits are not imposed for the root cgroup.
> +
> +Memory limits as specified by the standard Memory Controller may or may not
> +take kernel memory into consideration. This is achieved through the file
> +memory.independent_kmem_limit. A Value different than 0 will allow for kernel
> +memory to be controlled separately.
> +
> +When kernel memory limits are not independent, the limit values set in
> +memory.kmem files are ignored.
> +
> +Currently no soft limit is implemented for kernel memory. It is future work
> +to trigger slab reclaim when those limits are reached.
> +
Please add some CAUTION like
==
"CAUTION: the kmem extetion prevents tasks from moving among cgroups.
If a task has kmem accounting in a cgroup, the task cannot be moved
until the kmem resource is released. And more, until the resource is
fully released, the cgroup cannot be destroyed. So, please consider
your use cases and set kmem extention config carefully".
==
And add some memo to KCONFIG. This should be warned.
> +config CGROUP_MEM_RES_CTLR_KMEM
> + bool "Memory Resource Controller Kernel Memory accounting (EXPERIMENTAL)"
> + depends on CGROUP_MEM_RES_CTLR && EXPERIMENTAL
> + default y
default must be n until you fixes the bug.
Thanks,
-Kame
^ permalink raw reply
* Re: [PATCH v4 2/8] socket: initial cgroup code.
From: KAMEZAWA Hiroyuki @ 2011-10-04 0:41 UTC (permalink / raw)
To: Glauber Costa
Cc: linux-kernel, paul, lizf, ebiederm, davem, gthelen, netdev,
linux-mm, kirill, avagin
In-Reply-To: <1317637123-18306-3-git-send-email-glommer@parallels.com>
On Mon, 3 Oct 2011 14:18:37 +0400
Glauber Costa <glommer@parallels.com> wrote:
> We aim to control the amount of kernel memory pinned at any
> time by tcp sockets. To lay the foundations for this work,
> this patch adds a pointer to the kmem_cgroup to the socket
> structure.
>
> Signed-off-by: Glauber Costa <glommer@parallels.com>
> CC: David S. Miller <davem@davemloft.net>
> CC: Hiroyouki Kamezawa <kamezawa.hiroyu@jp.fujitsu.com>
> CC: Eric W. Biederman <ebiederm@xmission.com>
Reviewed-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujtsu.com>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply
* Re: [PATCH v4 3/8] foundations of per-cgroup memory pressure controlling.
From: KAMEZAWA Hiroyuki @ 2011-10-04 0:57 UTC (permalink / raw)
To: Glauber Costa
Cc: linux-kernel, paul, lizf, ebiederm, davem, gthelen, netdev,
linux-mm, kirill, avagin
In-Reply-To: <1317637123-18306-4-git-send-email-glommer@parallels.com>
On Mon, 3 Oct 2011 14:18:38 +0400
Glauber Costa <glommer@parallels.com> wrote:
> This patch converts struct sock fields memory_pressure,
> memory_allocated, sockets_allocated, and sysctl_mem (now prot_mem)
> to function pointers, receiving a struct mem_cgroup parameter.
>
> enter_memory_pressure is kept the same, since all its callers
> have socket a context, and the kmem_cgroup can be derived from
> the socket itself.
>
> To keep things working, the patch convert all users of those fields
> to use acessor functions.
>
> In my benchmarks I didn't see a significant performance difference
> with this patch applied compared to a baseline (around 1 % diff, thus
> inside error margin).
>
> Signed-off-by: Glauber Costa <glommer@parallels.com>
> CC: David S. Miller <davem@davemloft.net>
> CC: Hiroyouki Kamezawa <kamezawa.hiroyu@jp.fujitsu.com>
> CC: Eric W. Biederman <ebiederm@xmission.com>
A nitpick.
> #ifdef CONFIG_INET
> struct sock;
> +struct proto;
> #ifdef CONFIG_CGROUP_MEM_RES_CTLR_KMEM
> void sock_update_memcg(struct sock *sk);
> void sock_release_memcg(struct sock *sk);
> -
> +void memcg_sock_mem_alloc(struct mem_cgroup *mem, struct proto *prot,
> + int amt, int *parent_failure);
> +void memcg_sock_mem_free(struct mem_cgroup *mem, struct proto *prot, int amt);
> +void memcg_sockets_allocated_dec(struct mem_cgroup *mem, struct proto *prot);
> +void memcg_sockets_allocated_inc(struct mem_cgroup *mem, struct proto *prot);
> #else
> +/* memcontrol includes sockets.h, that includes memcontrol.h ... */
> +static inline void memcg_sock_mem_alloc(struct mem_cgroup *mem,
> + struct proto *prot, int amt,
> + int *parent_failure)
> +{
> +}
In these days, at naming memory cgroup pointers, we use "memcg" instead of
"mem". So, could you use "memcg" for represeinting memory cgroup ?
> +
> +void memcg_sock_mem_alloc(struct mem_cgroup *mem, struct proto *prot,
> + int amt, int *parent_failure)
> +{
> + mem = parent_mem_cgroup(mem);
> + for (; mem != NULL; mem = parent_mem_cgroup(mem)) {
> + long alloc;
> + long *prot_mem = prot->prot_mem(mem);
> + /*
> + * Large nestings are not the common case, and stopping in the
> + * middle would be complicated enough, that we bill it all the
> + * way through the root, and if needed, unbill everything later
> + */
> + alloc = atomic_long_add_return(amt,
> + prot->memory_allocated(mem));
> + *parent_failure |= (alloc > prot_mem[2]);
> + }
> +}
> +EXPORT_SYMBOL(memcg_sock_mem_alloc);
Hmm. why not using res_counter ? for reusing 'unbill' code ?
Thanks,
-Kame
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply
* Re: [PATCH v4 4/8] per-cgroup tcp buffers control
From: KAMEZAWA Hiroyuki @ 2011-10-04 1:16 UTC (permalink / raw)
To: Glauber Costa
Cc: linux-kernel, paul, lizf, ebiederm, davem, gthelen, netdev,
linux-mm, kirill, avagin
In-Reply-To: <1317637123-18306-5-git-send-email-glommer@parallels.com>
On Mon, 3 Oct 2011 14:18:39 +0400
Glauber Costa <glommer@parallels.com> wrote:
> With all the infrastructure in place, this patch implements
> per-cgroup control for tcp memory pressure handling.
>
> Signed-off-by: Glauber Costa <glommer@parallels.com>
> CC: David S. Miller <davem@davemloft.net>
> CC: Hiroyouki Kamezawa <kamezawa.hiroyu@jp.fujitsu.com>
> CC: Eric W. Biederman <ebiederm@xmission.com>
Reviewed-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujtisu.com>
One question.
> +void tcp_enter_memory_pressure(struct sock *sk)
> +{
> + struct mem_cgroup *memcg = sk->sk_cgrp;
> + if (!memcg->tcp.tcp_memory_pressure) {
> + NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMEMORYPRESSURES);
> + memcg->tcp.tcp_memory_pressure = 1;
> + }
> +}
It seems memcg->tcp.tcp_memory_pressure has no locks and not atomic.
no problematic race ?
Thanks,
-Kame
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply
* Re: [PATCH v4 5/8] per-netns ipv4 sysctl_tcp_mem
From: KAMEZAWA Hiroyuki @ 2011-10-04 1:18 UTC (permalink / raw)
To: Glauber Costa
Cc: linux-kernel, paul, lizf, ebiederm, davem, gthelen, netdev,
linux-mm, kirill, avagin
In-Reply-To: <1317637123-18306-6-git-send-email-glommer@parallels.com>
On Mon, 3 Oct 2011 14:18:40 +0400
Glauber Costa <glommer@parallels.com> wrote:
> This patch allows each namespace to independently set up
> its levels for tcp memory pressure thresholds. This patch
> alone does not buy much: we need to make this values
> per group of process somehow. This is achieved in the
> patches that follows in this patchset.
>
> Signed-off-by: Glauber Costa <glommer@parallels.com>
> CC: David S. Miller <davem@davemloft.net>
> CC: Hiroyouki Kamezawa <kamezawa.hiroyu@jp.fujitsu.com>
> CC: Eric W. Biederman <ebiederm@xmission.com>
Reviewed-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
^ permalink raw reply
* Re: [PATCH v4 6/8] tcp buffer limitation: per-cgroup limit
From: KAMEZAWA Hiroyuki @ 2011-10-04 1:21 UTC (permalink / raw)
To: Glauber Costa
Cc: linux-kernel, paul, lizf, ebiederm, davem, gthelen, netdev,
linux-mm, kirill, avagin
In-Reply-To: <1317637123-18306-7-git-send-email-glommer@parallels.com>
On Mon, 3 Oct 2011 14:18:41 +0400
Glauber Costa <glommer@parallels.com> wrote:
> This patch uses the "tcp_max_mem" field of the kmem_cgroup to
> effectively control the amount of kernel memory pinned by a cgroup.
