From patchwork Wed Jan 16 08:53:22 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tonghao Zhang X-Patchwork-Id: 1026359 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="ezj7PSW1"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 43g5PR5TJ2z9sD9 for ; Thu, 17 Jan 2019 12:01:31 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727144AbfAQBB3 (ORCPT ); Wed, 16 Jan 2019 20:01:29 -0500 Received: from mail-pg1-f193.google.com ([209.85.215.193]:40509 "EHLO mail-pg1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725888AbfAQBB3 (ORCPT ); Wed, 16 Jan 2019 20:01:29 -0500 Received: by mail-pg1-f193.google.com with SMTP id z10so3612695pgp.7 for ; Wed, 16 Jan 2019 17:01:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=i5K0FLLxEXmgAmTbgTjGETTMjiqKNzZZ55jYig9bulI=; b=ezj7PSW1eQz+ZgRASqDU2ymMvPIKS4AMaWv5NCDCdmtaqf6+j40LMj/JrVbisXrzK/ rpgER/vlnDtTIbsyt2mNn2ggSRaswLulQquT2aIjuzCQ4WzhRT81pGFtB3ak4/6f6Qdm HAOmbFE3SUWeJFy3Y6qrrPR4218gEnGqNEzaHX34sES7/SSLh7i69p+ywNtVLNAdm4q8 sKMTxzKwaJk2Ro18LGlqLzgcBMjgEa5k0stTTiEw0aDsLBMnHRAg3VjaXKiTCGe0753l z5njeG+NlwAbut3/rmjsZ/2O5SnIKGc6scHkbGNIBV7ISGRMpTUKox11vDc3WhI7yXI9 4u1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=i5K0FLLxEXmgAmTbgTjGETTMjiqKNzZZ55jYig9bulI=; b=j/6G//ENofwC/ctzKUjiKrcnHJN8Lzv+CcFiHD2KUmQUXRpVtTJWNe6n34lOq25gyZ UxVuz+XIHSoLEmXdIjm0LQdOfKADjlsHOQegdKEtAUb3POqIVHSbPixL9a3c9H9Ohjfj KYXzoBBm9CvjeSC6dVOoAapITkxajwKC5gaqyS87ySqfYhnGC5PQZFnSpF99qdeGafp2 fTK6MLTy1u70Myx4bUdh5PTxpgmkUEKs2TL/QV1XtSWVLzcJ7e30GMHQEZPhqtnGMhqA 8HWjN4KJ2QgQXLnIiUMCWjgH8x/Ze2CrktLfK9agAZKrCKaBN3nv1PKFnK0XdtX3nOG/ q9Lw== X-Gm-Message-State: AJcUukcM23W156I2WdL3lLaWQEl09qMdSCr1xFKN6iVAPwKKHETcuRuh kXLR8+xC27l8x3zrxVSNtcA= X-Google-Smtp-Source: ALg8bN4OU4XTJG8Q0SMyBkvDaP5z0VWXouNX95QqUp3fskLcwaxawdC5XlZgcIbQo8Ht7hEiSWeHzw== X-Received: by 2002:a62:db41:: with SMTP id f62mr12985101pfg.123.1547686888374; Wed, 16 Jan 2019 17:01:28 -0800 (PST) Received: from local.opencloud.tech.localdomain ([203.100.54.194]) by smtp.gmail.com with ESMTPSA id x2sm17952pfx.78.2019.01.16.17.01.26 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 16 Jan 2019 17:01:27 -0800 (PST) From: xiangxia.m.yue@gmail.com To: davem@davemloft.net, xiyou.wangcong@gmail.com Cc: netdev@vger.kernel.org, Tonghao Zhang Subject: [PATCH RESEND net-next v2] net: ipv4: allocate ipv4_devconf memory for init_net Date: Wed, 16 Jan 2019 00:53:22 -0800 Message-Id: <1547628802-10902-1-git-send-email-xiangxia.m.yue@gmail.com> X-Mailer: git-send-email 1.8.3.1 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Tonghao Zhang The devconf setting on the init_net will affect other namespace when them created. For example: $ cat /proc/sys/net/ipv4/conf/all/rp_filter 0 $ echo 2 > /proc/sys/net/ipv4/conf/all/rp_filter $ cat /proc/sys/net/ipv4/conf/all/rp_filter 2 $ ip netns add ns100 $ ip netns exec ns100 bash $ cat /proc/sys/net/ipv4/conf/all/rp_filter 