inetpeer: add namespace support for inetpeer

now inetpeer doesn't support namespace,the information will be leaking across namespace. this patch move the global vars v4_peers and v6_peers to netns_ipv4 and netns_ipv6 as a field peers. add struct pernet_operations inetpeer_ops to initial pernet inetpeer data. and change family_to_base and inet_getpeer to support namespace. Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Gao feng <gaofeng@cn.fujitsu.com> 2012-06-07 21:20:41 -0400
committer: David S. Miller <davem@davemloft.net> 2012-06-08 17:27:23 -0400
commit: c8a627ed06d6d49bf65015a2185c519335c4c83f (patch)
tree: 2a67acd810661f3655162868bef0306e7ec51b86
parent: 1578e7778fa04eb7e32da561effee6cd38139b0f (diff)
5 files changed, 59 insertions, 24 deletions
diff --git a/include/net/inetpeer.h b/include/net/inetpeer.h
index 2040bff945d4..fef9dfab5d45 100644
--- a/include/net/inetpeer.h
+++ b/include/net/inetpeer.h
@@ -75,7 +75,9 @@ static inline bool inet_metrics_new(const struct inet_peer *p)
 }
 /* can be called with or without local BH being disabled */
-struct inet_peer        *inet_getpeer(const struct inetpeer_addr *daddr, int create);
+struct inet_peer *inet_getpeer(struct net *net,
+                               const struct inetpeer_addr *daddr,
+                               int create);
 static inline struct inet_peer *inet_getpeer_v4(__be32 v4daddr, int create)
 {
@@ -83,7 +85,7 @@ static inline struct inet_peer *inet_getpeer_v4(__be32 v4daddr, int create)
        daddr.addr.a4 = v4daddr;
        daddr.family = AF_INET;
-        return inet_getpeer(&daddr, create);
+        return inet_getpeer(&init_net, &daddr, create);
 }
 static inline struct inet_peer *inet_getpeer_v6(const struct in6_addr *v6daddr, int create)
@@ -92,14 +94,14 @@ static inline struct inet_peer *inet_getpeer_v6(const struct in6_addr *v6daddr,
        *(struct in6_addr *)daddr.addr.a6 = *v6daddr;
        daddr.family = AF_INET6;
-        return inet_getpeer(&daddr, create);
+        return inet_getpeer(&init_net, &daddr, create);
 }
 /* can be called from BH context or outside */
 extern void inet_putpeer(struct inet_peer *p);
 extern bool inet_peer_xrlim_allow(struct inet_peer *peer, int timeout);
-extern void inetpeer_invalidate_tree(int family);
+extern void inetpeer_invalidate_tree(struct net *net, int family);
 /*
 * temporary check to make sure we dont access rid, ip_id_count, tcp_ts,
diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h
index bbd023a1c9b9..227f0cd9d3f6 100644
--- a/include/net/netns/ipv4.h
+++ b/include/net/netns/ipv4.h
@@ -30,7 +30,7 @@ struct netns_ipv4 {
        struct sock             **icmp_sk;
        struct sock             *tcp_sock;
+        struct inet_peer_base   *peers;
        struct netns_frags      frags;
 #ifdef CONFIG_NETFILTER
        struct xt_table         *iptable_filter;
diff --git a/include/net/netns/ipv6.h b/include/net/netns/ipv6.h
index b42be53587ba..df0a5456a3fd 100644
--- a/include/net/netns/ipv6.h
+++ b/include/net/netns/ipv6.h
@@ -33,6 +33,7 @@ struct netns_ipv6 {
        struct netns_sysctl_ipv6 sysctl;
        struct ipv6_devconf     *devconf_all;
        struct ipv6_devconf     *devconf_dflt;
+        struct inet_peer_base   *peers;
        struct netns_frags      frags;
 #ifdef CONFIG_NETFILTER