>
> We have to make sure that none of the memory pressure thresholds
> specified in the namespace are bigger than the current cgroup.
>
> Signed-off-by: Glauber Costa <glommer@parallels.com>
> CC: David S. Miller <davem@davemloft.net>
> CC: Hiroyouki Kamezawa <kamezawa.hiroyu@jp.fujitsu.com>
> CC: Eric W. Biederman <ebiederm@xmission.com>
> ---
> Documentation/cgroups/memory.txt | 1 +
> include/linux/memcontrol.h | 10 +++++
> include/net/tcp.h | 1 +
> mm/memcontrol.c | 76 +++++++++++++++++++++++++++++++++++---
> net/ipv4/sysctl_net_ipv4.c | 20 ++++++++++
> 5 files changed, 102 insertions(+), 6 deletions(-)
>
> diff --git a/Documentation/cgroups/memory.txt b/Documentation/cgroups/memory.txt
> index 6f1954a..1ffde3e 100644
> --- a/Documentation/cgroups/memory.txt
> +++ b/Documentation/cgroups/memory.txt
> @@ -78,6 +78,7 @@ Brief summary of control files.
>
> memory.independent_kmem_limit # select whether or not kernel memory limits are
> independent of user limits
> + memory.kmem.tcp.max_memory # set/show hard limit for tcp buf memory
>
What is the releationship between tcp.max_memory and kmem_limit ?
tcp.max_memory < kmem_limit ?
usage of tcp memory is included in kmem usage ?
Thanks,
-Kame
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply
* [PATCH 2/2] bridge: allow forwarding some link local frames
From: Stephen Hemminger @ 2011-10-04 4:14 UTC (permalink / raw)
To: David S. Miller; +Cc: netdev
In-Reply-To: <20111004041444.793960297@vyatta.com>
[-- Attachment #1: bridge-multicast-filter.patch --]
[-- Type: text/plain, Size: 5475 bytes --]
This is based on an earlier patch by Nick Carter with comments
by David Lamparter but with some refinements. Thanks for their patience
this is a confusing area with overlap of standards, user requirements,
and compatibility with earlier releases.
It adds a new sysfs attribute
/sys/class/net/brX/bridge/group_fwd_mask
that controls forwarding of frames with address of: 01-80-C2-00-00-0X
The default setting has no forwarding to retain compatibility.
One change from earlier releases is that forwarding of group
addresses is not dependent on STP being enabled or disabled. This
choice was made based on interpretation of tie 802.1 standards.
I expect complaints will arise because of this, but better to follow
the standard than continue acting incorrectly by default.
The filtering mask is writeable, but only values that don't forward
known control frames are allowed. It intentionally blocks attempts
to filter control protocols. For example: writing a 8 allows
forwarding 802.1X PAE addresses which is the most common request.
Reported-by: David Lamparter <equinox@diac24.net>
Original-patch-by: Nick Carter <ncarter100@gmail.com>
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
---
net/bridge/br_device.c | 2 ++
net/bridge/br_input.c | 12 ++++++------
net/bridge/br_private.h | 11 +++++++++++
net/bridge/br_sysfs_br.c | 34 ++++++++++++++++++++++++++++++++++
4 files changed, 53 insertions(+), 6 deletions(-)
--- a/net/bridge/br_device.c 2011-10-03 11:08:42.648254251 -0700
+++ b/net/bridge/br_device.c 2011-10-03 11:08:43.932271613 -0700
@@ -358,6 +358,8 @@ void br_dev_setup(struct net_device *dev
memcpy(br->group_addr, br_group_address, ETH_ALEN);
br->stp_enabled = BR_NO_STP;
+ br->group_fwd_mask = BR_GROUPFWD_DEFAULT;
+
br->designated_root = br->bridge_id;
br->bridge_max_age = br->max_age = 20 * HZ;
br->bridge_hello_time = br->hello_time = 2 * HZ;
--- a/net/bridge/br_input.c 2011-10-03 11:08:32.944122866 -0700
+++ b/net/bridge/br_input.c 2011-10-03 11:18:31.063811030 -0700
@@ -162,14 +162,37 @@ rx_handler_result_t br_handle_frame(stru
p = br_port_get_rcu(skb->dev);
if (unlikely(is_link_local(dest))) {
- /* Pause frames shouldn't be passed up by driver anyway */
- if (skb->protocol == htons(ETH_P_PAUSE))
+ /*
+ * See IEEE 802.1D Table 7-10 Reserved addresses
+ *
+ * Assignment Value
+ * Bridge Group Address 01-80-C2-00-00-00
+ * (MAC Control) 802.3 01-80-C2-00-00-01
+ * (Link Aggregation) 802.3 01-80-C2-00-00-02
+ * 802.1X PAE address 01-80-C2-00-00-03
+ *
+ * 802.1AB LLDP 01-80-C2-00-00-0E
+ *
+ * Others reserved for future standardization
+ */
+ switch (dest[5]) {
+ case 0x00: /* Bridge Group Address */
+ /* If STP is turned off,
+ then must forward to keep loop detection */
+ if (p->br->stp_enabled == BR_NO_STP)
+ goto forward;
+ break;
+
+ case 0x01: /* IEEE MAC (Pause) */
goto drop;
- /* If STP is turned off, then forward */
- if (p->br->stp_enabled == BR_NO_STP && dest[5] == 0)
- goto forward;
+ default:
+ /* Allow selective forwarding for most other protocols */
+ if (p->br->group_fwd_mask & (1u << dest[5]))
+ goto forward;
+ }
+ /* Deliver packet to local host only */
if (NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, skb, skb->dev,
NULL, br_handle_local_finish)) {
return RX_HANDLER_CONSUMED; /* consumed by filter */
--- a/net/bridge/br_private.h 2011-10-03 11:08:32.888122106 -0700
+++ b/net/bridge/br_private.h 2011-10-03 11:18:22.967713859 -0700
@@ -29,6 +29,11 @@
#define BR_VERSION "2.3"
+/* Control of forwarding link local multicast */
+#define BR_GROUPFWD_DEFAULT 0
+/* Don't allow forwarding control protocols like STP and LLDP */
+#define BR_GROUPFWD_RESTRICTED 0x4007u
+
/* Path to usermode spanning tree program */
#define BR_STP_PROG "/sbin/bridge-stp"
@@ -193,6 +198,8 @@ struct net_bridge
unsigned long flags;
#define BR_SET_MAC_ADDR 0x00000001
+ u16 group_fwd_mask;
+
/* STP */
bridge_id designated_root;
bridge_id bridge_id;
--- a/net/bridge/br_sysfs_br.c 2011-10-03 11:08:32.920122541 -0700
+++ b/net/bridge/br_sysfs_br.c 2011-10-03 11:08:43.932271613 -0700
@@ -149,6 +149,39 @@ static ssize_t store_stp_state(struct de
static DEVICE_ATTR(stp_state, S_IRUGO | S_IWUSR, show_stp_state,
store_stp_state);
+static ssize_t show_group_fwd_mask(struct device *d,
+ struct device_attribute *attr, char *buf)
+{
+ struct net_bridge *br = to_bridge(d);
+ return sprintf(buf, "%#x\n", br->group_fwd_mask);
+}
+
+
+static ssize_t store_group_fwd_mask(struct device *d,
+ struct device_attribute *attr, const char *buf,
+ size_t len)
+{
+ struct net_bridge *br = to_bridge(d);
+ char *endp;
+ unsigned long val;
+
+ if (!capable(CAP_NET_ADMIN))
+ return -EPERM;
+
+ val = simple_strtoul(buf, &endp, 0);
+ if (endp == buf)
+ return -EINVAL;
+
+ if (val & BR_GROUPFWD_RESTRICTED)
+ return -EINVAL;
+
+ br->group_fwd_mask = val;
+
+ return len;
+}
+static DEVICE_ATTR(group_fwd_mask, S_IRUGO | S_IWUSR, show_group_fwd_mask,
+ store_group_fwd_mask);
+
static ssize_t show_priority(struct device *d, struct device_attribute *attr,
char *buf)
{
@@ -652,6 +685,7 @@ static struct attribute *bridge_attrs[]
&dev_attr_max_age.attr,
&dev_attr_ageing_time.attr,
&dev_attr_stp_state.attr,
+ &dev_attr_group_fwd_mask.attr,
&dev_attr_priority.attr,
&dev_attr_bridge_id.attr,
&dev_attr_root_id.attr,
^ permalink raw reply
* [PATCH 1/2] bridge: leave carrier on for empty bridge
From: Stephen Hemminger @ 2011-10-04 4:14 UTC (permalink / raw)
To: David S. Miller; +Cc: netdev
In-Reply-To: <20111004041444.793960297@vyatta.com>
[-- Attachment #1: br-carrier-default.patch --]
[-- Type: text/plain, Size: 1058 bytes --]
This resolves a regression seen by some users of bridging.
