iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a8a572a6b5
linux/net/ipv6
History
Dan Streetman a8a572a6b5 xfrm: dst_entries_init() per-net dst_ops 
Remove the dst_entries_init/destroy calls for xfrm4 and xfrm6 dst_ops
templates; their dst_entries counters will never be used.  Move the
xfrm dst_ops initialization from the common xfrm/xfrm_policy.c to
xfrm4/xfrm4_policy.c and xfrm6/xfrm6_policy.c, and call dst_entries_init
and dst_entries_destroy for each net namespace.

The ipv4 and ipv6 xfrms each create dst_ops template, and perform
dst_entries_init on the templates.  The template values are copied to each
net namespace's xfrm.xfrm*_dst_ops.  The problem there is the dst_ops
pcpuc_entries field is a percpu counter and cannot be used correctly by
simply copying it to another object.

The result of this is a very subtle bug; changes to the dst entries
counter from one net namespace may sometimes get applied to a different
net namespace dst entries counter.  This is because of how the percpu
counter works; it has a main count field as well as a pointer to the
percpu variables.  Each net namespace maintains its own main count
variable, but all point to one set of percpu variables.  When any net
namespace happens to change one of the percpu variables to outside its
small batch range, its count is moved to the net namespace's main count
variable.  So with multiple net namespaces operating concurrently, the
dst_ops entries counter can stray from the actual value that it should
be; if counts are consistently moved from one net namespace to another
(which my testing showed is likely), then one net namespace winds up
with a negative dst_ops count while another winds up with a continually
increasing count, eventually reaching its gc_thresh limit, which causes
all new traffic on the net namespace to fail with -ENOBUFS.

