From 1ad001347fb1ca1f036144b42a6f1df6615e4104 Mon Sep 17 00:00:00 2001 From: Kuniyuki Iwashima Date: Wed, 31 Jul 2024 13:07:16 -0700 Subject: l2tp: Don't assign net->gen->ptr[] for pppol2tp_net_ops. Commit fd558d186df2 ("l2tp: Split pppol2tp patch into separate l2tp and ppp parts") converted net->gen->ptr[pppol2tp_net_id] in l2tp_ppp.c to net->gen->ptr[l2tp_net_id] in l2tp_core.c. Now the leftover wastes one entry of net->gen->ptr[] in each netns. Let's avoid the unwanted allocation. Signed-off-by: Kuniyuki Iwashima Reviewed-by: Simon Horman Reviewed-by: James Chapman Signed-off-by: David S. Miller --- net/l2tp/l2tp_ppp.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c index 90bf3a8ccab6..9b4273fd518a 100644 --- a/net/l2tp/l2tp_ppp.c +++ b/net/l2tp/l2tp_ppp.c @@ -1393,8 +1393,6 @@ end: * L2TPv2, we dump only L2TPv2 tunnels and sessions here. *****************************************************************************/ -static unsigned int pppol2tp_net_id; - #ifdef CONFIG_PROC_FS struct pppol2tp_seq_data { @@ -1628,7 +1626,6 @@ static __net_exit void pppol2tp_exit_net(struct net *net) static struct pernet_operations pppol2tp_net_ops = { .init = pppol2tp_init_net, .exit = pppol2tp_exit_net, - .id = &pppol2tp_net_id, }; /***************************************************************************** -- cgit From 768e4bb6a75e3c6a034df7c67edac20bd222857e Mon Sep 17 00:00:00 2001 From: Kuniyuki Iwashima Date: Wed, 31 Jul 2024 13:07:17 -0700 Subject: net: Don't register pernet_operations if only one of id or size is specified. We can allocate per-netns memory for struct pernet_operations by specifying id and size. register_pernet_operations() assigns an id to pernet_operations and later ops_init() allocates the specified size of memory as net->gen->ptr[id]. If id is missing, no memory is allocated. If size is not specified, pernet_operations just wastes an entry of net->gen->ptr[] for every netns. net_generic is available only when both id and size are specified, so let's ensure that. While we are at it, we add const to both fields. Signed-off-by: Kuniyuki Iwashima Signed-off-by: David S. Miller --- include/net/net_namespace.h | 4 ++-- net/core/net_namespace.c | 12 ++++++++---- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h index 20c34bd7a077..e67b483cc8bb 100644 --- a/include/net/net_namespace.h +++ b/include/net/net_namespace.h @@ -451,8 +451,8 @@ struct pernet_operations { /* Following method is called with RTNL held. */ void (*exit_batch_rtnl)(struct list_head *net_exit_list, struct list_head *dev_kill_list); - unsigned int *id; - size_t size; + unsigned int * const id; + const size_t size; }; /* diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c index 6a823ba906c6..1cd87df13f39 100644 --- a/net/core/net_namespace.c +++ b/net/core/net_namespace.c @@ -125,7 +125,7 @@ static int ops_init(const struct pernet_operations *ops, struct net *net) int err = -ENOMEM; void *data = NULL; - if (ops->id && ops->size) { + if (ops->id) { data = kzalloc(ops->size, GFP_KERNEL); if (!data) goto out; @@ -140,7 +140,7 @@ static int ops_init(const struct pernet_operations *ops, struct net *net) if (!err) return 0; - if (ops->id && ops->size) { + if (ops->id) { ng = rcu_dereference_protected(net->gen, lockdep_is_held(&pernet_ops_rwsem)); ng->ptr[*ops->id] = NULL; @@ -182,7 +182,8 @@ static void ops_free_list(const struct pernet_operations *ops, struct list_head *net_exit_list) { struct net *net; - if (ops->size && ops->id) { + + if (ops->id) { list_for_each_entry(net, net_exit_list, exit_list) kfree(net_generic(net, *ops->id)); } @@ -1244,7 +1245,7 @@ static int __register_pernet_operations(struct list_head *list, LIST_HEAD(net_exit_list); list_add_tail(&ops->list, list); - if (ops->init || (ops->id && ops->size)) { + if (ops->init || ops->id) { /* We held write locked pernet_ops_rwsem, and parallel * setup_net() and cleanup_net() are not possible. */ @@ -1310,6 +1311,9 @@ static int register_pernet_operations(struct list_head *list, { int error; + if (WARN_ON(!!ops->id ^ !!ops->size)) + return -EINVAL; + if (ops->id) { error = ida_alloc_min(&net_generic_ids, MIN_PERNET_OPS_ID, GFP_KERNEL); -- cgit From 2b5afc1d5d5a33060034f0f275bc0e9c243394bb Mon Sep 17 00:00:00 2001 From: Kuniyuki Iwashima Date: Wed, 31 Jul 2024 13:07:18 -0700 Subject: net: Initialise net->passive once in preinit_net(). When initialising the root netns, we set net->passive in setup_net(). However, we do it twice for non-root netns in copy_net_ns() and setup_net(). This is because we could bypass setup_net() in copy_net_ns() if down_read_killable() fails. preinit_net() is a better place to put such an operation. Let's initialise net->passive in preinit_net(). Signed-off-by: Kuniyuki Iwashima Signed-off-by: David S. Miller --- net/core/net_namespace.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c index 1cd87df13f39..6c9acb086852 100644 --- a/net/core/net_namespace.c +++ b/net/core/net_namespace.c @@ -312,6 +312,7 @@ EXPORT_SYMBOL_GPL(get_net_ns_by_id); /* init code that must occur even if setup_net() is not called. */ static __net_init void preinit_net(struct net *net) { + refcount_set(&net->passive, 1); ref_tracker_dir_init(&net->notrefcnt_tracker, 128, "net notrefcnt"); } @@ -329,7 +330,6 @@ static __net_init int setup_net(struct net *net, struct user_namespace *user_ns) refcount_set(&net->ns.count, 1); ref_tracker_dir_init(&net->refcnt_tracker, 128, "net refcnt"); - refcount_set(&net->passive, 1); get_random_bytes(&net->hash_mix, sizeof(u32)); preempt_disable(); net->net_cookie = gen_cookie_next(&net_cookie); @@ -498,7 +498,6 @@ struct net *copy_net_ns(unsigned long flags, } preinit_net(net); - refcount_set(&net->passive, 1); net->ucounts = ucounts; get_user_ns(user_ns); -- cgit From 930299491825575503ec411ff28473aaa6b8c9ca Mon Sep 17 00:00:00 2001 From: Kuniyuki Iwashima Date: Wed, 31 Jul 2024 13:07:19 -0700 Subject: net: Call preinit_net() without pernet_ops_rwsem. When initialising the root netns, we call preinit_net() under pernet_ops_rwsem. However, the operations in preinit_net() do not require pernet_ops_rwsem. Also, we don't hold it for preinit_net() when initialising non-root netns. To be consistent, let's call preinit_net() without pernet_ops_rwsem in net_ns_init(). Signed-off-by: Kuniyuki Iwashima Signed-off-by: David S. Miller --- net/core/net_namespace.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c index 6c9acb086852..b91c15b27fb2 100644 --- a/net/core/net_namespace.c +++ b/net/core/net_namespace.c @@ -1199,8 +1199,9 @@ void __init net_ns_init(void) #ifdef CONFIG_KEYS init_net.key_domain = &init_net_key_domain; #endif - down_write(&pernet_ops_rwsem); preinit_net(&init_net); + + down_write(&pernet_ops_rwsem); if (setup_net(&init_net, &init_user_ns)) panic("Could not setup the initial network namespace"); -- cgit From 05be8012594451fbeb7e6319107440eef27bd17b Mon Sep 17 00:00:00 2001 From: Kuniyuki Iwashima Date: Wed, 31 Jul 2024 13:07:20 -0700 Subject: net: Slim down setup_net(). Most initialisations in setup_net() do not require pernet_ops_rwsem and can be moved to preinit_net(). Signed-off-by: Kuniyuki Iwashima Signed-off-by: David S. Miller --- net/core/net_namespace.c | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c index b91c15b27fb2..eed5a28e8ee3 100644 --- a/net/core/net_namespace.c +++ b/net/core/net_namespace.c @@ -310,16 +310,26 @@ struct net *get_net_ns_by_id(const struct net *net, int id) EXPORT_SYMBOL_GPL(get_net_ns_by_id); /* init code that must occur even if setup_net() is not called. */ -static __net_init void preinit_net(struct net *net) +static __net_init void preinit_net(struct net *net, struct user_namespace *user_ns) { refcount_set(&net->passive, 1); + refcount_set(&net->ns.count, 1); + ref_tracker_dir_init(&net->refcnt_tracker, 128, "net refcnt"); ref_tracker_dir_init(&net->notrefcnt_tracker, 128, "net notrefcnt"); + + get_random_bytes(&net->hash_mix, sizeof(u32)); + net->dev_base_seq = 1; + net->user_ns = user_ns; + + idr_init(&net->netns_ids); + spin_lock_init(&net->nsid_lock); + mutex_init(&net->ipv4.ra_mutex); } /* * setup_net runs the initializers for the network namespace