Some users use the bridge like a dummy device.
They expect to be able to put an IPv6 address on the device
with no ports attached. Although there are better ways of doing
this, there is no reason to not allow it.
Note: the bridge still will reflect the state of ports in the
bridge if there are any added.
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
---
This fix needs to go to stable as well since it has
been reported as a regression.
--- a/net/bridge/br_device.c 2011-09-01 08:52:27.596631192 -0700
+++ b/net/bridge/br_device.c 2011-09-01 09:01:03.256611801 -0700
@@ -91,7 +91,6 @@ static int br_dev_open(struct net_device
{
struct net_bridge *br = netdev_priv(dev);
- netif_carrier_off(dev);
netdev_update_features(dev);
netif_start_queue(dev);
br_stp_enable_bridge(br);
@@ -108,8 +107,6 @@ static int br_dev_stop(struct net_device
{
struct net_bridge *br = netdev_priv(dev);
- netif_carrier_off(dev);
-
br_stp_disable_bridge(br);
br_multicast_stop(br);
^ permalink raw reply
* Re: [PATCH] SELinux: Fix RCU deref check warning in sel_netport_insert()
From: Eric Dumazet @ 2011-10-04 4:22 UTC (permalink / raw)
To: Paul Moore; +Cc: David Howells, selinux, netdev
In-Reply-To: <2230709.7n5noARWFd@sifl>
Le lundi 03 octobre 2011 à 17:30 -0400, Paul Moore a écrit :
> On Monday, October 03, 2011 02:58:24 PM David Howells wrote:
> > Fix the following bug in sel_netport_insert() where rcu_dereference() should
> > be rcu_dereference_protected() as sel_netport_lock is held.
> >
> > ===================================================
> > [ INFO: suspicious rcu_dereference_check() usage. ]
> > ---------------------------------------------------
> > security/selinux/netport.c:127 invoked rcu_dereference_check() without
> > protection!
> >
> > other info that might help us debug this:
> >
> >
> > rcu_scheduler_active = 1, debug_locks = 0
> > 1 lock held by ossec-rootcheck/3323:
> > #0: (sel_netport_lock){+.....}, at: [<ffffffff8117d775>]
> > sel_netport_sid+0xbb/0x226
> >
> > stack backtrace:
> > Pid: 3323, comm: ossec-rootcheck Not tainted 3.1.0-rc8-fsdevel+ #1095
> > Call Trace:
> > [<ffffffff8105cfb7>] lockdep_rcu_dereference+0xa7/0xb0
> > [<ffffffff8117d871>] sel_netport_sid+0x1b7/0x226
> > [<ffffffff8117d6ba>] ? sel_netport_avc_callback+0xbc/0xbc
> > [<ffffffff8117556c>] selinux_socket_bind+0x115/0x230
> > [<ffffffff810a5388>] ? might_fault+0x4e/0x9e
> > [<ffffffff810a53d1>] ? might_fault+0x97/0x9e
> > [<ffffffff81171cf4>] security_socket_bind+0x11/0x13
> > [<ffffffff812ba967>] sys_bind+0x56/0x95
> > [<ffffffff81380dac>] ? sysret_check+0x27/0x62
> > [<ffffffff8105b767>] ? trace_hardirqs_on_caller+0x11e/0x155
> > [<ffffffff81076fcd>] ? audit_syscall_entry+0x17b/0x1ae
> > [<ffffffff811b5eae>] ? trace_hardirqs_on_thunk+0x3a/0x3f
> > [<ffffffff81380d7b>] system_call_fastpath+0x16/0x1b
> >
> > Signed-off-by: David Howells <dhowells@redhat.com>
> > ---
> >
> > security/selinux/netport.c | 4 +++-
> > 1 files changed, 3 insertions(+), 1 deletions(-)
>
> We should probably do the same for the security/selinux/netif.c as it uses the
> same logic; David is this something you want to tackle?
>
> Acked-by: Paul Moore <paul@paul-moore.com>
>
> > diff --git a/security/selinux/netport.c b/security/selinux/netport.c
> > index 0b62bd1..39e2138 100644
> > --- a/security/selinux/netport.c
> > +++ b/security/selinux/netport.c
> > @@ -123,7 +123,9 @@ static void sel_netport_insert(struct sel_netport *port)
> > if (sel_netport_hash[idx].size == SEL_NETPORT_HASH_BKT_LIMIT) {
> > struct sel_netport *tail;
> > tail = list_entry(
> > - rcu_dereference(sel_netport_hash[idx].list.prev),
> > + rcu_dereference_protected(
> > + sel_netport_hash[idx].list.prev,
> > + spin_is_locked(&sel_netport_lock)),
Usual way is to use :
rcu_dereference_protected(
sel_netport_hash[idx].list.prev,
lockdep_is_held(&sel_netport_lock)),
^ permalink raw reply
* Re: [PATCH v4 4/8] per-cgroup tcp buffers control
From: Glauber Costa @ 2011-10-04 5:43 UTC (permalink / raw)
To: KAMEZAWA Hiroyuki
Cc: linux-kernel, paul, lizf, ebiederm, davem, gthelen, netdev,
linux-mm, kirill, avagin
In-Reply-To: <20111004101633.6b44201d.kamezawa.hiroyu@jp.fujitsu.com>
On 10/04/2011 05:16 AM, KAMEZAWA Hiroyuki wrote:
> It seems memcg->tcp.tcp_memory_pressure has no locks and not atomic.
>
> no problematic race ?
>
> Thanks,
> -Kame
Well,
prior to this patch, it was a global variable. And nobody complained so
far...
My impression is that the only thing that really needs to be atomic is
the memory accounting, which is already. If we miss a memory pressure
condition entry, we'll get to it next time.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply
* [PATCH net-next] ipv6: remove a rcu_read_lock in ndisc_constructor
From: rongqing.li @ 2011-10-04 5:43 UTC (permalink / raw)
To: netdev
From: Roy.Li <rongqing.li@windriver.com>
in6_dev_get(dev) takes a reference on struct inet6_dev, we dont need
rcu locking in ndisc_constructor()
Signed-off-by: Roy.Li <rongqing.li@windriver.com>
---
net/ipv6/ndisc.c | 3 ---
1 files changed, 0 insertions(+), 3 deletions(-)
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index 9da6e02..dd633ff 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -370,17 +370,14 @@ static int ndisc_constructor(struct neighbour *neigh)
struct neigh_parms *parms;
int is_multicast = ipv6_addr_is_multicast(addr);
- rcu_read_lock();
in6_dev = in6_dev_get(dev);
if (in6_dev == NULL) {
- rcu_read_unlock();
return -EINVAL;
}
parms = in6_dev->nd_parms;
__neigh_parms_put(neigh->parms);
neigh->parms = neigh_parms_clone(parms);
- rcu_read_unlock();
neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
if (!dev->header_ops) {
--
1.7.1
^ permalink raw reply related
* Re: [PATCH] mlx4_en: fix transmit of packages when blue frame is enabled
From: Benjamin Herrenschmidt @ 2011-10-04 6:02 UTC (permalink / raw)
To: Thadeu Lima de Souza Cascardo
Cc: Yevgeny Petrilin, netdev@vger.kernel.org, Eli Cohen,
eli@dev.mellanox.co.il, linuxppc-dev
In-Reply-To: <20111003205358.GB3596@oc1711230544.ibm.com>
On Mon, 2011-10-03 at 17:53 -0300, Thadeu Lima de Souza Cascardo wrote:
.../...
> > Can you also send me the output of ethtool -i?
> > It seems that there is a problem with write combining on Power processors, we will check this issue.
> >
> > Yevgeny
>
> Hello, Yevgeny.
>
> You will find the output of ethtool -i below.
>
> I am copying Ben and powerpc list, in case this is an issue with Power
> processors. They can provide us some more insight into this.
May I get some background please ? :-)
I'm not aware of a specific issue with write combining but I'd need to
know more about what you are doing and the code to do it to comment on
whether it should work or not.
Cheers,
Ben.
^ permalink raw reply
* linux-next: manual merge of the staging tree with the net and wireless trees
From: Stephen Rothwell @ 2011-10-04 6:14 UTC (permalink / raw)
To: Greg KH
Cc: linux-next, linux-kernel, Eliad Peller, John W. Linville,
David Miller, netdev
[-- Attachment #1: Type: text/plain, Size: 608 bytes --]
Hi Greg,
Today's linux-next merge of the staging tree got a conflict in
drivers/staging/brcm80211/brcmsmac/mac80211_if.c between commit
37a41b4affa3 ("mac80211: add ieee80211_vif param to tsf functions") from
the net tree, commit 8a3a3c85e44d ("mac80211: pass vif param to conf_tx()
callback") from the wireless tree and several commits from the staging
tree.
