xfrm: Namespacify xfrm state/policy locks

By semantics, xfrm layer is fully name space aware, so will the locks, e.g. xfrm_state/pocliy_lock. Ensure exclusive access into state/policy link list for different name space with one global lock is not right in terms of semantics aspect at first place, as they are indeed mutually independent with each other, but also more seriously causes scalability problem. One practical scenario is on a Open Network Stack, more than hundreds of lxc tenants acts as routers within one host, a global xfrm_state/policy_lock becomes the bottleneck. But onces those locks are decoupled in a per-namespace fashion, locks contend is just with in specific name space scope, without causing additional SPD/SAD access delay for other name space. Also this patch improve scalability while as without changing original xfrm behavior. Signed-off-by: Fan Du <fan.du@windriver.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
author: Fan Du <fan.du@windriver.com> 2013-11-07 04:47:50 -0500
committer: Steffen Klassert <steffen.klassert@secunet.com> 2013-12-06 00:45:06 -0500
commit: 283bc9f35bbbcb0e9ab4e6d2427da7f9f710d52d (patch)
tree: 8b580340bdc0d1f25f4a76dfc39c48760f3f307a /net/key
parent: 8d549c4f5d92d80fc6f888fd314e10972ae0ec37 (diff)
1 files changed, 10 insertions, 5 deletions
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 3fa811c46913..9a039acf37e8 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -1785,7 +1785,9 @@ static int pfkey_dump_sa(struct pfkey_sock *pfk)
 static void pfkey_dump_sa_done(struct pfkey_sock *pfk)
 {
-        xfrm_state_walk_done(&pfk->dump.u.state);
+        struct net *net = sock_net(&pfk->sk);
+        xfrm_state_walk_done(&pfk->dump.u.state, net);
 }
 static int pfkey_dump(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
@@ -1861,7 +1863,7 @@ static u32 gen_reqid(struct net *net)
                        reqid = IPSEC_MANUAL_REQID_MAX+1;
                xfrm_policy_walk_init(&walk, XFRM_POLICY_TYPE_MAIN);
                rc = xfrm_policy_walk(net, &walk, check_reqid, (void*)&reqid);
-                xfrm_policy_walk_done(&walk);
+                xfrm_policy_walk_done(&walk, net);
                if (rc != -EEXIST)
                        return reqid;
        } while (reqid != start);
@@ -2660,7 +2662,9 @@ static int pfkey_dump_sp(struct pfkey_sock *pfk)
 static void pfkey_dump_sp_done(struct pfkey_sock *pfk)
 {
-        xfrm_policy_walk_done(&pfk->dump.u.policy);
+        struct net *net = sock_net((struct sock *)pfk);
+        xfrm_policy_walk_done(&pfk->dump.u.policy, net);
 }
 static int pfkey_spddump(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
@@ -3570,6 +3574,7 @@ static int pfkey_sendmsg(struct kiocb *kiocb,
        struct sk_buff *skb = NULL;
        struct sadb_msg *hdr = NULL;
        int err;
+        struct net *net = sock_net(sk);
        err = -EOPNOTSUPP;
        if (msg->msg_flags & MSG_OOB)
@@ -3592,9 +3597,9 @@ static int pfkey_sendmsg(struct kiocb *kiocb,
        if (!hdr)
                goto out;
-        mutex_lock(&xfrm_cfg_mutex);
+        mutex_lock(&net->xfrm.xfrm_cfg_mutex);
        err = pfkey_process(sk, skb, hdr);
-        mutex_unlock(&xfrm_cfg_mutex);
+        mutex_unlock(&net->xfrm.xfrm_cfg_mutex);
 out:
        if (err && hdr && pfkey_error(hdr, err, sk) == 0)
author	Fan Du <fan.du@windriver.com>	2013-11-07 04:47:50 -0500
committer	Steffen Klassert <steffen.klassert@secunet.com>	2013-12-06 00:45:06 -0500
commit	283bc9f35bbbcb0e9ab4e6d2427da7f9f710d52d (patch)
tree	8b580340bdc0d1f25f4a76dfc39c48760f3f307a /net/key
parent	8d549c4f5d92d80fc6f888fd314e10972ae0ec37 (diff)