netns: don't clear nsid too early on removal

With the current code, ids are removed too early. Suppose you have an ipip interface that stands in the netns foo and its link part in the netns bar (so the netns bar has an nsid into the netns foo). Now, you remove the netns bar: - the bar nsid into the netns foo is removed - the netns exit method of ipip is called, thus our ipip iface is removed: => a netlink message is sent in the netns foo to advertise this deletion => this netlink message requests an nsid for bar, thus a new nsid is allocated for bar and never removed. We must remove nsids when we are sure that nobody will refer to netns currently cleaned. Fixes: 0c7aecd4bde4 ("netns: add rtnl cmd to add and get peer netns ids") Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Nicolas Dichtel <nicolas.dichtel@6wind.com> 2015-03-26 12:56:38 -0400
committer: David S. Miller <davem@davemloft.net> 2015-03-29 15:58:21 -0400
commit: 4217291e592da0e4258b652e82e5428639d29acc (patch)
tree: d2471fed2efe37bae94315963de49a4fac93157e
parent: 17f5ddd5a3b31bdb3acc6f7a41785503c9d113ee (diff)
1 files changed, 15 insertions, 9 deletions
diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
index cb5290b8c428..5221f975a4cc 100644
--- a/net/core/net_namespace.c
+++ b/net/core/net_namespace.c
@@ -349,7 +349,7 @@ static LIST_HEAD(cleanup_list);  /* Must hold cleanup_list_lock to touch */
 static void cleanup_net(struct work_struct *work)
 {
        const struct pernet_operations *ops;
-        struct net *net, *tmp;
+        struct net *net, *tmp, *peer;
        struct list_head net_kill_list;
        LIST_HEAD(net_exit_list);
@@ -365,14 +365,6 @@ static void cleanup_net(struct work_struct *work)
        list_for_each_entry(net, &net_kill_list, cleanup_list) {
                list_del_rcu(&net->list);
                list_add_tail(&net->exit_list, &net_exit_list);
-                for_each_net(tmp) {
-                        int id = __peernet2id(tmp, net, false);
-                        if (id >= 0)
-                                idr_remove(&tmp->netns_ids, id);
-                }
-                idr_destroy(&net->netns_ids);
        }
        rtnl_unlock();
@@ -398,12 +390,26 @@ static void cleanup_net(struct work_struct *work)
         */
        rcu_barrier();
+        rtnl_lock();
        /* Finally it is safe to free my network namespace structure */
        list_for_each_entry_safe(net, tmp, &net_exit_list, exit_list) {
+                /* Unreference net from all peers (no need to loop over
+                 * net_exit_list because idr_destroy() will be called for each
+                 * element of this list.
+                 */
+                for_each_net(peer) {
+                        int id = __peernet2id(peer, net, false);
+                        if (id >= 0)
+                                idr_remove(&peer->netns_ids, id);
+                }
+                idr_destroy(&net->netns_ids);
                list_del_init(&net->exit_list);
                put_user_ns(net->user_ns);
                net_drop_ns(net);
        }
+        rtnl_unlock();
 }
 static DECLARE_WORK(net_cleanup_work, cleanup_net);
author	Nicolas Dichtel <nicolas.dichtel@6wind.com>	2015-03-26 12:56:38 -0400
committer	David S. Miller <davem@davemloft.net>	2015-03-29 15:58:21 -0400
commit	4217291e592da0e4258b652e82e5428639d29acc (patch)
tree	d2471fed2efe37bae94315963de49a4fac93157e
parent	17f5ddd5a3b31bdb3acc6f7a41785503c9d113ee (diff)