I fixed it up (just removed the forward declarions that were changed by
the former commits) and can carry the fix as necessary.
--
Cheers,
Stephen Rothwell sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/
[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply
* Re: [PATCH v4 6/8] tcp buffer limitation: per-cgroup limit
From: Glauber Costa @ 2011-10-04 6:22 UTC (permalink / raw)
To: KAMEZAWA Hiroyuki
Cc: linux-kernel, paul, lizf, ebiederm, davem, gthelen, netdev,
linux-mm, kirill, avagin
In-Reply-To: <20111004102114.08b06ae8.kamezawa.hiroyu@jp.fujitsu.com>
On 10/04/2011 05:21 AM, KAMEZAWA Hiroyuki wrote:
> On Mon, 3 Oct 2011 14:18:41 +0400
> Glauber Costa<glommer@parallels.com> wrote:
>
>> This patch uses the "tcp_max_mem" field of the kmem_cgroup to
>> effectively control the amount of kernel memory pinned by a cgroup.
>>
>> We have to make sure that none of the memory pressure thresholds
>> specified in the namespace are bigger than the current cgroup.
>>
>> Signed-off-by: Glauber Costa<glommer@parallels.com>
>> CC: David S. Miller<davem@davemloft.net>
>> CC: Hiroyouki Kamezawa<kamezawa.hiroyu@jp.fujitsu.com>
>> CC: Eric W. Biederman<ebiederm@xmission.com>
>> ---
>> Documentation/cgroups/memory.txt | 1 +
>> include/linux/memcontrol.h | 10 +++++
>> include/net/tcp.h | 1 +
>> mm/memcontrol.c | 76 +++++++++++++++++++++++++++++++++++---
>> net/ipv4/sysctl_net_ipv4.c | 20 ++++++++++
>> 5 files changed, 102 insertions(+), 6 deletions(-)
>>
>> diff --git a/Documentation/cgroups/memory.txt b/Documentation/cgroups/memory.txt
>> index 6f1954a..1ffde3e 100644
>> --- a/Documentation/cgroups/memory.txt
>> +++ b/Documentation/cgroups/memory.txt
>> @@ -78,6 +78,7 @@ Brief summary of control files.
>>
>> memory.independent_kmem_limit # select whether or not kernel memory limits are
>> independent of user limits
>> + memory.kmem.tcp.max_memory # set/show hard limit for tcp buf memory
>>
>
> What is the releationship between tcp.max_memory and kmem_limit ?
Quite loose.
> tcp.max_memory< kmem_limit ?
> usage of tcp memory is included in kmem usage ?
tcp.max_memory is < kmem_limit, for it to be meaningful. But I don't
think we need to force that. I may want to start with a high value for
tcp_max_memory and low on kmem_limit, and raise it later.
So here is how it goes:
Memory is allocated from the slab, and then it's usage is independently
controlled by the network-specific memory pressure conditions until it
is reclaimed.
Memory allocation can succeed, but then fail to be assigned to the
socket due to memory pressure.
Since we more or less agree that on accounting the slab according to
Greg's idea, I am not concerning myself with the actual accounting here,
since it will come for free when we account the slab.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply
* Re: [PATCH v4 3/8] foundations of per-cgroup memory pressure controlling.
From: Glauber Costa @ 2011-10-04 6:32 UTC (permalink / raw)
To: KAMEZAWA Hiroyuki
Cc: linux-kernel, paul, lizf, ebiederm, davem, gthelen, netdev,
linux-mm, kirill, avagin
In-Reply-To: <20111004095715.479da44d.kamezawa.hiroyu@jp.fujitsu.com>
On 10/04/2011 04:57 AM, KAMEZAWA Hiroyuki wrote:
> On Mon, 3 Oct 2011 14:18:38 +0400
> Glauber Costa<glommer@parallels.com> wrote:
>
>> This patch converts struct sock fields memory_pressure,
>> memory_allocated, sockets_allocated, and sysctl_mem (now prot_mem)
>> to function pointers, receiving a struct mem_cgroup parameter.
>>
>> enter_memory_pressure is kept the same, since all its callers
>> have socket a context, and the kmem_cgroup can be derived from
>> the socket itself.
>>
>> To keep things working, the patch convert all users of those fields
>> to use acessor functions.
>>
>> In my benchmarks I didn't see a significant performance difference
>> with this patch applied compared to a baseline (around 1 % diff, thus
>> inside error margin).
>>
>> Signed-off-by: Glauber Costa<glommer@parallels.com>
>> CC: David S. Miller<davem@davemloft.net>
>> CC: Hiroyouki Kamezawa<kamezawa.hiroyu@jp.fujitsu.com>
>> CC: Eric W. Biederman<ebiederm@xmission.com>
>
> A nitpick.
>
>
>> #ifdef CONFIG_INET
>> struct sock;
>> +struct proto;
>> #ifdef CONFIG_CGROUP_MEM_RES_CTLR_KMEM
>> void sock_update_memcg(struct sock *sk);
>> void sock_release_memcg(struct sock *sk);
>> -
>> +void memcg_sock_mem_alloc(struct mem_cgroup *mem, struct proto *prot,
>> + int amt, int *parent_failure);
>> +void memcg_sock_mem_free(struct mem_cgroup *mem, struct proto *prot, int amt);
>> +void memcg_sockets_allocated_dec(struct mem_cgroup *mem, struct proto *prot);
>> +void memcg_sockets_allocated_inc(struct mem_cgroup *mem, struct proto *prot);
>> #else
>> +/* memcontrol includes sockets.h, that includes memcontrol.h ... */
>> +static inline void memcg_sock_mem_alloc(struct mem_cgroup *mem,
>> + struct proto *prot, int amt,
>> + int *parent_failure)
>> +{
>> +}
>
> In these days, at naming memory cgroup pointers, we use "memcg" instead of
> "mem". So, could you use "memcg" for represeinting memory cgroup ?
>
>
>> +
>> +void memcg_sock_mem_alloc(struct mem_cgroup *mem, struct proto *prot,
>> + int amt, int *parent_failure)
>> +{
>> + mem = parent_mem_cgroup(mem);
>> + for (; mem != NULL; mem = parent_mem_cgroup(mem)) {
>> + long alloc;
>> + long *prot_mem = prot->prot_mem(mem);
>> + /*
>> + * Large nestings are not the common case, and stopping in the
>> + * middle would be complicated enough, that we bill it all the
>> + * way through the root, and if needed, unbill everything later
>> + */
>> + alloc = atomic_long_add_return(amt,
>> + prot->memory_allocated(mem));
>> + *parent_failure |= (alloc> prot_mem[2]);
>> + }
>> +}
>> +EXPORT_SYMBOL(memcg_sock_mem_alloc);
>
> Hmm. why not using res_counter ? for reusing 'unbill' code ?
>
Well,
res_counters are slightly more expensive than needed here, since we need
to clear interrupts and hold a spinlock. No particular reason besides it.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply
* [PATCH 2/2] IPVS netns shutdown/startup dead-lock (Take III)
From: Hans Schillstrom @ 2011-10-04 6:53 UTC (permalink / raw)
To: horms, ja, wensong, lvs-devel, netdev, netfilter-devel; +Cc: hans
From: Hans Schillstrom <hans@schillstrom.com>
ip_vs_mutext is used by both netns shutdown code and startup
and both implicit uses sk_lock-AF_INET mutex.
cleanup CPU-1 startup CPU-2
ip_vs_dst_event() ip_vs_genl_set_cmd()
sk_lock-AF_INET __ip_vs_mutex
sk_lock-AF_INET
__ip_vs_mutex
* DEAD LOCK *
A new mutex placed in ip_vs netns struct called sync_mutex is added.
Comments from Julian and Simon added.
This patch has been running for more than 3 month now and it seems to work.
Ver. 3
IP_VS_SO_GET_DAEMON in do_ip_vs_get_ctl protected by sync_mutex
instead of __ip_vs_mutex as sugested by Julian.