Signed-off-by: Dan Streetman <dan.streetman@canonical.com>
Signed-off-by: Dan Streetman <ddstreet@ieee.org>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2015-11-03 08:42:57 +01:00
..
netfilter ipv6: Export nf_ct_frag6_consume_orig() 2015-10-27 19:32:17 -07:00
addrconf_core.c ipv6: change ipv6_stub_impl.ipv6_dst_lookup to take net argument 2015-07-31 15:21:30 -07:00
addrconf.c ipv6: gre: setup default multicast routes over PtP links 2015-10-11 05:30:43 -07:00
addrlabel.c netlink: implement nla_put_in_addr and nla_put_in6_addr 2015-03-31 13:58:35 -04:00
af_inet6.c ipv6: Disable flowlabel state ranges by default 2015-07-31 17:07:11 -07:00
ah6.c ah6: fix error return code 2015-08-25 13:37:31 -07:00
anycast.c ipv6: coding style: comparison for equality with NULL 2015-03-31 13:51:54 -04:00
datagram.c net: Set sk_txhash from a random number 2015-07-29 22:44:04 -07:00
esp6.c esp6: Switch to new AEAD interface 2015-05-28 11:23:20 +08:00
exthdrs_core.c ipv6: coding style: comparison for equality with NULL 2015-03-31 13:51:54 -04:00
exthdrs_offload.c ipv6: fix exthdrs offload registration in out_rt path 2015-09-02 15:31:00 -07:00
exthdrs.c ipv6: use flag instead of u16 for hop in inet6_skb_parm 2015-07-09 15:06:59 -07:00
fib6_rules.c ipv6: fix the incorrect return value of throw route 2015-10-23 02:38:18 -07:00
icmp.c ipv6: change ipv6_stub_impl.ipv6_dst_lookup to take net argument 2015-07-31 15:21:30 -07:00
ila.c ila: Precompute checksum difference for translations 2015-08-24 10:34:40 -07:00
inet6_connection_sock.c net: convert syn_wait_lock to a spinlock 2015-03-23 16:52:26 -04:00
inet6_hashtables.c inet: inet_twsk_deschedule factorization 2015-07-09 15:12:20 -07:00
ip6_checksum.c
ip6_fib.c ipv6: fix the incorrect return value of throw route 2015-10-23 02:38:18 -07:00
ip6_flowlabel.c ipv6: Flow label state ranges 2015-05-03 21:58:01 -04:00
ip6_gre.c ip6_gre: Reduce log level in ip6gre_err() to debug 2015-09-24 15:28:43 -07:00
ip6_icmp.c
ip6_input.c ipv6: fix crash over flow-based vxlan device 2015-07-26 20:54:56 -07:00
ip6_offload.c Revert "sit: Add gro callbacks to sit_offload" 2015-07-20 16:52:28 -07:00
ip6_offload.h
ip6_output.c ipv6: protect mtu calculation of wrap-around and infinite loop by rounding issues 2015-10-29 07:01:50 -07:00
ip6_tunnel.c ip6_tunnel: Reduce log level in ip6_tnl_err() to debug 2015-09-24 16:08:37 -07:00
ip6_udp_tunnel.c vxlan: do not receive IPv4 packets on IPv6 socket 2015-08-29 13:07:54 -07:00
ip6_vti.c vti6: Add pmtu handling to vti6_xmit. 2015-06-01 16:03:43 -07:00
ip6mr.c net: ipv6: use common fib_default_rule_pref 2015-09-09 14:19:50 -07:00
ipcomp6.c
ipv6_sockglue.c ipv6: coding style: comparison for equality with NULL 2015-03-31 13:51:54 -04:00
Kconfig net: Identifier Locator Addressing module 2015-08-17 21:33:06 -07:00
Makefile net: Identifier Locator Addressing module 2015-08-17 21:33:06 -07:00
mcast_snoop.c net: fix wrong skb_get() usage / crash in IGMP/MLD parsing code 2015-08-13 17:08:39 -07:00
mcast.c netfilter: Pass socket pointer down through okfn(). 2015-04-07 15:25:55 -04:00
mip6.c
ndisc.c ipv6: send only one NEWLINK when RA causes changes 2015-08-31 21:20:29 -07:00
netfilter.c netfilter: bridge: forward IPv6 fragmented packets 2015-06-12 14:10:12 +02:00
output_core.c netfilter: don't pull include/linux/netfilter.h from netns headers 2015-06-18 21:14:31 +02:00
ping.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-03-09 23:38:02 -04:00
proc.c
protocol.c
raw.c ipv6: Nonlocal bind 2015-07-09 21:09:10 -07:00
reassembly.c inet: frags: remove INET_FRAG_EVICTED and use list_evictor for the test 2015-07-26 21:00:15 -07:00
route.c ipv6: fix crash on ICMPv6 redirects with prohibited/blackholed source 2015-11-02 16:30:15 -05:00
sit.c sit: fix sit0 percpu double allocations 2015-11-02 22:54:45 -05:00
syncookies.c tcp: get_cookie_sock() consolidation 2015-06-07 15:19:52 -07:00
sysctl_net_ipv6.c ipv6: Implement different admin modes for automatic flow labels 2015-07-31 17:07:11 -07:00
tcp_ipv6.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-08-13 16:23:11 -07:00
tcpv6_offload.c tcp: cleanup static functions 2015-02-28 16:56:51 -05:00
tunnel6.c
udp_impl.h net: Remove iocb argument from sendmsg and recvmsg 2015-03-02 13:06:31 -05:00
udp_offload.c ipv6: hash net ptr into fragmentation bucket selection 2015-03-25 14:07:04 -04:00
udp.c ipv6: trivial whitespace fix 2015-08-17 14:34:48 -07:00
udplite.c
xfrm6_input.c netfilter: Pass socket pointer down through okfn(). 2015-04-07 15:25:55 -04:00
xfrm6_mode_beet.c xfrm: simplify xfrm_address_t use 2015-03-31 13:58:35 -04:00
xfrm6_mode_ro.c
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c xfrm6: Fix IPv6 ECN decapsulation 2015-08-11 12:41:34 +02:00
xfrm6_output.c xfrm: Fix pmtu discovery for local generated packets. 2015-10-19 10:30:05 +02:00
xfrm6_policy.c xfrm: dst_entries_init() per-net dst_ops 2015-11-03 08:42:57 +01:00
xfrm6_protocol.c
xfrm6_state.c
xfrm6_tunnel.c