| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAMDZJNVTt9NyWSqL17VGbo92cXL54mHkOaWeMb+gNXhbuf5G4Q@mail.gmail.com>
Date: Tue, 13 Mar 2018 21:06:09 +0800
From: Tonghao Zhang <xiangxia.m.yue@...il.com>
To: Paolo Abeni <pabeni@...hat.com>
Cc: David Miller <davem@...emloft.net>, rshearma@...cade.com,
Eric Dumazet <edumazet@...gle.com>,
Linux Kernel Network Developers <netdev@...r.kernel.org>
Subject: Re: [PATCH 1/2] udp: Move the udp sysctl to namespace.
On Tue, Mar 13, 2018 at 7:36 PM, Paolo Abeni <pabeni@...hat.com> wrote:
> Hi,
>
> On Tue, 2018-03-13 at 02:57 -0700, Tonghao Zhang wrote:
>> This patch moves the udp_rmem_min, udp_wmem_min
>> to namespace and init the udp_l3mdev_accept explicitly.
>
> Can you please be a little more descriptive on why this is
> needed/helpful?
Thanks for your reply. In our machine, there are many dockers. The different
dockers may run the different services which require rx queue.
All the dockers in a machine share the .sysctl_mem, so we can mov the
udp_wmem_min/udp_rmem_min, which affect rx queue, to namespace,
then docker can set it differently.
>> Signed-off-by: Tonghao Zhang <xiangxia.m.yue@...il.com>
>> ---
>> include/net/netns/ipv4.h | 3 ++
>> net/ipv4/sysctl_net_ipv4.c | 32 ++++++++---------
>> net/ipv4/udp.c | 86 +++++++++++++++++++++++++++-------------------
>> net/ipv6/udp.c | 52 ++++++++++++++--------------
>> 4 files changed, 96 insertions(+), 77 deletions(-)
>>
>> diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h
>> index 3a970e4..382bfd7 100644
>> --- a/include/net/netns/ipv4.h
>> +++ b/include/net/netns/ipv4.h
>> @@ -168,6 +168,9 @@ struct netns_ipv4 {
>> atomic_t tfo_active_disable_times;
>> unsigned long tfo_active_disable_stamp;
>>
>> + int sysctl_udp_wmem_min;
>> + int sysctl_udp_rmem_min;
>> +
>> #ifdef CONFIG_NET_L3_MASTER_DEV
>> int sysctl_udp_l3mdev_accept;
>> #endif
>> diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
>> index 011de9a..5b72d97 100644
>> --- a/net/ipv4/sysctl_net_ipv4.c
>> +++ b/net/ipv4/sysctl_net_ipv4.c
>> @@ -520,22 +520,6 @@ static int proc_fib_multipath_hash_policy(struct ctl_table *table, int write,
>> .mode = 0644,
>> .proc_handler = proc_doulongvec_minmax,
>> },
>> - {
>> - .procname = "udp_rmem_min",
>> - .data = &sysctl_udp_rmem_min,
>> - .maxlen = sizeof(sysctl_udp_rmem_min),
>> - .mode = 0644,
>> - .proc_handler = proc_dointvec_minmax,
>> - .extra1 = &one
>> - },
>> - {
>> - .procname = "udp_wmem_min",
>> - .data = &sysctl_udp_wmem_min,
>> - .maxlen = sizeof(sysctl_udp_wmem_min),
>> - .mode = 0644,
>> - .proc_handler = proc_dointvec_minmax,
>> - .extra1 = &one
>> - },
>> { }
>> };
>>
>> @@ -1167,6 +1151,22 @@ static int proc_fib_multipath_hash_policy(struct ctl_table *table, int write,
>> .proc_handler = proc_dointvec_minmax,
>> .extra1 = &one,
>> },
>> + {
>> + .procname = "udp_rmem_min",
>> + .data = &init_net.ipv4.sysctl_udp_rmem_min,
>> + .maxlen = sizeof(init_net.ipv4.sysctl_udp_rmem_min),
>> + .mode = 0644,
>> + .proc_handler = proc_dointvec_minmax,
>> + .extra1 = &one
>> + },
>> + {
>> + .procname = "udp_wmem_min",
>> + .data = &init_net.ipv4.sysctl_udp_wmem_min,
>> + .maxlen = sizeof(init_net.ipv4.sysctl_udp_wmem_min),
>> + .mode = 0644,
>> + .proc_handler = proc_dointvec_minmax,
>> + .extra1 = &one
>> + },
>> { }
>> };
>>
>> diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
>> index 3013404..7ae77f2 100644
>> --- a/net/ipv4/udp.c
>> +++ b/net/ipv4/udp.c
>> @@ -122,12 +122,6 @@
>> long sysctl_udp_mem[3] __read_mostly;
>> EXPORT_SYMBOL(sysctl_udp_mem);
>>