Signed-off-by: Hans Schillstrom <hans@schillstrom.com>
---
include/net/ip_vs.h | 1 +
net/netfilter/ipvs/ip_vs_ctl.c | 131 ++++++++++++++++++++++++---------------
net/netfilter/ipvs/ip_vs_sync.c | 6 ++
3 files changed, 87 insertions(+), 51 deletions(-)
diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index 1aaf915..8fa4430 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -900,6 +900,7 @@ struct netns_ipvs {
volatile int sync_state;
volatile int master_syncid;
volatile int backup_syncid;
+ struct mutex sync_mutex;
/* multicast interface name */
char master_mcast_ifn[IP_VS_IFNAME_MAXLEN];
char backup_mcast_ifn[IP_VS_IFNAME_MAXLEN];
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index a1af72f..c77b5a0 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -2284,6 +2284,7 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
struct ip_vs_service *svc;
struct ip_vs_dest_user *udest_compat;
struct ip_vs_dest_user_kern udest;
+ struct netns_ipvs *ipvs = net_ipvs(net);
if (!capable(CAP_NET_ADMIN))
return -EPERM;
@@ -2304,6 +2305,24 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
/* increase the module use count */
ip_vs_use_count_inc();
+ /* Handle daemons since they have another lock */
+ if (cmd == IP_VS_SO_SET_STARTDAEMON ||
+ cmd == IP_VS_SO_SET_STOPDAEMON) {
+ struct ip_vs_daemon_user *dm = (struct ip_vs_daemon_user *)arg;
+
+ if (mutex_lock_interruptible(&ipvs->sync_mutex)) {
+ ret = -ERESTARTSYS;
+ goto out_dec;
+ }
+ if (cmd == IP_VS_SO_SET_STARTDAEMON)
+ ret = start_sync_thread(net, dm->state, dm->mcast_ifn,
+ dm->syncid);
+ else
+ ret = stop_sync_thread(net, dm->state);
+ mutex_unlock(&ipvs->sync_mutex);
+ goto out_dec;
+ }
+
if (mutex_lock_interruptible(&__ip_vs_mutex)) {
ret = -ERESTARTSYS;
goto out_dec;
@@ -2317,15 +2336,6 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
/* Set timeout values for (tcp tcpfin udp) */
ret = ip_vs_set_timeout(net, (struct ip_vs_timeout_user *)arg);
goto out_unlock;
- } else if (cmd == IP_VS_SO_SET_STARTDAEMON) {
- struct ip_vs_daemon_user *dm = (struct ip_vs_daemon_user *)arg;
- ret = start_sync_thread(net, dm->state, dm->mcast_ifn,
- dm->syncid);
- goto out_unlock;
- } else if (cmd == IP_VS_SO_SET_STOPDAEMON) {
- struct ip_vs_daemon_user *dm = (struct ip_vs_daemon_user *)arg;
- ret = stop_sync_thread(net, dm->state);
- goto out_unlock;
}
usvc_compat = (struct ip_vs_service_user *)arg;
@@ -2585,6 +2595,33 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
if (copy_from_user(arg, user, copylen) != 0)
return -EFAULT;
+ /*
+ * Handle daemons first since it has its own locking
+ */
+ if (cmd == IP_VS_SO_GET_DAEMON) {
+ struct ip_vs_daemon_user d[2];
+
+ memset(&d, 0, sizeof(d));
+ if (mutex_lock_interruptible(&ipvs->sync_mutex))
+ return -ERESTARTSYS;
+
+ if (ipvs->sync_state & IP_VS_STATE_MASTER) {
+ d[0].state = IP_VS_STATE_MASTER;
+ strlcpy(d[0].mcast_ifn, ipvs->master_mcast_ifn,
+ sizeof(d[0].mcast_ifn));
+ d[0].syncid = ipvs->master_syncid;
+ }
+ if (ipvs->sync_state & IP_VS_STATE_BACKUP) {
+ d[1].state = IP_VS_STATE_BACKUP;
+ strlcpy(d[1].mcast_ifn, ipvs->backup_mcast_ifn,
+ sizeof(d[1].mcast_ifn));
+ d[1].syncid = ipvs->backup_syncid;
+ }
+ if (copy_to_user(user, &d, sizeof(d)) != 0)
+ ret = -EFAULT;
+ mutex_unlock(&ipvs->sync_mutex);
+ return ret;
+ }
if (mutex_lock_interruptible(&__ip_vs_mutex))
return -ERESTARTSYS;
@@ -2682,28 +2719,6 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
}
break;
- case IP_VS_SO_GET_DAEMON:
- {
- struct ip_vs_daemon_user d[2];
-
- memset(&d, 0, sizeof(d));
- if (ipvs->sync_state & IP_VS_STATE_MASTER) {
- d[0].state = IP_VS_STATE_MASTER;
- strlcpy(d[0].mcast_ifn, ipvs->master_mcast_ifn,
- sizeof(d[0].mcast_ifn));
- d[0].syncid = ipvs->master_syncid;
- }
- if (ipvs->sync_state & IP_VS_STATE_BACKUP) {
- d[1].state = IP_VS_STATE_BACKUP;
- strlcpy(d[1].mcast_ifn, ipvs->backup_mcast_ifn,
- sizeof(d[1].mcast_ifn));
- d[1].syncid = ipvs->backup_syncid;
- }
- if (copy_to_user(user, &d, sizeof(d)) != 0)
- ret = -EFAULT;
- }
- break;
-
default:
ret = -EINVAL;
}
@@ -3206,7 +3221,7 @@ static int ip_vs_genl_dump_daemons(struct sk_buff *skb,
struct net *net = skb_sknet(skb);
struct netns_ipvs *ipvs = net_ipvs(net);
- mutex_lock(&__ip_vs_mutex);
+ mutex_lock(&ipvs->sync_mutex);
if ((ipvs->sync_state & IP_VS_STATE_MASTER) && !cb->args[0]) {
if (ip_vs_genl_dump_daemon(skb, IP_VS_STATE_MASTER,
ipvs->master_mcast_ifn,
@@ -3226,7 +3241,7 @@ static int ip_vs_genl_dump_daemons(struct sk_buff *skb,
}
nla_put_failure:
- mutex_unlock(&__ip_vs_mutex);
+ mutex_unlock(&ipvs->sync_mutex);
return skb->len;
}
@@ -3272,13 +3287,9 @@ static int ip_vs_genl_set_config(struct net *net, struct nlattr **attrs)
return ip_vs_set_timeout(net, &t);
}
-static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct genl_info *info)
+static int ip_vs_genl_set_daemon(struct sk_buff *skb, struct genl_info *info)
{
- struct ip_vs_service *svc = NULL;
- struct ip_vs_service_user_kern usvc;
- struct ip_vs_dest_user_kern udest;
int ret = 0, cmd;
- int need_full_svc = 0, need_full_dest = 0;
struct net *net;
struct netns_ipvs *ipvs;
@@ -3286,19 +3297,10 @@ static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct genl_info *info)
ipvs = net_ipvs(net);
cmd = info->genlhdr->cmd;
- mutex_lock(&__ip_vs_mutex);
-
- if (cmd == IPVS_CMD_FLUSH) {
- ret = ip_vs_flush(net);
- goto out;
- } else if (cmd == IPVS_CMD_SET_CONFIG) {
- ret = ip_vs_genl_set_config(net, info->attrs);
- goto out;
- } else if (cmd == IPVS_CMD_NEW_DAEMON ||
- cmd == IPVS_CMD_DEL_DAEMON) {
-
+ if (cmd == IPVS_CMD_NEW_DAEMON || cmd == IPVS_CMD_DEL_DAEMON) {
struct nlattr *daemon_attrs[IPVS_DAEMON_ATTR_MAX + 1];
+ mutex_lock(&ipvs->sync_mutex);
if (!info->attrs[IPVS_CMD_ATTR_DAEMON] ||
nla_parse_nested(daemon_attrs, IPVS_DAEMON_ATTR_MAX,
info->attrs[IPVS_CMD_ATTR_DAEMON],
@@ -3311,6 +3313,33 @@ static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct genl_info *info)
ret = ip_vs_genl_new_daemon(net, daemon_attrs);
else
ret = ip_vs_genl_del_daemon(net, daemon_attrs);
+out:
+ mutex_unlock(&ipvs->sync_mutex);
+ }
+ return ret;
+}
+
+static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct genl_info *info)
+{
+ struct ip_vs_service *svc = NULL;
+ struct ip_vs_service_user_kern usvc;
+ struct ip_vs_dest_user_kern udest;
+ int ret = 0, cmd;
+ int need_full_svc = 0, need_full_dest = 0;
+ struct net *net;
+ struct netns_ipvs *ipvs;
+
+ net = skb_sknet(skb);
+ ipvs = net_ipvs(net);
+ cmd = info->genlhdr->cmd;
+
+ mutex_lock(&__ip_vs_mutex);
+
+ if (cmd == IPVS_CMD_FLUSH) {
+ ret = ip_vs_flush(net);
+ goto out;
+ } else if (cmd == IPVS_CMD_SET_CONFIG) {
+ ret = ip_vs_genl_set_config(net, info->attrs);
goto out;
} else if (cmd == IPVS_CMD_ZERO &&
!info->attrs[IPVS_CMD_ATTR_SERVICE]) {
@@ -3537,13 +3566,13 @@ static struct genl_ops ip_vs_genl_ops[] __read_mostly = {
.cmd = IPVS_CMD_NEW_DAEMON,
.flags = GENL_ADMIN_PERM,
.policy = ip_vs_cmd_policy,
- .doit = ip_vs_genl_set_cmd,
+ .doit = ip_vs_genl_set_daemon,
},
{
.cmd = IPVS_CMD_DEL_DAEMON,
.flags = GENL_ADMIN_PERM,
.policy = ip_vs_cmd_policy,
- .doit = ip_vs_genl_set_cmd,
+ .doit = ip_vs_genl_set_daemon,
},
{
.cmd = IPVS_CMD_GET_DAEMON,
diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c
index 7ee7215..3cdd479 100644
--- a/net/netfilter/ipvs/ip_vs_sync.c
+++ b/net/netfilter/ipvs/ip_vs_sync.c
@@ -61,6 +61,7 @@
#define SYNC_PROTO_VER 1 /* Protocol version in header */
+static struct lock_class_key __ipvs_sync_key;
/*
* IPVS sync connection entry
* Version 0, i.e. original version.