2 The value of rp_filter in the ns100, should be 0 as default, but it is 2 same as _init_net_. In some case, there are many containers, on host, where running the different type containers and applications. We don't know what network configuration user will set. The new containers don't inherit our host configuration. * host _init_net_ may be used as a complex network. (the rp_filter, arp_ignore and arp_announce may be used.) but containers use them as default. Host network configuration should not affect containers. * containers and host network configuration are complete isolation. To fix it and init devconf to default value, we allocate memory for every namespace(include init_net), this memory will be used to store themself setting data and we also allocate memory to register sys_ctl tables. IPv6 does that in the same way. Signed-off-by: Tonghao Zhang --- v1->v2: add more commit info. --- net/ipv4/devinet.c | 40 ++++++++++++++++------------------------ 1 file changed, 16 insertions(+), 24 deletions(-) diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c index 5b9b6d4..2edf0f8 100644 --- a/net/ipv4/devinet.c +++ b/net/ipv4/devinet.c @@ -2555,33 +2555,28 @@ static __net_init int devinet_init_net(struct net *net) int err; struct ipv4_devconf *all, *dflt; #ifdef CONFIG_SYSCTL - struct ctl_table *tbl = ctl_forward_entry; + struct ctl_table *tbl; struct ctl_table_header *forw_hdr; #endif err = -ENOMEM; - all = &ipv4_devconf; - dflt = &ipv4_devconf_dflt; - - if (!net_eq(net, &init_net)) { - all = kmemdup(all, sizeof(ipv4_devconf), GFP_KERNEL); - if (!all) - goto err_alloc_all; + all = kmemdup(&ipv4_devconf, sizeof(ipv4_devconf), GFP_KERNEL); + if (!all) + goto err_alloc_all; - dflt = kmemdup(dflt, sizeof(ipv4_devconf_dflt), GFP_KERNEL); - if (!dflt) - goto err_alloc_dflt; + dflt = kmemdup(&ipv4_devconf_dflt, sizeof(ipv4_devconf_dflt), GFP_KERNEL); + if (!dflt) + goto err_alloc_dflt; #ifdef CONFIG_SYSCTL - tbl = kmemdup(tbl, sizeof(ctl_forward_entry), GFP_KERNEL); - if (!tbl) - goto err_alloc_ctl; + tbl = kmemdup(ctl_forward_entry, sizeof(ctl_forward_entry), GFP_KERNEL); + if (!tbl) + goto err_alloc_ctl; - tbl[0].data = &all->data[IPV4_DEVCONF_FORWARDING - 1]; - tbl[0].extra1 = all; - tbl[0].extra2 = net; + tbl[0].data = &all->data[IPV4_DEVCONF_FORWARDING - 1]; + tbl[0].extra1 = all; + tbl[0].extra2 = net; #endif - } #ifdef CONFIG_SYSCTL err = __devinet_sysctl_register(net, "all", NETCONFA_IFINDEX_ALL, all); @@ -2610,15 +2605,12 @@ static __net_init int devinet_init_net(struct net *net) err_reg_dflt: __devinet_sysctl_unregister(net, all, NETCONFA_IFINDEX_ALL); err_reg_all: - if (tbl != ctl_forward_entry) - kfree(tbl); + kfree(tbl); err_alloc_ctl: #endif - if (dflt != &ipv4_devconf_dflt) - kfree(dflt); + kfree(dflt); err_alloc_dflt: - if (all != &ipv4_devconf) - kfree(all); + kfree(all); err_alloc_all: return err; }