        struct xt_table         *ip6table_filter;
diff --git a/net/ipv4/inetpeer.c b/net/ipv4/inetpeer.c
index dfba343b2509..1c8527349c86 100644
--- a/net/ipv4/inetpeer.c
+++ b/net/ipv4/inetpeer.c
@@ -88,18 +88,6 @@ struct inet_peer_base {
        int             total;
 };
-static struct inet_peer_base v4_peers = {
-        .root           = peer_avl_empty_rcu,
-        .lock           = __SEQLOCK_UNLOCKED(v4_peers.lock),
-        .total          = 0,
-};
-static struct inet_peer_base v6_peers = {
-        .root           = peer_avl_empty_rcu,
-        .lock           = __SEQLOCK_UNLOCKED(v6_peers.lock),
-        .total          = 0,
-};
 #define PEER_MAXDEPTH 40 /* sufficient for about 2^27 nodes */
 /* Exported for sysctl_net_ipv4.  */
@@ -153,6 +141,46 @@ static void inetpeer_gc_worker(struct work_struct *work)
        schedule_delayed_work(&gc_work, gc_delay);
 }
+static int __net_init inetpeer_net_init(struct net *net)
+{
+        net->ipv4.peers = kzalloc(sizeof(struct inet_peer_base),
+                                  GFP_KERNEL);
+        if (net->ipv4.peers == NULL)
+                return -ENOMEM;
+        net->ipv4.peers->root = peer_avl_empty_rcu;
+        seqlock_init(&net->ipv4.peers->lock);
+        net->ipv6.peers = kzalloc(sizeof(struct inet_peer_base),
+                                  GFP_KERNEL);
+        if (net->ipv6.peers == NULL)
+                goto out_ipv6;
+        net->ipv6.peers->root = peer_avl_empty_rcu;
+        seqlock_init(&net->ipv6.peers->lock);
+        return 0;
+out_ipv6:
+        kfree(net->ipv4.peers);
+        return -ENOMEM;
+}
+static void __net_exit inetpeer_net_exit(struct net *net)
+{
+        inetpeer_invalidate_tree(net, AF_INET);
+        kfree(net->ipv4.peers);
+        net->ipv4.peers = NULL;
+        inetpeer_invalidate_tree(net, AF_INET6);
+        kfree(net->ipv6.peers);
+        net->ipv6.peers = NULL;
+}
+static struct pernet_operations inetpeer_ops = {
+        .init = inetpeer_net_init,
+        .exit = inetpeer_net_exit,
+};
 /* Called from ip_output.c:ip_init  */
 void __init inet_initpeers(void)
 {
@@ -177,6 +205,7 @@ void __init inet_initpeers(void)
                        NULL);
        INIT_DELAYED_WORK_DEFERRABLE(&gc_work, inetpeer_gc_worker);
+        register_pernet_subsys(&inetpeer_ops);
 }
 static int addr_compare(const struct inetpeer_addr *a,
@@ -401,9 +430,10 @@ static void unlink_from_pool(struct inet_peer *p, struct inet_peer_base *base,
        call_rcu(&p->rcu, inetpeer_free_rcu);
 }
-static struct inet_peer_base *family_to_base(int family)
+static struct inet_peer_base *family_to_base(struct net *net,
+                                             int family)
 {
-        return family == AF_INET ? &v4_peers : &v6_peers;
+        return family == AF_INET ? net->ipv4.peers : net->ipv6.peers;
 }
 /* perform garbage collect on all items stacked during a lookup */
@@ -443,10 +473,12 @@ static int inet_peer_gc(struct inet_peer_base *base,
        return cnt;
 }
-struct inet_peer *inet_getpeer(const struct inetpeer_addr *daddr, int create)
+struct inet_peer *inet_getpeer(struct net *net,
+                               const struct inetpeer_addr *daddr,
+                               int create)
 {
        struct inet_peer __rcu **stack[PEER_MAXDEPTH], ***stackptr;
-        struct inet_peer_base *base = family_to_base(daddr->family);