@@ -1545,6 +1546,7 @@ int start_sync_thread(struct net *net, int state, char *mcast_ifn, __u8 syncid)
IP_VS_DBG(7, "Each ip_vs_sync_conn entry needs %Zd bytes\n",
sizeof(struct ip_vs_sync_conn_v0));
+
if (state == IP_VS_STATE_MASTER) {
if (ipvs->master_thread)
return -EEXIST;
@@ -1667,6 +1669,7 @@ int __net_init ip_vs_sync_net_init(struct net *net)
{
struct netns_ipvs *ipvs = net_ipvs(net);
+ __mutex_init(&ipvs->sync_mutex, "ipvs->sync_mutex", &__ipvs_sync_key);
INIT_LIST_HEAD(&ipvs->sync_queue);
spin_lock_init(&ipvs->sync_lock);
spin_lock_init(&ipvs->sync_buff_lock);
@@ -1680,7 +1683,9 @@ int __net_init ip_vs_sync_net_init(struct net *net)
void ip_vs_sync_net_cleanup(struct net *net)
{
int retc;
+ struct netns_ipvs *ipvs = net_ipvs(net);
+ mutex_lock(&ipvs->sync_mutex);
retc = stop_sync_thread(net, IP_VS_STATE_MASTER);
if (retc && retc != -ESRCH)
pr_err("Failed to stop Master Daemon\n");
@@ -1688,4 +1693,5 @@ void ip_vs_sync_net_cleanup(struct net *net)
retc = stop_sync_thread(net, IP_VS_STATE_BACKUP);
if (retc && retc != -ESRCH)
pr_err("Failed to stop Backup Daemon\n");
+ mutex_unlock(&ipvs->sync_mutex);
}
--
1.7.4.4
^ permalink raw reply related
* Re: [PATCH v4 3/8] foundations of per-cgroup memory pressure controlling.
From: Glauber Costa @ 2011-10-04 7:13 UTC (permalink / raw)
To: KAMEZAWA Hiroyuki
Cc: linux-kernel, paul, lizf, ebiederm, davem, gthelen, netdev,
linux-mm, kirill, avagin
In-Reply-To: <20111004095715.479da44d.kamezawa.hiroyu@jp.fujitsu.com>
On 10/04/2011 04:57 AM, KAMEZAWA Hiroyuki wrote:
> On Mon, 3 Oct 2011 14:18:38 +0400
> Glauber Costa<glommer@parallels.com> wrote:
>
>> This patch converts struct sock fields memory_pressure,
>> memory_allocated, sockets_allocated, and sysctl_mem (now prot_mem)
>> to function pointers, receiving a struct mem_cgroup parameter.
>>
>> enter_memory_pressure is kept the same, since all its callers
>> have socket a context, and the kmem_cgroup can be derived from
>> the socket itself.
>>
>> To keep things working, the patch convert all users of those fields
>> to use acessor functions.
>>
>> In my benchmarks I didn't see a significant performance difference
>> with this patch applied compared to a baseline (around 1 % diff, thus
>> inside error margin).
>>
>> Signed-off-by: Glauber Costa<glommer@parallels.com>
>> CC: David S. Miller<davem@davemloft.net>
>> CC: Hiroyouki Kamezawa<kamezawa.hiroyu@jp.fujitsu.com>
>> CC: Eric W. Biederman<ebiederm@xmission.com>
>
> A nitpick.
>
>
>> #ifdef CONFIG_INET
>> struct sock;
>> +struct proto;
>> #ifdef CONFIG_CGROUP_MEM_RES_CTLR_KMEM
>> void sock_update_memcg(struct sock *sk);
>> void sock_release_memcg(struct sock *sk);
>> -
>> +void memcg_sock_mem_alloc(struct mem_cgroup *mem, struct proto *prot,
>> + int amt, int *parent_failure);
>> +void memcg_sock_mem_free(struct mem_cgroup *mem, struct proto *prot, int amt);
>> +void memcg_sockets_allocated_dec(struct mem_cgroup *mem, struct proto *prot);
>> +void memcg_sockets_allocated_inc(struct mem_cgroup *mem, struct proto *prot);
>> #else
>> +/* memcontrol includes sockets.h, that includes memcontrol.h ... */
>> +static inline void memcg_sock_mem_alloc(struct mem_cgroup *mem,
>> + struct proto *prot, int amt,
>> + int *parent_failure)
>> +{
>> +}
>
> In these days, at naming memory cgroup pointers, we use "memcg" instead of
> "mem". So, could you use "memcg" for represeinting memory cgroup ?
>
>
>> +
>> +void memcg_sock_mem_alloc(struct mem_cgroup *mem, struct proto *prot,
>> + int amt, int *parent_failure)
>> +{
>> + mem = parent_mem_cgroup(mem);
>> + for (; mem != NULL; mem = parent_mem_cgroup(mem)) {
>> + long alloc;
>> + long *prot_mem = prot->prot_mem(mem);
>> + /*
>> + * Large nestings are not the common case, and stopping in the
>> + * middle would be complicated enough, that we bill it all the
>> + * way through the root, and if needed, unbill everything later
>> + */
>> + alloc = atomic_long_add_return(amt,
>> + prot->memory_allocated(mem));
>> + *parent_failure |= (alloc> prot_mem[2]);
>> + }
>> +}
>> +EXPORT_SYMBOL(memcg_sock_mem_alloc);
>
> Hmm. why not using res_counter ? for reusing 'unbill' code ?
>
> Thanks,
> -Kame
>
Well, besides the cost, we'd have atomic_t for !cgroups, and res_counter
for cgroups. I think there is value in keeping them the same.
^ permalink raw reply
* Re: [PATCH 2/2] IPVS netns shutdown/startup dead-lock (Take III)
From: Julian Anastasov @ 2011-10-04 7:40 UTC (permalink / raw)
To: Hans Schillstrom; +Cc: horms, wensong, lvs-devel, netdev, netfilter-devel, hans
In-Reply-To: <1317711216-8416-1-git-send-email-hans.schillstrom@ericsson.com>
Hello,
On Tue, 4 Oct 2011, Hans Schillstrom wrote:
> From: Hans Schillstrom <hans@schillstrom.com>
>
> ip_vs_mutext is used by both netns shutdown code and startup
> and both implicit uses sk_lock-AF_INET mutex.
>
> cleanup CPU-1 startup CPU-2
> ip_vs_dst_event() ip_vs_genl_set_cmd()
> sk_lock-AF_INET __ip_vs_mutex
> sk_lock-AF_INET
> __ip_vs_mutex
> * DEAD LOCK *
>
> A new mutex placed in ip_vs netns struct called sync_mutex is added.
>
> Comments from Julian and Simon added.
> This patch has been running for more than 3 month now and it seems to work.
>
> Ver. 3
> IP_VS_SO_GET_DAEMON in do_ip_vs_get_ctl protected by sync_mutex
> instead of __ip_vs_mutex as sugested by Julian.
