diff options
| author | Nikolay Aleksandrov <nikolay@redhat.com> | 2014-07-24 10:50:37 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2014-07-28 01:34:36 -0400 |
| commit | 1bab4c75075b84675b96992ac47580a57c26958d (patch) | |
| tree | d015ddcf9d9d16e423efb63e9ddbd46fb02d95c3 /net/ipv6/reassembly.c | |
| parent | ab1c724f633080ed2e8a0cfe61654599b55cf8f9 (diff) | |
inet: frag: set limits and make init_net's high_thresh limit global
This patch makes init_net's high_thresh limit to be the maximum for all
namespaces, thus introducing a global memory limit threshold equal to the
sum of the individual high_thresh limits which are capped.
It also introduces some sane minimums for low_thresh as it shouldn't be
able to drop below 0 (or > high_thresh in the unsigned case), and
overall low_thresh should not ever be above high_thresh, so we make the
following relations for a namespace:
init_net:
high_thresh - max(not capped), min(init_net low_thresh)
low_thresh - max(init_net high_thresh), min (0)
all other namespaces:
high_thresh = max(init_net high_thresh), min(namespace's low_thresh)
low_thresh = max(namespace's high_thresh), min(0)
The major issue with having low_thresh > high_thresh is that we'll
schedule eviction but never evict anything and thus rely only on the
timers.
Signed-off-by: Nikolay Aleksandrov <nikolay@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6/reassembly.c')
| -rw-r--r-- | net/ipv6/reassembly.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c index 57a9707b2032..f1709c4a289a 100644 --- a/net/ipv6/reassembly.c +++ b/net/ipv6/reassembly.c | |||
| @@ -578,20 +578,25 @@ static const struct inet6_protocol frag_protocol = | |||
| 578 | }; | 578 | }; |
| 579 | 579 | ||
| 580 | #ifdef CONFIG_SYSCTL | 580 | #ifdef CONFIG_SYSCTL |
| 581 | static int zero; | ||
| 582 | |||
| 581 | static struct ctl_table ip6_frags_ns_ctl_table[] = { | 583 | static struct ctl_table ip6_frags_ns_ctl_table[] = { |
| 582 | { | 584 | { |
| 583 | .procname = "ip6frag_high_thresh", | 585 | .procname = "ip6frag_high_thresh", |
| 584 | .data = &init_net.ipv6.frags.high_thresh, | 586 | .data = &init_net.ipv6.frags.high_thresh, |
| 585 | .maxlen = sizeof(int), | 587 | .maxlen = sizeof(int), |
| 586 | .mode = 0644, | 588 | .mode = 0644, |
| 587 | .proc_handler = proc_dointvec | 589 | .proc_handler = proc_dointvec_minmax, |
| 590 | .extra1 = &init_net.ipv6.frags.low_thresh | ||
| 588 | }, | 591 | }, |
| 589 | { | 592 | { |
| 590 | .procname = "ip6frag_low_thresh", | 593 | .procname = "ip6frag_low_thresh", |
| 591 | .data = &init_net.ipv6.frags.low_thresh, | 594 | .data = &init_net.ipv6.frags.low_thresh, |
| 592 | .maxlen = sizeof(int), | 595 | .maxlen = sizeof(int), |
| 593 | .mode = 0644, | 596 | .mode = 0644, |
| 594 | .proc_handler = proc_dointvec | 597 | .proc_handler = proc_dointvec_minmax, |
| 598 | .extra1 = &zero, | ||
| 599 | .extra2 = &init_net.ipv6.frags.high_thresh | ||
| 595 | }, | 600 | }, |
| 596 | { | 601 | { |
| 597 | .procname = "ip6frag_time", | 602 | .procname = "ip6frag_time", |
| @@ -628,7 +633,10 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net) | |||
| 628 | goto err_alloc; | 633 | goto err_alloc; |
| 629 | 634 | ||
| 630 | table[0].data = &net->ipv6.frags.high_thresh; | 635 | table[0].data = &net->ipv6.frags.high_thresh; |
| 636 | table[0].extra1 = &net->ipv6.frags.low_thresh; | ||
| 637 | table[0].extra2 = &init_net.ipv6.frags.high_thresh; | ||
| 631 | table[1].data = &net->ipv6.frags.low_thresh; | 638 | table[1].data = &net->ipv6.frags.low_thresh; |
| 639 | table[1].extra2 = &net->ipv6.frags.high_thresh; | ||
| 632 | table[2].data = &net->ipv6.frags.timeout; | 640 | table[2].data = &net->ipv6.frags.timeout; |
| 633 | 641 | ||
| 634 | /* Don't export sysctls to unprivileged users */ | 642 | /* Don't export sysctls to unprivileged users */ |