+        struct inet_peer_base *base = family_to_base(net, daddr->family);
        struct inet_peer *p;
        unsigned int sequence;
        int invalidated, gccnt = 0;
@@ -571,10 +603,10 @@ static void inetpeer_inval_rcu(struct rcu_head *head)
        schedule_delayed_work(&gc_work, gc_delay);
 }
-void inetpeer_invalidate_tree(int family)
+void inetpeer_invalidate_tree(struct net *net, int family)
 {
        struct inet_peer *old, *new, *prev;
-        struct inet_peer_base *base = family_to_base(family);
+        struct inet_peer_base *base = family_to_base(net, family);
        write_seqlock_bh(&base->lock);
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 98b30d08efe9..006c21cc2324 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -938,7 +938,7 @@ static void rt_cache_invalidate(struct net *net)
        get_random_bytes(&shuffle, sizeof(shuffle));
        atomic_add(shuffle + 1U, &net->ipv4.rt_genid);
-        inetpeer_invalidate_tree(AF_INET);
+        inetpeer_invalidate_tree(net, AF_INET);
 }
 /*
author	Gao feng <gaofeng@cn.fujitsu.com>	2012-06-07 21:20:41 -0400
committer	David S. Miller <davem@davemloft.net>	2012-06-08 17:27:23 -0400
commit	c8a627ed06d6d49bf65015a2185c519335c4c83f (patch)
tree	2a67acd810661f3655162868bef0306e7ec51b86
parent	1578e7778fa04eb7e32da561effee6cd38139b0f (diff)

diff --git a/include/net/inetpeer.h b/include/net/inetpeer.h index 2040bff945d4..fef9dfab5d45 100644 --- a/include/net/inetpeer.h +++ b/include/net/inetpeer.h
@@ -75,7 +75,9 @@ static inline bool inet_metrics_new(const struct inet_peer *p)
75	}	75	}
76		76
77	/* can be called with or without local BH being disabled */	77	/* can be called with or without local BH being disabled */
78	struct inet_peer inet_getpeer(const struct inetpeer_addr daddr, int create);	78	struct inet_peer inet_getpeer(struct net net,
		79	const struct inetpeer_addr *daddr,
		80	int create);
79		81
80	static inline struct inet_peer *inet_getpeer_v4(__be32 v4daddr, int create)	82	static inline struct inet_peer *inet_getpeer_v4(__be32 v4daddr, int create)
81	{	83	{
@@ -83,7 +85,7 @@ static inline struct inet_peer *inet_getpeer_v4(__be32 v4daddr, int create)
83		85
84	daddr.addr.a4 = v4daddr;	86	daddr.addr.a4 = v4daddr;
85	daddr.family = AF_INET;	87	daddr.family = AF_INET;
86	return inet_getpeer(&daddr, create);	88	return inet_getpeer(&init_net, &daddr, create);
87	}	89	}
88		90
89	static inline struct inet_peer inet_getpeer_v6(const struct in6_addr v6daddr, int create)	91	static inline struct inet_peer inet_getpeer_v6(const struct in6_addr v6daddr, int create)
@@ -92,14 +94,14 @@ static inline struct inet_peer inet_getpeer_v6(const struct in6_addr v6daddr,
92		94
93	(struct in6_addr )daddr.addr.a6 = *v6daddr;	95	(struct in6_addr )daddr.addr.a6 = *v6daddr;
94	daddr.family = AF_INET6;	96	daddr.family = AF_INET6;
95	return inet_getpeer(&daddr, create);	97	return inet_getpeer(&init_net, &daddr, create);
96	}	98	}
97		99
98	/* can be called from BH context or outside */	100	/* can be called from BH context or outside */
99	extern void inet_putpeer(struct inet_peer *p);	101	extern void inet_putpeer(struct inet_peer *p);
100	extern bool inet_peer_xrlim_allow(struct inet_peer *peer, int timeout);	102	extern bool inet_peer_xrlim_allow(struct inet_peer *peer, int timeout);