>
> Signed-off-by: Hans Schillstrom <hans@schillstrom.com>
Looks good to me, with one extra empty line in
start_sync_thread
Acked-by: Julian Anastasov <ja@ssi.bg>
> ---
> include/net/ip_vs.h | 1 +
> net/netfilter/ipvs/ip_vs_ctl.c | 131 ++++++++++++++++++++++++---------------
> net/netfilter/ipvs/ip_vs_sync.c | 6 ++
> 3 files changed, 87 insertions(+), 51 deletions(-)
>
> diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
> index 1aaf915..8fa4430 100644
> --- a/include/net/ip_vs.h
> +++ b/include/net/ip_vs.h
> @@ -900,6 +900,7 @@ struct netns_ipvs {
> volatile int sync_state;
> volatile int master_syncid;
> volatile int backup_syncid;
> + struct mutex sync_mutex;
> /* multicast interface name */
> char master_mcast_ifn[IP_VS_IFNAME_MAXLEN];
> char backup_mcast_ifn[IP_VS_IFNAME_MAXLEN];
> diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
> index a1af72f..c77b5a0 100644
> --- a/net/netfilter/ipvs/ip_vs_ctl.c
> +++ b/net/netfilter/ipvs/ip_vs_ctl.c
> @@ -2284,6 +2284,7 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
> struct ip_vs_service *svc;
> struct ip_vs_dest_user *udest_compat;
> struct ip_vs_dest_user_kern udest;
> + struct netns_ipvs *ipvs = net_ipvs(net);
>
> if (!capable(CAP_NET_ADMIN))
> return -EPERM;
> @@ -2304,6 +2305,24 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
> /* increase the module use count */
> ip_vs_use_count_inc();
>
> + /* Handle daemons since they have another lock */
> + if (cmd == IP_VS_SO_SET_STARTDAEMON ||
> + cmd == IP_VS_SO_SET_STOPDAEMON) {
> + struct ip_vs_daemon_user *dm = (struct ip_vs_daemon_user *)arg;
> +
> + if (mutex_lock_interruptible(&ipvs->sync_mutex)) {
> + ret = -ERESTARTSYS;
> + goto out_dec;
> + }
> + if (cmd == IP_VS_SO_SET_STARTDAEMON)
> + ret = start_sync_thread(net, dm->state, dm->mcast_ifn,
> + dm->syncid);
> + else
> + ret = stop_sync_thread(net, dm->state);
> + mutex_unlock(&ipvs->sync_mutex);
> + goto out_dec;
> + }
> +
> if (mutex_lock_interruptible(&__ip_vs_mutex)) {
> ret = -ERESTARTSYS;
> goto out_dec;
> @@ -2317,15 +2336,6 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
> /* Set timeout values for (tcp tcpfin udp) */
> ret = ip_vs_set_timeout(net, (struct ip_vs_timeout_user *)arg);
> goto out_unlock;
> - } else if (cmd == IP_VS_SO_SET_STARTDAEMON) {
> - struct ip_vs_daemon_user *dm = (struct ip_vs_daemon_user *)arg;
> - ret = start_sync_thread(net, dm->state, dm->mcast_ifn,
> - dm->syncid);
> - goto out_unlock;
> - } else if (cmd == IP_VS_SO_SET_STOPDAEMON) {
> - struct ip_vs_daemon_user *dm = (struct ip_vs_daemon_user *)arg;
> - ret = stop_sync_thread(net, dm->state);
> - goto out_unlock;
> }
>
> usvc_compat = (struct ip_vs_service_user *)arg;
> @@ -2585,6 +2595,33 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
>
> if (copy_from_user(arg, user, copylen) != 0)
> return -EFAULT;
> + /*
> + * Handle daemons first since it has its own locking
> + */
> + if (cmd == IP_VS_SO_GET_DAEMON) {
> + struct ip_vs_daemon_user d[2];
> +
> + memset(&d, 0, sizeof(d));
> + if (mutex_lock_interruptible(&ipvs->sync_mutex))
> + return -ERESTARTSYS;
> +
> + if (ipvs->sync_state & IP_VS_STATE_MASTER) {
> + d[0].state = IP_VS_STATE_MASTER;
> + strlcpy(d[0].mcast_ifn, ipvs->master_mcast_ifn,
> + sizeof(d[0].mcast_ifn));
> + d[0].syncid = ipvs->master_syncid;
> + }
> + if (ipvs->sync_state & IP_VS_STATE_BACKUP) {
> + d[1].state = IP_VS_STATE_BACKUP;
> + strlcpy(d[1].mcast_ifn, ipvs->backup_mcast_ifn,
> + sizeof(d[1].mcast_ifn));
> + d[1].syncid = ipvs->backup_syncid;
> + }
> + if (copy_to_user(user, &d, sizeof(d)) != 0)
> + ret = -EFAULT;
> + mutex_unlock(&ipvs->sync_mutex);
> + return ret;
> + }
>
> if (mutex_lock_interruptible(&__ip_vs_mutex))
> return -ERESTARTSYS;
> @@ -2682,28 +2719,6 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
> }
> break;
>
> - case IP_VS_SO_GET_DAEMON:
> - {
> - struct ip_vs_daemon_user d[2];
> -
> - memset(&d, 0, sizeof(d));
> - if (ipvs->sync_state & IP_VS_STATE_MASTER) {
> - d[0].state = IP_VS_STATE_MASTER;
> - strlcpy(d[0].mcast_ifn, ipvs->master_mcast_ifn,
> - sizeof(d[0].mcast_ifn));
> - d[0].syncid = ipvs->master_syncid;
> - }
> - if (ipvs->sync_state & IP_VS_STATE_BACKUP) {
> - d[1].state = IP_VS_STATE_BACKUP;
> - strlcpy(d[1].mcast_ifn, ipvs->backup_mcast_ifn,
> - sizeof(d[1].mcast_ifn));
> - d[1].syncid = ipvs->backup_syncid;
> - }
> - if (copy_to_user(user, &d, sizeof(d)) != 0)
> - ret = -EFAULT;
> - }
> - break;
> -
> default:
> ret = -EINVAL;
> }
> @@ -3206,7 +3221,7 @@ static int ip_vs_genl_dump_daemons(struct sk_buff *skb,
> struct net *net = skb_sknet(skb);
> struct netns_ipvs *ipvs = net_ipvs(net);
>
> - mutex_lock(&__ip_vs_mutex);
> + mutex_lock(&ipvs->sync_mutex);
> if ((ipvs->sync_state & IP_VS_STATE_MASTER) && !cb->args[0]) {
> if (ip_vs_genl_dump_daemon(skb, IP_VS_STATE_MASTER,
> ipvs->master_mcast_ifn,
> @@ -3226,7 +3241,7 @@ static int ip_vs_genl_dump_daemons(struct sk_buff *skb,
> }
>
> nla_put_failure:
> - mutex_unlock(&__ip_vs_mutex);
> + mutex_unlock(&ipvs->sync_mutex);
>
> return skb->len;
> }
> @@ -3272,13 +3287,9 @@ static int ip_vs_genl_set_config(struct net *net, struct nlattr **attrs)
> return ip_vs_set_timeout(net, &t);
> }
>
> -static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct genl_info *info)
> +static int ip_vs_genl_set_daemon(struct sk_buff *skb, struct genl_info *info)
> {
> - struct ip_vs_service *svc = NULL;
> - struct ip_vs_service_user_kern usvc;
> - struct ip_vs_dest_user_kern udest;
> int ret = 0, cmd;
> - int need_full_svc = 0, need_full_dest = 0;
> struct net *net;
> struct netns_ipvs *ipvs;
>
> @@ -3286,19 +3297,10 @@ static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct genl_info *info)
> ipvs = net_ipvs(net);
> cmd = info->genlhdr->cmd;
>
> - mutex_lock(&__ip_vs_mutex);
> -
> - if (cmd == IPVS_CMD_FLUSH) {
> - ret = ip_vs_flush(net);
> - goto out;
> - } else if (cmd == IPVS_CMD_SET_CONFIG) {
> - ret = ip_vs_genl_set_config(net, info->attrs);
> - goto out;
> - } else if (cmd == IPVS_CMD_NEW_DAEMON ||
> - cmd == IPVS_CMD_DEL_DAEMON) {
> -
> + if (cmd == IPVS_CMD_NEW_DAEMON || cmd == IPVS_CMD_DEL_DAEMON) {
> struct nlattr *daemon_attrs[IPVS_DAEMON_ATTR_MAX + 1];
>
> + mutex_lock(&ipvs->sync_mutex);
> if (!info->attrs[IPVS_CMD_ATTR_DAEMON] ||
> nla_parse_nested(daemon_attrs, IPVS_DAEMON_ATTR_MAX,
> info->attrs[IPVS_CMD_ATTR_DAEMON],
> @@ -3311,6 +3313,33 @@ static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct genl_info *info)
> ret = ip_vs_genl_new_daemon(net, daemon_attrs);
> else
> ret = ip_vs_genl_del_daemon(net, daemon_attrs);
> +out:
> + mutex_unlock(&ipvs->sync_mutex);
> + }
> + return ret;
> +}
> +
> +static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct genl_info *info)
> +{
> + struct ip_vs_service *svc = NULL;
> + struct ip_vs_service_user_kern usvc;
> + struct ip_vs_dest_user_kern udest;
> + int ret = 0, cmd;
> + int need_full_svc = 0, need_full_dest = 0;
> + struct net *net;
> + struct netns_ipvs *ipvs;
> +
> + net = skb_sknet(skb);
> + ipvs = net_ipvs(net);
> + cmd = info->genlhdr->cmd;
> +
> + mutex_lock(&__ip_vs_mutex);
> +
> + if (cmd == IPVS_CMD_FLUSH) {
> + ret = ip_vs_flush(net);
> + goto out;
> + } else if (cmd == IPVS_CMD_SET_CONFIG) {
> + ret = ip_vs_genl_set_config(net, info->attrs);
> goto out;
> } else if (cmd == IPVS_CMD_ZERO &&
> !info->attrs[IPVS_CMD_ATTR_SERVICE]) {
> @@ -3537,13 +3566,13 @@ static struct genl_ops ip_vs_genl_ops[] __read_mostly = {
> .cmd = IPVS_CMD_NEW_DAEMON,
> .flags = GENL_ADMIN_PERM,
> .policy = ip_vs_cmd_policy,
> - .doit = ip_vs_genl_set_cmd,
> + .doit = ip_vs_genl_set_daemon,
> },
> {
> .cmd = IPVS_CMD_DEL_DAEMON,
> .flags = GENL_ADMIN_PERM,
> .policy = ip_vs_cmd_policy,
> - .doit = ip_vs_genl_set_cmd,
> + .doit = ip_vs_genl_set_daemon,
> },
> {
> .cmd = IPVS_CMD_GET_DAEMON,
> diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c
> index 7ee7215..3cdd479 100644
> --- a/net/netfilter/ipvs/ip_vs_sync.c
> +++ b/net/netfilter/ipvs/ip_vs_sync.c
> @@ -61,6 +61,7 @@
>
> #define SYNC_PROTO_VER 1 /* Protocol version in header */
>
> +static struct lock_class_key __ipvs_sync_key;
> /*
> * IPVS sync connection entry
> * Version 0, i.e. original version.