object. */ -static __net_init int setup_net(struct net *net, struct user_namespace *user_ns) +static __net_init int setup_net(struct net *net) { /* Must be called with pernet_ops_rwsem held */ const struct pernet_operations *ops, *saved_ops; @@ -327,18 +337,9 @@ static __net_init int setup_net(struct net *net, struct user_namespace *user_ns) LIST_HEAD(dev_kill_list); int error = 0; - refcount_set(&net->ns.count, 1); - ref_tracker_dir_init(&net->refcnt_tracker, 128, "net refcnt"); - - get_random_bytes(&net->hash_mix, sizeof(u32)); preempt_disable(); net->net_cookie = gen_cookie_next(&net_cookie); preempt_enable(); - net->dev_base_seq = 1; - net->user_ns = user_ns; - idr_init(&net->netns_ids); - spin_lock_init(&net->nsid_lock); - mutex_init(&net->ipv4.ra_mutex); list_for_each_entry(ops, &pernet_list, list) { error = ops_init(ops, net); @@ -497,7 +498,7 @@ struct net *copy_net_ns(unsigned long flags, goto dec_ucounts; } - preinit_net(net); + preinit_net(net, user_ns); net->ucounts = ucounts; get_user_ns(user_ns); @@ -505,7 +506,7 @@ struct net *copy_net_ns(unsigned long flags, if (rv < 0) goto put_userns; - rv = setup_net(net, user_ns); + rv = setup_net(net); up_read(&pernet_ops_rwsem); @@ -1199,10 +1200,10 @@ void __init net_ns_init(void) #ifdef CONFIG_KEYS init_net.key_domain = &init_net_key_domain; #endif - preinit_net(&init_net); + preinit_net(&init_net, &init_user_ns); down_write(&pernet_ops_rwsem); - if (setup_net(&init_net, &init_user_ns)) + if (setup_net(&init_net)) panic("Could not setup the initial network namespace"); init_net_initialized = true; -- cgit From 8eaf71f77c923f13e41a146703b93fa7988d101f Mon Sep 17 00:00:00 2001 From: Kuniyuki Iwashima Date: Wed, 31 Jul 2024 13:07:21 -0700 Subject: net: Initialise net.core sysctl defaults in preinit_net(). Commit 7c3f1875c66f ("net: move somaxconn init from sysctl code") introduced net_defaults_ops to make sure that net.core sysctl knobs are always initialised even if CONFIG_SYSCTL is disabled. Such operations better fit preinit_net() added for a similar purpose by commit 6e77a5a4af05 ("net: initialize net->notrefcnt_tracker earlier"). Let's initialise the sysctl defaults in preinit_net(). Signed-off-by: Kuniyuki Iwashima Signed-off-by: David S. Miller --- net/core/net_namespace.c | 37 +++++++++++-------------------------- 1 file changed, 11 insertions(+), 26 deletions(-) diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c index eed5a28e8ee3..11e4dd4f09ed 100644 --- a/net/core/net_namespace.c +++ b/net/core/net_namespace.c @@ -309,6 +309,16 @@ struct net *get_net_ns_by_id(const struct net *net, int id) } EXPORT_SYMBOL_GPL(get_net_ns_by_id); +static __net_init void preinit_net_sysctl(struct net *net) +{ + net->core.sysctl_somaxconn = SOMAXCONN; + /* Limits per socket sk_omem_alloc usage. + * TCP zerocopy regular usage needs 128 KB. + */ + net->core.sysctl_optmem_max = 128 * 1024; + net->core.sysctl_txrehash = SOCK_TXREHASH_ENABLED; +} + /* init code that must occur even if setup_net() is not called. */ static __net_init void preinit_net(struct net *net, struct user_namespace *user_ns) { @@ -324,6 +334,7 @@ static __net_init void preinit_net(struct net *net, struct user_namespace *user_ idr_init(&net->netns_ids); spin_lock_init(&net->nsid_lock); mutex_init(&net->ipv4.ra_mutex); + preinit_net_sysctl(net); } /* @@ -384,32 +395,6 @@ out_undo: goto out; } -static int __net_init net_defaults_init_net(struct net *net) -{ - net->core.sysctl_somaxconn = SOMAXCONN; - /* Limits per socket sk_omem_alloc usage. - * TCP zerocopy regular usage needs 128 KB. - */ - net->core.sysctl_optmem_max = 128 * 1024; - net->core.sysctl_txrehash = SOCK_TXREHASH_ENABLED; - - return 0; -} - -static struct pernet_operations net_defaults_ops = { - .init = net_defaults_init_net, -}; - -static __init int net_defaults_init(void) -{ - if (register_pernet_subsys(&net_defaults_ops)) - panic("Cannot initialize net default settings"); - - return 0; -} - -core_initcall(net_defaults_init); - #ifdef CONFIG_NET_NS static struct ucounts *inc_net_namespaces(struct user_namespace *ns) { -- cgit