101		103
102	extern void inetpeer_invalidate_tree(int family);	104	extern void inetpeer_invalidate_tree(struct net *net, int family);
103		105
104	/*	106	/*
105	* temporary check to make sure we dont access rid, ip_id_count, tcp_ts,	107	* temporary check to make sure we dont access rid, ip_id_count, tcp_ts,


diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h index bbd023a1c9b9..227f0cd9d3f6 100644 --- a/include/net/netns/ipv4.h +++ b/include/net/netns/ipv4.h
@@ -30,7 +30,7 @@ struct netns_ipv4 {
30		30
31	struct sock **icmp_sk;	31	struct sock **icmp_sk;
32	struct sock *tcp_sock;	32	struct sock *tcp_sock;
33		33	struct inet_peer_base *peers;
34	struct netns_frags frags;	34	struct netns_frags frags;
35	#ifdef CONFIG_NETFILTER	35	#ifdef CONFIG_NETFILTER
36	struct xt_table *iptable_filter;	36	struct xt_table *iptable_filter;


diff --git a/include/net/netns/ipv6.h b/include/net/netns/ipv6.h index b42be53587ba..df0a5456a3fd 100644 --- a/include/net/netns/ipv6.h +++ b/include/net/netns/ipv6.h
@@ -33,6 +33,7 @@ struct netns_ipv6 {
33	struct netns_sysctl_ipv6 sysctl;	33	struct netns_sysctl_ipv6 sysctl;
34	struct ipv6_devconf *devconf_all;	34	struct ipv6_devconf *devconf_all;
35	struct ipv6_devconf *devconf_dflt;	35	struct ipv6_devconf *devconf_dflt;
		36	struct inet_peer_base *peers;
36	struct netns_frags frags;	37	struct netns_frags frags;
37	#ifdef CONFIG_NETFILTER	38	#ifdef CONFIG_NETFILTER
38	struct xt_table *ip6table_filter;	39	struct xt_table *ip6table_filter;


diff --git a/net/ipv4/inetpeer.c b/net/ipv4/inetpeer.c index dfba343b2509..1c8527349c86 100644 --- a/net/ipv4/inetpeer.c +++ b/net/ipv4/inetpeer.c
@@ -88,18 +88,6 @@ struct inet_peer_base {
88	int total;	88	int total;
89	};	89	};
90		90
91	static struct inet_peer_base v4_peers = {
92	.root = peer_avl_empty_rcu,
93	.lock = __SEQLOCK_UNLOCKED(v4_peers.lock),
94	.total = 0,
95	};
96
97	static struct inet_peer_base v6_peers = {
98	.root = peer_avl_empty_rcu,
99	.lock = __SEQLOCK_UNLOCKED(v6_peers.lock),
100	.total = 0,
101	};
102
103	#define PEER_MAXDEPTH 40 /* sufficient for about 2^27 nodes */	91	#define PEER_MAXDEPTH 40 /* sufficient for about 2^27 nodes */
104		92
105	/* Exported for sysctl_net_ipv4. */	93	/* Exported for sysctl_net_ipv4. */
@@ -153,6 +141,46 @@ static void inetpeer_gc_worker(struct work_struct *work)
153	schedule_delayed_work(&gc_work, gc_delay);	141	schedule_delayed_work(&gc_work, gc_delay);
154	}	142	}
155		143
		144	static int __net_init inetpeer_net_init(struct net *net)
		145	{
		146	net->ipv4.peers = kzalloc(sizeof(struct inet_peer_base),
		147	GFP_KERNEL);
		148	if (net->ipv4.peers == NULL)
		149	return -ENOMEM;
		150
		151	net->ipv4.peers->root = peer_avl_empty_rcu;
		152	seqlock_init(&net->ipv4.peers->lock);
		153
		154	net->ipv6.peers = kzalloc(sizeof(struct inet_peer_base),
		155	GFP_KERNEL);
		156	if (net->ipv6.peers == NULL)
		157	goto out_ipv6;
		158
		159	net->ipv6.peers->root = peer_avl_empty_rcu;
		160	seqlock_init(&net->ipv6.peers->lock);
		161
		162	return 0;
		163	out_ipv6:
		164	kfree(net->ipv4.peers);
		165	return -ENOMEM;
		166	}
		167
		168	static void __net_exit inetpeer_net_exit(struct net *net)
		169	{
		170	inetpeer_invalidate_tree(net, AF_INET);
		171	kfree(net->ipv4.peers);
		172	net->ipv4.peers = NULL;
		173
		174	inetpeer_invalidate_tree(net, AF_INET6);
		175	kfree(net->ipv6.peers);
		176	net->ipv6.peers = NULL;
		177	}
		178
		179	static struct pernet_operations inetpeer_ops = {
		180	.init = inetpeer_net_init,
		181	.exit = inetpeer_net_exit,
		182	};
		183
156	/* Called from ip_output.c:ip_init */	184	/* Called from ip_output.c:ip_init */
157	void __init inet_initpeers(void)	185	void __init inet_initpeers(void)
158	{	186	{
@@ -177,6 +205,7 @@ void __init inet_initpeers(void)
177	NULL);	205	NULL);
178		206
179	INIT_DELAYED_WORK_DEFERRABLE(&gc_work, inetpeer_gc_worker);	207	INIT_DELAYED_WORK_DEFERRABLE(&gc_work, inetpeer_gc_worker);
		208	register_pernet_subsys(&inetpeer_ops);
180	}	209	}
181		210
182	static int addr_compare(const struct inetpeer_addr *a,	211	static int addr_compare(const struct inetpeer_addr *a,
@@ -401,9 +430,10 @@ static void unlink_from_pool(struct inet_peer p, struct inet_peer_base base,
401	call_rcu(&p->rcu, inetpeer_free_rcu);	430	call_rcu(&p->rcu, inetpeer_free_rcu);
402	}	431	}
403		432
404	static struct inet_peer_base *family_to_base(int family)	433	static struct inet_peer_base family_to_base(struct net net,
		434	int family)
405	{	435	{
406	return family == AF_INET ? &v4_peers : &v6_peers;	436	return family == AF_INET ? net->ipv4.peers : net->ipv6.peers;
407	}	437	}
408		438
409	/* perform garbage collect on all items stacked during a lookup */	439	/* perform garbage collect on all items stacked during a lookup */
@@ -443,10 +473,12 @@ static int inet_peer_gc(struct inet_peer_base *base,
443	return cnt;	473	return cnt;
444	}	474	}
445		475
446	struct inet_peer inet_getpeer(const struct inetpeer_addr daddr, int create)	476	struct inet_peer inet_getpeer(struct net net,
		477	const struct inetpeer_addr *daddr,
		478	int create)
447	{	479	{
448	struct inet_peer __rcu stack[PEER_MAXDEPTH], *stackptr;	480	struct inet_peer __rcu stack[PEER_MAXDEPTH], *stackptr;
449	struct inet_peer_base *base = family_to_base(daddr->family);	481	struct inet_peer_base *base = family_to_base(net, daddr->family);
450	struct inet_peer *p;	482	struct inet_peer *p;
451	unsigned int sequence;	483	unsigned int sequence;
452	int invalidated, gccnt = 0;	484	int invalidated, gccnt = 0;
@@ -571,10 +603,10 @@ static void inetpeer_inval_rcu(struct rcu_head *head)
571	schedule_delayed_work(&gc_work, gc_delay);	603	schedule_delayed_work(&gc_work, gc_delay);
572	}	604	}
573		605
574	void inetpeer_invalidate_tree(int family)	606	void inetpeer_invalidate_tree(struct net *net, int family)
575	{	607	{
576	struct inet_peer old, new, *prev;	608	struct inet_peer old, new, *prev;
577	struct inet_peer_base *base = family_to_base(family);	609	struct inet_peer_base *base = family_to_base(net, family);
578		610
579	write_seqlock_bh(&base->lock);	611	write_seqlock_bh(&base->lock);
580		612


diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 98b30d08efe9..006c21cc2324 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c
@@ -938,7 +938,7 @@ static void rt_cache_invalidate(struct net *net)
938		938
939	get_random_bytes(&shuffle, sizeof(shuffle));	939	get_random_bytes(&shuffle, sizeof(shuffle));
940	atomic_add(shuffle + 1U, &net->ipv4.rt_genid);	940	atomic_add(shuffle + 1U, &net->ipv4.rt_genid);
941	inetpeer_invalidate_tree(AF_INET);	941	inetpeer_invalidate_tree(net, AF_INET);
942	}	942	}
943		943
944	/*	944	/*