>> -int sysctl_udp_rmem_min __read_mostly;
>> -EXPORT_SYMBOL(sysctl_udp_rmem_min);
>> -
>> -int sysctl_udp_wmem_min __read_mostly;
>> -EXPORT_SYMBOL(sysctl_udp_wmem_min);
>> -
>> atomic_long_t udp_memory_allocated;
>> EXPORT_SYMBOL(udp_memory_allocated);
>>
>> @@ -2533,35 +2527,35 @@ int udp_abort(struct sock *sk, int err)
>> EXPORT_SYMBOL_GPL(udp_abort);
>>
>> struct proto udp_prot = {
>> - .name = "UDP",
>> - .owner = THIS_MODULE,
>> - .close = udp_lib_close,
>> - .connect = ip4_datagram_connect,
>> - .disconnect = udp_disconnect,
>> - .ioctl = udp_ioctl,
>> - .init = udp_init_sock,
>> - .destroy = udp_destroy_sock,
>> - .setsockopt = udp_setsockopt,
>> - .getsockopt = udp_getsockopt,
>> - .sendmsg = udp_sendmsg,
>> - .recvmsg = udp_recvmsg,
>> - .sendpage = udp_sendpage,
>> - .release_cb = ip4_datagram_release_cb,
>> - .hash = udp_lib_hash,
>> - .unhash = udp_lib_unhash,
>> - .rehash = udp_v4_rehash,
>> - .get_port = udp_v4_get_port,
>> - .memory_allocated = &udp_memory_allocated,
>> - .sysctl_mem = sysctl_udp_mem,
>> - .sysctl_wmem = &sysctl_udp_wmem_min,
>> - .sysctl_rmem = &sysctl_udp_rmem_min,
>> - .obj_size = sizeof(struct udp_sock),
>> - .h.udp_table = &udp_table,
>> + .name = "UDP",
>> + .owner = THIS_MODULE,
>> + .close = udp_lib_close,
>> + .connect = ip4_datagram_connect,
>> + .disconnect = udp_disconnect,
>> + .ioctl = udp_ioctl,
>> + .init = udp_init_sock,
>> + .destroy = udp_destroy_sock,
>> + .setsockopt = udp_setsockopt,
>> + .getsockopt = udp_getsockopt,
>> + .sendmsg = udp_sendmsg,
>> + .recvmsg = udp_recvmsg,
>> + .sendpage = udp_sendpage,
>> + .release_cb = ip4_datagram_release_cb,
>> + .hash = udp_lib_hash,
>> + .unhash = udp_lib_unhash,
>> + .rehash = udp_v4_rehash,
>> + .get_port = udp_v4_get_port,
>> + .memory_allocated = &udp_memory_allocated,
>> + .sysctl_mem = sysctl_udp_mem,
>> + .sysctl_wmem_offset = offsetof(struct net, ipv4.sysctl_udp_wmem_min),
>> + .sysctl_rmem_offset = offsetof(struct net, ipv4.sysctl_udp_rmem_min),
>> + .obj_size = sizeof(struct udp_sock),
>> + .h.udp_table = &udp_table,
>> #ifdef CONFIG_COMPAT
>> - .compat_setsockopt = compat_udp_setsockopt,
>> - .compat_getsockopt = compat_udp_getsockopt,
>> + .compat_setsockopt = compat_udp_setsockopt,
>> + .compat_getsockopt = compat_udp_getsockopt,
>> #endif
>> - .diag_destroy = udp_abort,
>> + .diag_destroy = udp_abort,
>> };
>> EXPORT_SYMBOL(udp_prot);
>>
>> @@ -2831,6 +2825,21 @@ u32 udp_flow_hashrnd(void)
>> }
>> EXPORT_SYMBOL(udp_flow_hashrnd);
>>
>> +static int __net_init udp_sysctl_init(struct net *net)
>> +{
>> + net->ipv4.sysctl_udp_rmem_min = SK_MEM_QUANTUM;
>> + net->ipv4.sysctl_udp_wmem_min = SK_MEM_QUANTUM;
>> +
>> +#ifdef CONFIG_NET_L3_MASTER_DEV
>> + net->ipv4.sysctl_udp_l3mdev_accept = 0;
>> +#endif
>> + return 0;
>> +}
>> +
>> +static struct pernet_operations __net_initdata udp_sysctl_ops = {
>> + .init = udp_sysctl_init,
>> +};
>> +
>> void __init udp_init(void)
>> {
>> unsigned long limit;
>> @@ -2843,8 +2852,12 @@ void __init udp_init(void)
>> sysctl_udp_mem[1] = limit;
>> sysctl_udp_mem[2] = sysctl_udp_mem[0] * 2;
>>
>> - sysctl_udp_rmem_min = SK_MEM_QUANTUM;
>> - sysctl_udp_wmem_min = SK_MEM_QUANTUM;
>> + init_net.ipv4.sysctl_udp_rmem_min = SK_MEM_QUANTUM;
>> + init_net.ipv4.sysctl_udp_wmem_min = SK_MEM_QUANTUM;
>> +
>> +#ifdef CONFIG_NET_L3_MASTER_DEV
>> + init_net.ipv4.sysctl_udp_l3mdev_accept = 0;
>> +#endif
>
> You can avoid the code duplication here - and in udp_sysctl_init() -
> using a common helper.
Yes, great, I will send v2
> Thanks,
>
> Paolo
Powered by blists - more mailing lists