> @@ -1545,6 +1546,7 @@ int start_sync_thread(struct net *net, int state, char *mcast_ifn, __u8 syncid)
> IP_VS_DBG(7, "Each ip_vs_sync_conn entry needs %Zd bytes\n",
> sizeof(struct ip_vs_sync_conn_v0));
>
> +
> if (state == IP_VS_STATE_MASTER) {
> if (ipvs->master_thread)
> return -EEXIST;
> @@ -1667,6 +1669,7 @@ int __net_init ip_vs_sync_net_init(struct net *net)
> {
> struct netns_ipvs *ipvs = net_ipvs(net);
>
> + __mutex_init(&ipvs->sync_mutex, "ipvs->sync_mutex", &__ipvs_sync_key);
> INIT_LIST_HEAD(&ipvs->sync_queue);
> spin_lock_init(&ipvs->sync_lock);
> spin_lock_init(&ipvs->sync_buff_lock);
> @@ -1680,7 +1683,9 @@ int __net_init ip_vs_sync_net_init(struct net *net)
> void ip_vs_sync_net_cleanup(struct net *net)
> {
> int retc;
> + struct netns_ipvs *ipvs = net_ipvs(net);
>
> + mutex_lock(&ipvs->sync_mutex);
> retc = stop_sync_thread(net, IP_VS_STATE_MASTER);
> if (retc && retc != -ESRCH)
> pr_err("Failed to stop Master Daemon\n");
> @@ -1688,4 +1693,5 @@ void ip_vs_sync_net_cleanup(struct net *net)
> retc = stop_sync_thread(net, IP_VS_STATE_BACKUP);
> if (retc && retc != -ESRCH)
> pr_err("Failed to stop Backup Daemon\n");
> + mutex_unlock(&ipvs->sync_mutex);
> }
> --
> 1.7.4.4
Regards
--
Julian Anastasov <ja@ssi.bg>
^ permalink raw reply
* Re: linux-next: build failure after merge of the akpm tree
From: Stephen Rothwell @ 2011-10-04 7:44 UTC (permalink / raw)
To: Andrew Morton
Cc: Andrew Morton, linux-next, linux-kernel, Stephen Boyd,
Ingo Molnar, H. Peter Anvin, David Miller, netdev
In-Reply-To: <20110929230226.5fed4095.akpm00@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 694 bytes --]
Hi Andrew,
On Thu, 29 Sep 2011 23:02:26 -0700 Andrew Morton <akpm00@gmail.com> wrote:
>
> > Caused by commit 15e19cbbbf2a ("x86: implement strict user copy checks
> > for x86_64") when built with gcc 4.6.0. This does not fail when built
> > with 4.5.2.
>
> That patch is a PITA. I've been waiting for some saviour to come along
> and fix all the warnings it emits before proceeding with it. As I am
> apparently saviourless I shall hide that patch from the mm->linux-next
> drop, so only I get to suffer its effects.
OK, I have dropped that commit from linux-next.
--
Cheers,
Stephen Rothwell sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/
[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply
* Re: [PATCH v4 7/8] Display current tcp memory allocation in kmem cgroup
From: Glauber Costa @ 2011-10-04 9:10 UTC (permalink / raw)
To: Kirill A. Shutemov
Cc: linux-kernel, paul, lizf, kamezawa.hiroyu, ebiederm, davem,
gthelen, netdev, linux-mm, avagin
In-Reply-To: <20111003123620.GA30018@shutemov.name>
On 10/03/2011 04:36 PM, Kirill A. Shutemov wrote:
> On Mon, Oct 03, 2011 at 04:26:41PM +0400, Glauber Costa wrote:
>> On 10/03/2011 04:25 PM, Kirill A. Shutemov wrote:
>>> On Mon, Oct 03, 2011 at 04:19:18PM +0400, Glauber Costa wrote:
>>>> On 10/03/2011 04:14 PM, Kirill A. Shutemov wrote:
>>>>> On Mon, Oct 03, 2011 at 02:18:42PM +0400, Glauber Costa wrote:
>>>>>> This patch introduces kmem.tcp_current_memory file, living in the
>>>>>> kmem_cgroup filesystem. It is a simple read-only file that displays the
>>>>>> amount of kernel memory currently consumed by the cgroup.
>>>>>>
>>>>>> Signed-off-by: Glauber Costa<glommer@parallels.com>
>>>>>> CC: David S. Miller<davem@davemloft.net>
>>>>>> CC: Hiroyouki Kamezawa<kamezawa.hiroyu@jp.fujitsu.com>
>>>>>> CC: Eric W. Biederman<ebiederm@xmission.com>
>>>>>> ---
>>>>>> Documentation/cgroups/memory.txt | 1 +
>>>>>> mm/memcontrol.c | 11 +++++++++++
>>>>>> 2 files changed, 12 insertions(+), 0 deletions(-)
>>>>>>
>>>>>> diff --git a/Documentation/cgroups/memory.txt b/Documentation/cgroups/memory.txt
>>>>>> index 1ffde3e..f5a539d 100644
>>>>>> --- a/Documentation/cgroups/memory.txt
>>>>>> +++ b/Documentation/cgroups/memory.txt
>>>>>> @@ -79,6 +79,7 @@ Brief summary of control files.
>>>>>> memory.independent_kmem_limit # select whether or not kernel memory limits are
>>>>>> independent of user limits
>>>>>> memory.kmem.tcp.max_memory # set/show hard limit for tcp buf memory
>>>>>> + memory.kmem.tcp.current_memory # show current tcp buf memory allocation
>>>>>
>>>>> Both are in pages, right?
>>>>> Shouldn't it be scaled to bytes and named uniform with other memcg file?
>>>>> memory.kmem.tcp.limit_in_bytes/usage_in_bytes.
>>>>>
>>>> You are absolutely correct.
>>>> Since the internal tcp comparison works, I just ended up never noticing
>>>> this.
>>>
>>> Should we have failcnt and max_usage_in_bytes for tcp as well?
>>>
>>
>> Well, we get a fail count from the tracer anyway, so I don't really see
>> a need for that. I see value in having it for the slab allocation
>> itself, but since this only controls the memory pressure framework, I
>> think we can live without it.
>>
>> That said, this is not a strong opinion. I can add it if you'd prefer.
>
> It's good for userspace to have the same set of files for all domains:
> - memory;
> - memory.memsw;
> - memory.kmem;
> - memory.kmem.tcp;
> - etc.
> Userspace can reuse code for handling them in this case.
>
Ok. Back on this.
Not all domains have all files anyway.
max_usage seems to be a property of the main memcg, not of its domains.
failcnt is present on memsw, and on that only. The problem here, is that
this can fail ( and usually will ) in codepaths outside the memory
controller. (see net/core/sock.c:__sk_mem_schedule)
Also, max_usage makes sense for kernel memory as a whole, but I don't
think it makes sense here as we're only controlling a specific pressure
condition.
So in a nutshell: I'd like to leave this alone, and add
kmem.max_usage_in_bytes and kmem.failcnt to the to soon-to-land-here
slab accounting patches. (Where the actual allocation happens)
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply
* Go through this:
From: AHMMAD YOUNIS @ 2011-10-04 11:16 UTC (permalink / raw)
Go through this:
http://en.wikipedia.org/wiki/Abdul_Fatah_Younis
Pls help me
safegaurd this $42M USD currently loged in a security company in Europe by my
late father Abdul Fatah Younis, who was arrested and killed by rebel force
(NFSL). I will give you more detail upon ur acceptance.
Ahmmad Younis
Libya
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox