Network namespace and bonding WARNING at fs/proc/generic.c remove_proc_entry

Network namespace and bonding WARNING at fs/proc/generic.c remove_proc_entry

[Dilip Daya]

Hi,

I'd discussed the following with Serge Hallyn.

=> Environment based on 3.2.18 / x86_64 kernel.
=> WARNING: at fs/proc/generic.c:808 remove_proc_entry+0xdb/0x21f()
=> WARNING: at fs/proc/generic.c:849 remove_proc_entry+0x208/0x21f()


network namespace and bonding
-----------------------------

* Migrate two phy nics from host to netns (netns0).
  - ip link set ethX netns netns0

* In host environment:
  - load bonding module, /sbin/modprobe -v bonding mode=1 miimon=100
  - /sys/class/net/bond0 exists.
  - /proc/net/bonding/bond0 exists.
  - /sys/class/net/bonding_masters has bond0.

* Migrate bond0 to netns (netns0):
  - ip link set bond0 netns netns0.

* Within netns (netns0):
  - /sys/class/net/bonding_masters is empty.
  - /sys/class/net/bond0 exist.
  - configure bond0 and ifenslave with two phy nics.
  - /proc/net/bonding/bond0 does not exist within netns0, but does
    exist in the host environment.
  - /sys/class/net/bonding_masters is empty.
  - ping to remote end of bond0 works.

* Within netns (netns0), flushing ethX and bondY:
  - down bond0 and its phy nic interfaces:
  - ip link set ... down
  - ip addr flush dev [bond0 | eth#]
  - deleting bond0, /sbin/ip link del dev bond0

  produced splat #1

[1863091.131448] bonding: bond0: released all slaves
[1863091.131454] (unregistered net_device): mixed no checksumming and
other settings.
[1863091.131463] ------------[ cut here ]------------
[1863091.131472] WARNING: at fs/proc/generic.c:808 remove_proc_entry
+0xdb/0x21f()
[1863091.131475] Hardware name: ProLiant DL380 G6
[1863091.131477] name 'bond0'
[1863091.131479] Modules linked in: bonding pktgen mperf
cpufreq_userspace cpufreq_stats cpufreq_ondemand freq_table
cpufreq_powersave sctp cpufreq_conservative parport_pc ppdev crc32c
libcrc32c lp parport nfsd lockd nfs_acl auth_rpcgss sunrpc exportfs
binfmt_misc deflate zlib_deflate ctr twofish_x86_64 twofish_generic
twofish_common camellia serpent blowfish_x86_64 blowfish_generic
blowfish_common cast5 des_generic cbc cryptd aes_x86_64 aes_generic xcbc
rmd160 sha512_generic sha256_generic sha1_generic crypto_null af_key
fuse ipv6 loop ipmi_si ipmi_msghandler i7core_edac edac_core psmouse
hpilo hpwdt evdev serio_raw pcspkr processor container button ext3 jbd
mbcache usbhid hid sr_mod cdrom ide_pci_generic ide_core ata_generic sg
sd_mod crc_t10dif mpt2sas scsi_transport_sas raid_class ata_piix libata
hpsa uhci_hcd ehci_hcd scsi_mod bnx2 e1000e(O) thermal thermal_sys [last
unloaded: bonding]
[1863091.131563] Pid: 31663, comm: ip Tainted: G        W  O
3.2.18-clim-1-amd64 #1
[1863091.131566] Call Trace:
[1863091.131577]  [<ffffffff8103e54f>] warn_slowpath_common+0x80/0x98
[1863091.131582]  [<ffffffff8103e5fb>] warn_slowpath_fmt+0x41/0x43
[1863091.131587]  [<ffffffff81140235>] remove_proc_entry+0xdb/0x21f
[1863091.131593]  [<ffffffff8105e4f8>] ? raw_notifier_call_chain
+0xf/0x11
[1863091.131600]  [<ffffffff81276077>] ? netdev_features_change
+0x11/0x13
[1863091.131610]  [<ffffffffa04a4336>] bond_remove_proc_entry+0x59/0x72
[bonding]
[1863091.131617]  [<ffffffffa049b3d8>] bond_uninit+0x3a4/0x411 [bonding]
[1863091.131622]  [<ffffffff81281234>] ? rtnl_notify+0x28/0x2a
[1863091.131626]  [<ffffffff812758b0>] rollback_registered_many
+0x189/0x215
[1863091.131631]  [<ffffffff81275952>] unregister_netdevice_many
+0x16/0x63
[1863091.131634]  [<ffffffff8127f591>] rtnl_dellink+0xc8/0xec
[1863091.131642]  [<ffffffff810bb5a0>] ? get_page_from_freelist
+0x5d1/0x6f7
[1863091.131646]  [<ffffffff81281827>] rtnetlink_rcv_msg+0x220/0x23d
[1863091.131650]  [<ffffffff81281607>] ? rtnetlink_rcv+0x28/0x28
[1863091.131656]  [<ffffffff812961b0>] netlink_rcv_skb+0x3e/0x8e
[1863091.131660]  [<ffffffff81281600>] rtnetlink_rcv+0x21/0x28
[1863091.131663]  [<ffffffff81295ed8>] netlink_unicast+0x220/0x297
[1863091.131668]  [<ffffffff812966d7>] netlink_sendmsg+0x210/0x278
[1863091.131674]  [<ffffffff81263625>] sock_sendmsg+0xe1/0x104
[1863091.131679]  [<ffffffff812634de>] ? sock_recvmsg+0xed/0x112
[1863091.131684]  [<ffffffff810beea7>] ? lru_cache_add_lru+0x3c/0x3e
[1863091.131691]  [<ffffffff810da976>] ? page_add_new_anon_rmap
+0x5b/0x6c
[1863091.131696]  [<ffffffff810d27c0>] ? do_wp_page+0x65b/0x711
[1863091.131701]  [<ffffffff812631e4>] ? move_addr_to_kernel+0x44/0x49
[1863091.131707]  [<ffffffff8126cf59>] ? verify_iovec+0x4f/0xa6
[1863091.131712]  [<ffffffff81263e29>] __sys_sendmsg+0x20f/0x29c
[1863091.131716]  [<ffffffff810d3ea5>] ? handle_mm_fault+0x1fb/0x211
[1863091.131723]  [<ffffffff8130b1d8>] ? do_page_fault+0x3ab/0x3ea
[1863091.131728]  [<ffffffff810d83a5>] ? do_brk+0x2b8/0x31a
[1863091.131732]  [<ffffffff81264016>] sys_sendmsg+0x3d/0x5e
[1863091.131738]  [<ffffffff8130e852>] system_call_fastpath+0x16/0x1b
[1863091.131742] ---[ end trace 8be56c744dfb7d6c ]---


* removing bonding module from within netns0:
  - /sbin/modprobe -v -r bonding

  produced splat #2

 ------------[ cut here ]------------
[1863281.361003] WARNING: at fs/proc/generic.c:849 remove_proc_entry
+0x208/0x21f()
[1863281.361006] Hardware name: ProLiant DL380 G6
[1863281.361009] remove_proc_entry: removing non-empty directory
'net/bonding', leaking at least 'bond0'
[1863281.361012] Modules linked in: bonding(-) pktgen mperf
cpufreq_userspace cpufreq_stats cpufreq_ondemand freq_table
cpufreq_powersave sctp cpufreq_conservative parport_pc ppdev crc32c
libcrc32c lp parport nfsd lockd nfs_acl auth_rpcgss sunrpc exportfs
binfmt_misc deflate zlib_deflate ctr twofish_x86_64 twofish_generic
twofish_common camellia serpent blowfish_x86_64 blowfish_generic
blowfish_common cast5 des_generic cbc cryptd aes_x86_64 aes_generic xcbc
rmd160 sha512_generic sha256_generic sha1_generic crypto_null af_key
fuse ipv6 loop ipmi_si ipmi_msghandler i7core_edac edac_core psmouse
hpilo hpwdt evdev serio_raw pcspkr processor container button ext3 jbd
mbcache usbhid hid sr_mod cdrom ide_pci_generic ide_core ata_generic sg
sd_mod crc_t10dif mpt2sas scsi_transport_sas raid_class ata_piix libata
hpsa uhci_hcd ehci_hcd scsi_mod bnx2 e1000e(O) thermal thermal_sys [last
unloaded: bonding]
[1863281.361091] Pid: 31678, comm: modprobe Tainted: G        W  O
3.2.18-clim-1-amd64 #1
[1863281.361094] Call Trace:
[1863281.361102]  [<ffffffff8103e54f>] warn_slowpath_common+0x80/0x98
[1863281.361106]  [<ffffffff8103e5fb>] warn_slowpath_fmt+0x41/0x43
[1863281.361111]  [<ffffffff81140362>] remove_proc_entry+0x208/0x21f
[1863281.361120]  [<ffffffffa04a428b>] bond_destroy_proc_dir+0x26/0x32
[bonding]
[1863281.361126]  [<ffffffffa049916e>] bond_net_exit+0x42/0x46 [bonding]
[1863281.361132]  [<ffffffff8126f341>] ops_exit_list+0x25/0x4e
[1863281.361137]  [<ffffffff8126f67a>] unregister_pernet_operations
+0x83/0xb1
[1863281.361141]  [<ffffffff8126f70c>] unregister_pernet_subsys
+0x20/0x31
[1863281.361148]  [<ffffffffa04a4995>] bonding_exit+0x39/0x56 [bonding]
[1863281.361154]  [<ffffffff8107136c>] sys_delete_module+0x1ba/0x226
[1863281.361159]  [<ffffffff810f117a>] ? vfs_write+0x11e/0x153
[1863281.361166]  [<ffffffff8130e852>] system_call_fastpath+0x16/0x1b
[1863281.361169] ---[ end trace 8be56c744dfb7d6d ]---

   - bonding module is removed
   - /sys/class/net/bonding_masters no longer exists in netns and host.



Workaround
----------

* Migrate two phy nics from host to netns (netns0).
  - ip link set ethX netns netns0

* Within netns (netns0):
  - Load bonding module, modprobe -v bonding mode=1 miimon=100
primary=eth6
  - /sys/class/net/bonding_masters exists.
  - create bond0, ip link add dev bond0 type bond.
  - /sys/class/net/bonding_masters contains bond0.
  - ifenslave both ethX to bond0.
  - /proc/net/bonding/bond0 exists.
  - ping on bond0 to remote works.

* Within netns (netns0), flushing ethX and bondY:
  - ip link set ethX/bond0 down
  - ip addr flush dev ethX/bond0
  - Deleting bond0 and removing bonding module works as follows:
     ip link del dev bond0
     modprobe -v -r bonding
     => No splat #1 or #2.

Note: Please cc: me--dilip.daya-VXdhtT5mjnY@public.gmane.org with your comments.

Thanks.

Network namespace and bonding WARNING at fs/proc/generic.c remove_proc_entry

[Dilip Daya]

Hi,

I'd discussed the following with Serge Hallyn.

=> Environment based on 3.2.18 / x86_64 kernel.
=> WARNING: at fs/proc/generic.c:808 remove_proc_entry+0xdb/0x21f()
=> WARNING: at fs/proc/generic.c:849 remove_proc_entry+0x208/0x21f()


network namespace and bonding
-----------------------------

* Migrate two phy nics from host to netns (netns0).
  - ip link set ethX netns netns0

* In host environment:
  - load bonding module, /sbin/modprobe -v bonding mode=1 miimon=100
  - /sys/class/net/bond0 exists.
  - /proc/net/bonding/bond0 exists.
  - /sys/class/net/bonding_masters has bond0.

* Migrate bond0 to netns (netns0):
  - ip link set bond0 netns netns0.

* Within netns (netns0):
  - /sys/class/net/bonding_masters is empty.
  - /sys/class/net/bond0 exist.
  - configure bond0 and ifenslave with two phy nics.
  - /proc/net/bonding/bond0 does not exist within netns0, but does
    exist in the host environment.
  - /sys/class/net/bonding_masters is empty.
  - ping to remote end of bond0 works.

* Within netns (netns0), flushing ethX and bondY:
  - down bond0 and its phy nic interfaces:
  - ip link set ... down
  - ip addr flush dev [bond0 | eth#]
  - deleting bond0, /sbin/ip link del dev bond0

  produced splat #1

[1863091.131448] bonding: bond0: released all slaves
[1863091.131454] (unregistered net_device): mixed no checksumming and
other settings.
[1863091.131463] ------------[ cut here ]------------
[1863091.131472] WARNING: at fs/proc/generic.c:808 remove_proc_entry
+0xdb/0x21f()
[1863091.131475] Hardware name: ProLiant DL380 G6
[1863091.131477] name 'bond0'
[1863091.131479] Modules linked in: bonding pktgen mperf
cpufreq_userspace cpufreq_stats cpufreq_ondemand freq_table
cpufreq_powersave sctp cpufreq_conservative parport_pc ppdev crc32c
libcrc32c lp parport nfsd lockd nfs_acl auth_rpcgss sunrpc exportfs
binfmt_misc deflate zlib_deflate ctr twofish_x86_64 twofish_generic
twofish_common camellia serpent blowfish_x86_64 blowfish_generic
blowfish_common cast5 des_generic cbc cryptd aes_x86_64 aes_generic xcbc
rmd160 sha512_generic sha256_generic sha1_generic crypto_null af_key
fuse ipv6 loop ipmi_si ipmi_msghandler i7core_edac edac_core psmouse
hpilo hpwdt evdev serio_raw pcspkr processor container button ext3 jbd
mbcache usbhid hid sr_mod cdrom ide_pci_generic ide_core ata_generic sg
sd_mod crc_t10dif mpt2sas scsi_transport_sas raid_class ata_piix libata
hpsa uhci_hcd ehci_hcd scsi_mod bnx2 e1000e(O) thermal thermal_sys [last
unloaded: bonding]
[1863091.131563] Pid: 31663, comm: ip Tainted: G        W  O
3.2.18-clim-1-amd64 #1
[1863091.131566] Call Trace:
[1863091.131577]  [<ffffffff8103e54f>] warn_slowpath_common+0x80/0x98
[1863091.131582]  [<ffffffff8103e5fb>] warn_slowpath_fmt+0x41/0x43
[1863091.131587]  [<ffffffff81140235>] remove_proc_entry+0xdb/0x21f
[1863091.131593]  [<ffffffff8105e4f8>] ? raw_notifier_call_chain
+0xf/0x11
[1863091.131600]  [<ffffffff81276077>] ? netdev_features_change
+0x11/0x13
[1863091.131610]  [<ffffffffa04a4336>] bond_remove_proc_entry+0x59/0x72
[bonding]
[1863091.131617]  [<ffffffffa049b3d8>] bond_uninit+0x3a4/0x411 [bonding]
[1863091.131622]  [<ffffffff81281234>] ? rtnl_notify+0x28/0x2a
[1863091.131626]  [<ffffffff812758b0>] rollback_registered_many
+0x189/0x215
[1863091.131631]  [<ffffffff81275952>] unregister_netdevice_many
+0x16/0x63
[1863091.131634]  [<ffffffff8127f591>] rtnl_dellink+0xc8/0xec
[1863091.131642]  [<ffffffff810bb5a0>] ? get_page_from_freelist
+0x5d1/0x6f7
[1863091.131646]  [<ffffffff81281827>] rtnetlink_rcv_msg+0x220/0x23d
[1863091.131650]  [<ffffffff81281607>] ? rtnetlink_rcv+0x28/0x28
[1863091.131656]  [<ffffffff812961b0>] netlink_rcv_skb+0x3e/0x8e
[1863091.131660]  [<ffffffff81281600>] rtnetlink_rcv+0x21/0x28
[1863091.131663]  [<ffffffff81295ed8>] netlink_unicast+0x220/0x297
[1863091.131668]  [<ffffffff812966d7>] netlink_sendmsg+0x210/0x278
[1863091.131674]  [<ffffffff81263625>] sock_sendmsg+0xe1/0x104
[1863091.131679]  [<ffffffff812634de>] ? sock_recvmsg+0xed/0x112
[1863091.131684]  [<ffffffff810beea7>] ? lru_cache_add_lru+0x3c/0x3e
[1863091.131691]  [<ffffffff810da976>] ? page_add_new_anon_rmap
+0x5b/0x6c
[1863091.131696]  [<ffffffff810d27c0>] ? do_wp_page+0x65b/0x711
[1863091.131701]  [<ffffffff812631e4>] ? move_addr_to_kernel+0x44/0x49
[1863091.131707]  [<ffffffff8126cf59>] ? verify_iovec+0x4f/0xa6
[1863091.131712]  [<ffffffff81263e29>] __sys_sendmsg+0x20f/0x29c
[1863091.131716]  [<ffffffff810d3ea5>] ? handle_mm_fault+0x1fb/0x211
[1863091.131723]  [<ffffffff8130b1d8>] ? do_page_fault+0x3ab/0x3ea
[1863091.131728]  [<ffffffff810d83a5>] ? do_brk+0x2b8/0x31a
[1863091.131732]  [<ffffffff81264016>] sys_sendmsg+0x3d/0x5e
[1863091.131738]  [<ffffffff8130e852>] system_call_fastpath+0x16/0x1b
[1863091.131742] ---[ end trace 8be56c744dfb7d6c ]---


* removing bonding module from within netns0:
  - /sbin/modprobe -v -r bonding

  produced splat #2

 ------------[ cut here ]------------
[1863281.361003] WARNING: at fs/proc/generic.c:849 remove_proc_entry
+0x208/0x21f()
[1863281.361006] Hardware name: ProLiant DL380 G6
[1863281.361009] remove_proc_entry: removing non-empty directory
'net/bonding', leaking at least 'bond0'
[1863281.361012] Modules linked in: bonding(-) pktgen mperf
cpufreq_userspace cpufreq_stats cpufreq_ondemand freq_table
cpufreq_powersave sctp cpufreq_conservative parport_pc ppdev crc32c
libcrc32c lp parport nfsd lockd nfs_acl auth_rpcgss sunrpc exportfs
binfmt_misc deflate zlib_deflate ctr twofish_x86_64 twofish_generic
twofish_common camellia serpent blowfish_x86_64 blowfish_generic
blowfish_common cast5 des_generic cbc cryptd aes_x86_64 aes_generic xcbc
rmd160 sha512_generic sha256_generic sha1_generic crypto_null af_key
fuse ipv6 loop ipmi_si ipmi_msghandler i7core_edac edac_core psmouse
hpilo hpwdt evdev serio_raw pcspkr processor container button ext3 jbd
mbcache usbhid hid sr_mod cdrom ide_pci_generic ide_core ata_generic sg
sd_mod crc_t10dif mpt2sas scsi_transport_sas raid_class ata_piix libata
hpsa uhci_hcd ehci_hcd scsi_mod bnx2 e1000e(O) thermal thermal_sys [last
unloaded: bonding]
[1863281.361091] Pid: 31678, comm: modprobe Tainted: G        W  O
3.2.18-clim-1-amd64 #1
[1863281.361094] Call Trace:
[1863281.361102]  [<ffffffff8103e54f>] warn_slowpath_common+0x80/0x98
[1863281.361106]  [<ffffffff8103e5fb>] warn_slowpath_fmt+0x41/0x43
[1863281.361111]  [<ffffffff81140362>] remove_proc_entry+0x208/0x21f
[1863281.361120]  [<ffffffffa04a428b>] bond_destroy_proc_dir+0x26/0x32
[bonding]
[1863281.361126]  [<ffffffffa049916e>] bond_net_exit+0x42/0x46 [bonding]
[1863281.361132]  [<ffffffff8126f341>] ops_exit_list+0x25/0x4e
[1863281.361137]  [<ffffffff8126f67a>] unregister_pernet_operations
+0x83/0xb1
[1863281.361141]  [<ffffffff8126f70c>] unregister_pernet_subsys
+0x20/0x31
[1863281.361148]  [<ffffffffa04a4995>] bonding_exit+0x39/0x56 [bonding]
[1863281.361154]  [<ffffffff8107136c>] sys_delete_module+0x1ba/0x226
[1863281.361159]  [<ffffffff810f117a>] ? vfs_write+0x11e/0x153
[1863281.361166]  [<ffffffff8130e852>] system_call_fastpath+0x16/0x1b
[1863281.361169] ---[ end trace 8be56c744dfb7d6d ]---

   - bonding module is removed
   - /sys/class/net/bonding_masters no longer exists in netns and host.



Workaround
----------

* Migrate two phy nics from host to netns (netns0).
  - ip link set ethX netns netns0

* Within netns (netns0):
  - Load bonding module, modprobe -v bonding mode=1 miimon=100
primary=eth6
  - /sys/class/net/bonding_masters exists.
  - create bond0, ip link add dev bond0 type bond.
  - /sys/class/net/bonding_masters contains bond0.
  - ifenslave both ethX to bond0.
  - /proc/net/bonding/bond0 exists.
  - ping on bond0 to remote works.

* Within netns (netns0), flushing ethX and bondY:
  - ip link set ethX/bond0 down
  - ip addr flush dev ethX/bond0
  - Deleting bond0 and removing bonding module works as follows:
     ip link del dev bond0
     modprobe -v -r bonding
     => No splat #1 or #2.

Note: Please cc: me--dilip.daya@hp.com with your comments.

Thanks.

Re: Network namespace and bonding WARNING at fs/proc/generic.c remove_proc_entry

[Serge E. Hallyn]

Quoting Dilip Daya (dilip.daya-VXdhtT5mjnY@public.gmane.org):
> Hi,
> 
> I'd discussed the following with Serge Hallyn.
> 
> => Environment based on 3.2.18 / x86_64 kernel.
> => WARNING: at fs/proc/generic.c:808 remove_proc_entry+0xdb/0x21f()
> => WARNING: at fs/proc/generic.c:849 remove_proc_entry+0x208/0x21f()

Hi,

thanks much for sending this.  I'm still getting this error on
3.5.0-2-generic (today's ubuntu quantal kernel)

> network namespace and bonding
> -----------------------------
> 
> * Migrate two phy nics from host to netns (netns0).
>   - ip link set ethX netns netns0
> 
> * In host environment:
>   - load bonding module, /sbin/modprobe -v bonding mode=1 miimon=100
>   - /sys/class/net/bond0 exists.
>   - /proc/net/bonding/bond0 exists.
>   - /sys/class/net/bonding_masters has bond0.
> 
> * Migrate bond0 to netns (netns0):
>   - ip link set bond0 netns netns0.
> 
> * Within netns (netns0):
>   - /sys/class/net/bonding_masters is empty.
>   - /sys/class/net/bond0 exist.
>   - configure bond0 and ifenslave with two phy nics.
>   - /proc/net/bonding/bond0 does not exist within netns0, but does
>     exist in the host environment.
>   - /sys/class/net/bonding_masters is empty.

mine is not empty, fwiw.  However

>   - ping to remote end of bond0 works.
> 
> * Within netns (netns0), flushing ethX and bondY:
>   - down bond0 and its phy nic interfaces:
>   - ip link set ... down
>   - ip addr flush dev [bond0 | eth#]
>   - deleting bond0, /sbin/ip link del dev bond0

Yup I still get a remove_proc_entry WARNING at fs/proc/generic.c:808,
which is the warning when (!de)

-serge

Re: Network namespace and bonding WARNING at fs/proc/generic.c remove_proc_entry

[Serge E. Hallyn]

Quoting Dilip Daya (dilip.daya@hp.com):
> Hi,
> 
> I'd discussed the following with Serge Hallyn.
> 
> => Environment based on 3.2.18 / x86_64 kernel.
> => WARNING: at fs/proc/generic.c:808 remove_proc_entry+0xdb/0x21f()
> => WARNING: at fs/proc/generic.c:849 remove_proc_entry+0x208/0x21f()

Hi,

thanks much for sending this.  I'm still getting this error on
3.5.0-2-generic (today's ubuntu quantal kernel)

> network namespace and bonding
> -----------------------------
> 
> * Migrate two phy nics from host to netns (netns0).
>   - ip link set ethX netns netns0
> 
> * In host environment:
>   - load bonding module, /sbin/modprobe -v bonding mode=1 miimon=100
>   - /sys/class/net/bond0 exists.
>   - /proc/net/bonding/bond0 exists.
>   - /sys/class/net/bonding_masters has bond0.
> 
> * Migrate bond0 to netns (netns0):
>   - ip link set bond0 netns netns0.
> 
> * Within netns (netns0):
>   - /sys/class/net/bonding_masters is empty.
>   - /sys/class/net/bond0 exist.
>   - configure bond0 and ifenslave with two phy nics.
>   - /proc/net/bonding/bond0 does not exist within netns0, but does
>     exist in the host environment.
>   - /sys/class/net/bonding_masters is empty.

mine is not empty, fwiw.  However

>   - ping to remote end of bond0 works.
> 
> * Within netns (netns0), flushing ethX and bondY:
>   - down bond0 and its phy nic interfaces:
>   - ip link set ... down
>   - ip addr flush dev [bond0 | eth#]
>   - deleting bond0, /sbin/ip link del dev bond0

Yup I still get a remove_proc_entry WARNING at fs/proc/generic.c:808,
which is the warning when (!de)

-serge

Re: Network namespace and bonding WARNING at fs/proc/generic.c remove_proc_entry

[Eric W. Biederman]

"Serge E. Hallyn" <serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org> writes:

> Quoting Dilip Daya (dilip.daya-VXdhtT5mjnY@public.gmane.org):
>> Hi,
>> 
>> I'd discussed the following with Serge Hallyn.
>> 
>> => Environment based on 3.2.18 / x86_64 kernel.
>> => WARNING: at fs/proc/generic.c:808 remove_proc_entry+0xdb/0x21f()
>> => WARNING: at fs/proc/generic.c:849 remove_proc_entry+0x208/0x21f()
>
> Hi,
>
> thanks much for sending this.  I'm still getting this error on
> 3.5.0-2-generic (today's ubuntu quantal kernel)
>
>> network namespace and bonding
>> -----------------------------
>> 
>> * Migrate two phy nics from host to netns (netns0).
>>   - ip link set ethX netns netns0
>> 
>> * In host environment:
>>   - load bonding module, /sbin/modprobe -v bonding mode=1 miimon=100
>>   - /sys/class/net/bond0 exists.
>>   - /proc/net/bonding/bond0 exists.
>>   - /sys/class/net/bonding_masters has bond0.
>> 
>> * Migrate bond0 to netns (netns0):
>>   - ip link set bond0 netns netns0.
>> 
>> * Within netns (netns0):
>>   - /sys/class/net/bonding_masters is empty.
>>   - /sys/class/net/bond0 exist.
>>   - configure bond0 and ifenslave with two phy nics.
>>   - /proc/net/bonding/bond0 does not exist within netns0, but does
>>     exist in the host environment.
>>   - /sys/class/net/bonding_masters is empty.
>
> mine is not empty, fwiw.  However
>
>>   - ping to remote end of bond0 works.
>> 
>> * Within netns (netns0), flushing ethX and bondY:
>>   - down bond0 and its phy nic interfaces:
>>   - ip link set ... down
>>   - ip addr flush dev [bond0 | eth#]
>>   - deleting bond0, /sbin/ip link del dev bond0
>
> Yup I still get a remove_proc_entry WARNING at fs/proc/generic.c:808,
> which is the warning when (!de)

It looks like Dilip is running an old kernel.  There should have been
some version of /sys/class/net/bonding_masters in every network
namespace since sometime in 2009.

From the warning it looks like the proc files are being added/removed
to the wrong network namespace.  So in one namespace we get an error
when we delete the moved device and in the other network namespace
we get an error when we remove the /proc/directory.

An old kernel without proper network namespace support is the only
reason I can imagine someone would be moving an existing bond device
between network namespaces.

If there are other reasons for wanting to move a bonding device between
network namespaces it is possible to catch the NETDEV_UNREGISTER and
NETDEV_REGISTER events to remove/add the per device proc files at the
appropriate time.

However since moving bonding devices appears to be an unneded operation
let's just do things simply and forbid moving bonding devices between
network namespaces.  Serge, Dilip can you two test the patch below
and see if it fixes the warnings.

Eric


diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index 2ee8cf9..818ed64 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -4345,6 +4345,9 @@ static void bond_setup(struct net_device *bond_dev)
        bond_dev->priv_flags |= IFF_BONDING;
        bond_dev->priv_flags &= ~(IFF_XMIT_DST_RELEASE | IFF_TX_SKB_SHARING);
 
+       /* Don't allow bond devices to change network namespaces. */
+       bond_dev->features |= NETIF_F_LOCAL;
+
        /* At first, we block adding VLANs. That's the only way to
         * prevent problems that occur when adding VLANs over an
         * empty bond. The block will be removed once non-challenged

Re: Network namespace and bonding WARNING at fs/proc/generic.c remove_proc_entry

[Eric W. Biederman]

"Serge E. Hallyn" <serge@hallyn.com> writes:

> Quoting Dilip Daya (dilip.daya@hp.com):
>> Hi,
>> 
>> I'd discussed the following with Serge Hallyn.
>> 
>> => Environment based on 3.2.18 / x86_64 kernel.
>> => WARNING: at fs/proc/generic.c:808 remove_proc_entry+0xdb/0x21f()
>> => WARNING: at fs/proc/generic.c:849 remove_proc_entry+0x208/0x21f()
>
> Hi,
>
> thanks much for sending this.  I'm still getting this error on
> 3.5.0-2-generic (today's ubuntu quantal kernel)
>
>> network namespace and bonding
>> -----------------------------
>> 
>> * Migrate two phy nics from host to netns (netns0).
>>   - ip link set ethX netns netns0
>> 
>> * In host environment:
>>   - load bonding module, /sbin/modprobe -v bonding mode=1 miimon=100
>>   - /sys/class/net/bond0 exists.
>>   - /proc/net/bonding/bond0 exists.
>>   - /sys/class/net/bonding_masters has bond0.
>> 
>> * Migrate bond0 to netns (netns0):
>>   - ip link set bond0 netns netns0.
>> 
>> * Within netns (netns0):
>>   - /sys/class/net/bonding_masters is empty.
>>   - /sys/class/net/bond0 exist.
>>   - configure bond0 and ifenslave with two phy nics.
>>   - /proc/net/bonding/bond0 does not exist within netns0, but does
>>     exist in the host environment.
>>   - /sys/class/net/bonding_masters is empty.
>
> mine is not empty, fwiw.  However
>
>>   - ping to remote end of bond0 works.
>> 
>> * Within netns (netns0), flushing ethX and bondY:
>>   - down bond0 and its phy nic interfaces:
>>   - ip link set ... down
>>   - ip addr flush dev [bond0 | eth#]
>>   - deleting bond0, /sbin/ip link del dev bond0
>
> Yup I still get a remove_proc_entry WARNING at fs/proc/generic.c:808,
> which is the warning when (!de)

It looks like Dilip is running an old kernel.  There should have been
some version of /sys/class/net/bonding_masters in every network
namespace since sometime in 2009.

>From the warning it looks like the proc files are being added/removed
to the wrong network namespace.  So in one namespace we get an error
when we delete the moved device and in the other network namespace
we get an error when we remove the /proc/directory.

An old kernel without proper network namespace support is the only
reason I can imagine someone would be moving an existing bond device
between network namespaces.

If there are other reasons for wanting to move a bonding device between
network namespaces it is possible to catch the NETDEV_UNREGISTER and
NETDEV_REGISTER events to remove/add the per device proc files at the
appropriate time.

However since moving bonding devices appears to be an unneded operation
let's just do things simply and forbid moving bonding devices between
network namespaces.  Serge, Dilip can you two test the patch below
and see if it fixes the warnings.

Eric


diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index 2ee8cf9..818ed64 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -4345,6 +4345,9 @@ static void bond_setup(struct net_device *bond_dev)
        bond_dev->priv_flags |= IFF_BONDING;
        bond_dev->priv_flags &= ~(IFF_XMIT_DST_RELEASE | IFF_TX_SKB_SHARING);
 
+       /* Don't allow bond devices to change network namespaces. */
+       bond_dev->features |= NETIF_F_LOCAL;
+
        /* At first, we block adding VLANs. That's the only way to
         * prevent problems that occur when adding VLANs over an
         * empty bond. The block will be removed once non-challenged

Re: Network namespace and bonding WARNING at fs/proc/generic.c remove_proc_entry

[Serge E. Hallyn]

Quoting Eric W. Biederman (ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org):
> "Serge E. Hallyn" <serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org> writes:
> 
> > Quoting Dilip Daya (dilip.daya-VXdhtT5mjnY@public.gmane.org):
> >> Hi,
> >> 
> >> I'd discussed the following with Serge Hallyn.
> >> 
> >> => Environment based on 3.2.18 / x86_64 kernel.
> >> => WARNING: at fs/proc/generic.c:808 remove_proc_entry+0xdb/0x21f()
> >> => WARNING: at fs/proc/generic.c:849 remove_proc_entry+0x208/0x21f()
> >
> > Hi,
> >
> > thanks much for sending this.  I'm still getting this error on
> > 3.5.0-2-generic (today's ubuntu quantal kernel)
> >
> >> network namespace and bonding
> >> -----------------------------
> >> 
> >> * Migrate two phy nics from host to netns (netns0).
> >>   - ip link set ethX netns netns0
> >> 
> >> * In host environment:
> >>   - load bonding module, /sbin/modprobe -v bonding mode=1 miimon=100
> >>   - /sys/class/net/bond0 exists.
> >>   - /proc/net/bonding/bond0 exists.
> >>   - /sys/class/net/bonding_masters has bond0.
> >> 
> >> * Migrate bond0 to netns (netns0):
> >>   - ip link set bond0 netns netns0.
> >> 
> >> * Within netns (netns0):
> >>   - /sys/class/net/bonding_masters is empty.
> >>   - /sys/class/net/bond0 exist.
> >>   - configure bond0 and ifenslave with two phy nics.
> >>   - /proc/net/bonding/bond0 does not exist within netns0, but does
> >>     exist in the host environment.
> >>   - /sys/class/net/bonding_masters is empty.
> >
> > mine is not empty, fwiw.  However
> >
> >>   - ping to remote end of bond0 works.
> >> 
> >> * Within netns (netns0), flushing ethX and bondY:
> >>   - down bond0 and its phy nic interfaces:
> >>   - ip link set ... down
> >>   - ip addr flush dev [bond0 | eth#]
> >>   - deleting bond0, /sbin/ip link del dev bond0
> >
> > Yup I still get a remove_proc_entry WARNING at fs/proc/generic.c:808,
> > which is the warning when (!de)
> 
> It looks like Dilip is running an old kernel.  There should have been
> some version of /sys/class/net/bonding_masters in every network
> namespace since sometime in 2009.
> 
> >From the warning it looks like the proc files are being added/removed
> to the wrong network namespace.  So in one namespace we get an error
> when we delete the moved device and in the other network namespace
> we get an error when we remove the /proc/directory.
> 
> An old kernel without proper network namespace support is the only
> reason I can imagine someone would be moving an existing bond device
> between network namespaces.
> 
> If there are other reasons for wanting to move a bonding device between
> network namespaces it is possible to catch the NETDEV_UNREGISTER and
> NETDEV_REGISTER events to remove/add the per device proc files at the
> appropriate time.
> 
> However since moving bonding devices appears to be an unneded operation
> let's just do things simply and forbid moving bonding devices between
> network namespaces.  Serge, Dilip can you two test the patch below
> and see if it fixes the warnings.
> 
> Eric
> 
> 
> diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
> index 2ee8cf9..818ed64 100644
> --- a/drivers/net/bonding/bond_main.c
> +++ b/drivers/net/bonding/bond_main.c
> @@ -4345,6 +4345,9 @@ static void bond_setup(struct net_device *bond_dev)
>         bond_dev->priv_flags |= IFF_BONDING;
>         bond_dev->priv_flags &= ~(IFF_XMIT_DST_RELEASE | IFF_TX_SKB_SHARING);
>  
> +       /* Don't allow bond devices to change network namespaces. */
> +       bond_dev->features |= NETIF_F_LOCAL;

I believe this needs to be NETIF_F_NETNS_LOCAL.  Test build still going with
that change.

> +
>         /* At first, we block adding VLANs. That's the only way to
>          * prevent problems that occur when adding VLANs over an
>          * empty bond. The block will be removed once non-challenged

Re: Network namespace and bonding WARNING at fs/proc/generic.c remove_proc_entry

[Serge E. Hallyn]

Quoting Eric W. Biederman (ebiederm@xmission.com):
> "Serge E. Hallyn" <serge@hallyn.com> writes:
> 
> > Quoting Dilip Daya (dilip.daya@hp.com):
> >> Hi,
> >> 
> >> I'd discussed the following with Serge Hallyn.
> >> 
> >> => Environment based on 3.2.18 / x86_64 kernel.
> >> => WARNING: at fs/proc/generic.c:808 remove_proc_entry+0xdb/0x21f()
> >> => WARNING: at fs/proc/generic.c:849 remove_proc_entry+0x208/0x21f()
> >
> > Hi,
> >
> > thanks much for sending this.  I'm still getting this error on
> > 3.5.0-2-generic (today's ubuntu quantal kernel)
> >
> >> network namespace and bonding
> >> -----------------------------
> >> 
> >> * Migrate two phy nics from host to netns (netns0).
> >>   - ip link set ethX netns netns0
> >> 
> >> * In host environment:
> >>   - load bonding module, /sbin/modprobe -v bonding mode=1 miimon=100
> >>   - /sys/class/net/bond0 exists.
> >>   - /proc/net/bonding/bond0 exists.
> >>   - /sys/class/net/bonding_masters has bond0.
> >> 
> >> * Migrate bond0 to netns (netns0):
> >>   - ip link set bond0 netns netns0.
> >> 
> >> * Within netns (netns0):
> >>   - /sys/class/net/bonding_masters is empty.
> >>   - /sys/class/net/bond0 exist.
> >>   - configure bond0 and ifenslave with two phy nics.
> >>   - /proc/net/bonding/bond0 does not exist within netns0, but does
> >>     exist in the host environment.
> >>   - /sys/class/net/bonding_masters is empty.
> >
> > mine is not empty, fwiw.  However
> >
> >>   - ping to remote end of bond0 works.
> >> 
> >> * Within netns (netns0), flushing ethX and bondY:
> >>   - down bond0 and its phy nic interfaces:
> >>   - ip link set ... down
> >>   - ip addr flush dev [bond0 | eth#]
> >>   - deleting bond0, /sbin/ip link del dev bond0
> >
> > Yup I still get a remove_proc_entry WARNING at fs/proc/generic.c:808,
> > which is the warning when (!de)
> 
> It looks like Dilip is running an old kernel.  There should have been
> some version of /sys/class/net/bonding_masters in every network
> namespace since sometime in 2009.
> 
> >From the warning it looks like the proc files are being added/removed
> to the wrong network namespace.  So in one namespace we get an error
> when we delete the moved device and in the other network namespace
> we get an error when we remove the /proc/directory.
> 
> An old kernel without proper network namespace support is the only
> reason I can imagine someone would be moving an existing bond device
> between network namespaces.
> 
> If there are other reasons for wanting to move a bonding device between
> network namespaces it is possible to catch the NETDEV_UNREGISTER and
> NETDEV_REGISTER events to remove/add the per device proc files at the
> appropriate time.
> 
> However since moving bonding devices appears to be an unneded operation
> let's just do things simply and forbid moving bonding devices between
> network namespaces.  Serge, Dilip can you two test the patch below
> and see if it fixes the warnings.
> 
> Eric
> 
> 
> diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
> index 2ee8cf9..818ed64 100644
> --- a/drivers/net/bonding/bond_main.c
> +++ b/drivers/net/bonding/bond_main.c
> @@ -4345,6 +4345,9 @@ static void bond_setup(struct net_device *bond_dev)
>         bond_dev->priv_flags |= IFF_BONDING;
>         bond_dev->priv_flags &= ~(IFF_XMIT_DST_RELEASE | IFF_TX_SKB_SHARING);
>  
> +       /* Don't allow bond devices to change network namespaces. */
> +       bond_dev->features |= NETIF_F_LOCAL;

I believe this needs to be NETIF_F_NETNS_LOCAL.  Test build still going with
that change.

> +
>         /* At first, we block adding VLANs. That's the only way to
>          * prevent problems that occur when adding VLANs over an
>          * empty bond. The block will be removed once non-challenged

Re: Network namespace and bonding WARNING at fs/proc/generic.c remove_proc_entry

[Dilip Daya]

Hi Eric,

On Thu, 2012-07-05 at 17:41 -0700, Eric W. Biederman wrote:
> "Serge E. Hallyn" <serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org> writes:
> 
> > Quoting Dilip Daya (dilip.daya-VXdhtT5mjnY@public.gmane.org):
> >> Hi,
> >> 
> >> I'd discussed the following with Serge Hallyn.
> >> 
> >> => Environment based on 3.2.18 / x86_64 kernel.
> >> => WARNING: at fs/proc/generic.c:808 remove_proc_entry+0xdb/0x21f()
> >> => WARNING: at fs/proc/generic.c:849 remove_proc_entry+0x208/0x21f()
> >
> > Hi,
> >
> > thanks much for sending this.  I'm still getting this error on
> > 3.5.0-2-generic (today's ubuntu quantal kernel)
> >
> >> network namespace and bonding
> >> -----------------------------
> >> 
> >> * Migrate two phy nics from host to netns (netns0).
> >>   - ip link set ethX netns netns0
> >> 
> >> * In host environment:
> >>   - load bonding module, /sbin/modprobe -v bonding mode=1 miimon=100
> >>   - /sys/class/net/bond0 exists.
> >>   - /proc/net/bonding/bond0 exists.
> >>   - /sys/class/net/bonding_masters has bond0.
> >> 
> >> * Migrate bond0 to netns (netns0):
> >>   - ip link set bond0 netns netns0.
> >> 
> >> * Within netns (netns0):
> >>   - /sys/class/net/bonding_masters is empty.
> >>   - /sys/class/net/bond0 exist.
> >>   - configure bond0 and ifenslave with two phy nics.
> >>   - /proc/net/bonding/bond0 does not exist within netns0, but does
> >>     exist in the host environment.
> >>   - /sys/class/net/bonding_masters is empty.
> >
> > mine is not empty, fwiw.  However
> >
> >>   - ping to remote end of bond0 works.
> >> 
> >> * Within netns (netns0), flushing ethX and bondY:
> >>   - down bond0 and its phy nic interfaces:
> >>   - ip link set ... down
> >>   - ip addr flush dev [bond0 | eth#]
> >>   - deleting bond0, /sbin/ip link del dev bond0
> >
> > Yup I still get a remove_proc_entry WARNING at fs/proc/generic.c:808,
> > which is the warning when (!de)
> 
> It looks like Dilip is running an old kernel.  There should have been
> some version of /sys/class/net/bonding_masters in every network
> namespace since sometime in 2009.
> 
> >From the warning it looks like the proc files are being added/removed
> to the wrong network namespace.  So in one namespace we get an error
> when we delete the moved device and in the other network namespace
> we get an error when we remove the /proc/directory.
> 
> An old kernel without proper network namespace support is the only
> reason I can imagine someone would be moving an existing bond device
> between network namespaces.
> 
> If there are other reasons for wanting to move a bonding device between
> network namespaces it is possible to catch the NETDEV_UNREGISTER and
> NETDEV_REGISTER events to remove/add the per device proc files at the
> appropriate time.


We do need to move bonds between namespaces - because we require
physical interfaces in each namespace -- we don't want the overheads of
virtual interfaces, don't have the management infrastructure, and don't
want to manufacture fake mac addresses that would be required for
macvlan interfaces.   Since the bonds are implicitly created in the host
namespace, the only way we know to get bonds directly into the
namespaces is to move them.

Would "NETDEV_UNREGISTER and NETDEV_REGISTER events to remove/add the
per device proc files at the appropriate time." help in the case?


-DilipD.


> However since moving bonding devices appears to be an unneded operation
> let's just do things simply and forbid moving bonding devices between
> network namespaces.  Serge, Dilip can you two test the patch below
> and see if it fixes the warnings.
> 
> Eric
> 
> 
> diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
> index 2ee8cf9..818ed64 100644
> --- a/drivers/net/bonding/bond_main.c
> +++ b/drivers/net/bonding/bond_main.c
> @@ -4345,6 +4345,9 @@ static void bond_setup(struct net_device *bond_dev)
>         bond_dev->priv_flags |= IFF_BONDING;
>         bond_dev->priv_flags &= ~(IFF_XMIT_DST_RELEASE | IFF_TX_SKB_SHARING);
>  
> +       /* Don't allow bond devices to change network namespaces. */
> +       bond_dev->features |= NETIF_F_LOCAL;
> +
>         /* At first, we block adding VLANs. That's the only way to
>          * prevent problems that occur when adding VLANs over an
>          * empty bond. The block will be removed once non-challenged

Re: Network namespace and bonding WARNING at fs/proc/generic.c remove_proc_entry

[Dilip Daya]

Hi Eric,

On Thu, 2012-07-05 at 17:41 -0700, Eric W. Biederman wrote:
> "Serge E. Hallyn" <serge@hallyn.com> writes:
> 
> > Quoting Dilip Daya (dilip.daya@hp.com):
> >> Hi,
> >> 
> >> I'd discussed the following with Serge Hallyn.
> >> 
> >> => Environment based on 3.2.18 / x86_64 kernel.
> >> => WARNING: at fs/proc/generic.c:808 remove_proc_entry+0xdb/0x21f()
> >> => WARNING: at fs/proc/generic.c:849 remove_proc_entry+0x208/0x21f()
> >
> > Hi,
> >
> > thanks much for sending this.  I'm still getting this error on
> > 3.5.0-2-generic (today's ubuntu quantal kernel)
> >
> >> network namespace and bonding
> >> -----------------------------
> >> 
> >> * Migrate two phy nics from host to netns (netns0).
> >>   - ip link set ethX netns netns0
> >> 
> >> * In host environment:
> >>   - load bonding module, /sbin/modprobe -v bonding mode=1 miimon=100
> >>   - /sys/class/net/bond0 exists.
> >>   - /proc/net/bonding/bond0 exists.
> >>   - /sys/class/net/bonding_masters has bond0.
> >> 
> >> * Migrate bond0 to netns (netns0):
> >>   - ip link set bond0 netns netns0.
> >> 
> >> * Within netns (netns0):
> >>   - /sys/class/net/bonding_masters is empty.
> >>   - /sys/class/net/bond0 exist.
> >>   - configure bond0 and ifenslave with two phy nics.
> >>   - /proc/net/bonding/bond0 does not exist within netns0, but does
> >>     exist in the host environment.
> >>   - /sys/class/net/bonding_masters is empty.
> >
> > mine is not empty, fwiw.  However
> >
> >>   - ping to remote end of bond0 works.
> >> 
> >> * Within netns (netns0), flushing ethX and bondY:
> >>   - down bond0 and its phy nic interfaces:
> >>   - ip link set ... down
> >>   - ip addr flush dev [bond0 | eth#]
> >>   - deleting bond0, /sbin/ip link del dev bond0
> >
> > Yup I still get a remove_proc_entry WARNING at fs/proc/generic.c:808,
> > which is the warning when (!de)
> 
> It looks like Dilip is running an old kernel.  There should have been
> some version of /sys/class/net/bonding_masters in every network
> namespace since sometime in 2009.
> 
> >From the warning it looks like the proc files are being added/removed
> to the wrong network namespace.  So in one namespace we get an error
> when we delete the moved device and in the other network namespace
> we get an error when we remove the /proc/directory.
> 
> An old kernel without proper network namespace support is the only
> reason I can imagine someone would be moving an existing bond device
> between network namespaces.
> 
> If there are other reasons for wanting to move a bonding device between
> network namespaces it is possible to catch the NETDEV_UNREGISTER and
> NETDEV_REGISTER events to remove/add the per device proc files at the
> appropriate time.


We do need to move bonds between namespaces - because we require
physical interfaces in each namespace -- we don't want the overheads of
virtual interfaces, don't have the management infrastructure, and don't
want to manufacture fake mac addresses that would be required for
macvlan interfaces.   Since the bonds are implicitly created in the host
namespace, the only way we know to get bonds directly into the
namespaces is to move them.

Would "NETDEV_UNREGISTER and NETDEV_REGISTER events to remove/add the
per device proc files at the appropriate time." help in the case?


-DilipD.


> However since moving bonding devices appears to be an unneded operation
> let's just do things simply and forbid moving bonding devices between
> network namespaces.  Serge, Dilip can you two test the patch below
> and see if it fixes the warnings.
> 
> Eric
> 
> 
> diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
> index 2ee8cf9..818ed64 100644
> --- a/drivers/net/bonding/bond_main.c
> +++ b/drivers/net/bonding/bond_main.c
> @@ -4345,6 +4345,9 @@ static void bond_setup(struct net_device *bond_dev)
>         bond_dev->priv_flags |= IFF_BONDING;
>         bond_dev->priv_flags &= ~(IFF_XMIT_DST_RELEASE | IFF_TX_SKB_SHARING);
>  
> +       /* Don't allow bond devices to change network namespaces. */
> +       bond_dev->features |= NETIF_F_LOCAL;
> +
>         /* At first, we block adding VLANs. That's the only way to
>          * prevent problems that occur when adding VLANs over an
>          * empty bond. The block will be removed once non-challenged

Re: Network namespace and bonding WARNING at fs/proc/generic.c remove_proc_entry

[Dilip Daya]

Hi Serge,

On Fri, 2012-07-06 at 17:05 +0000, Serge E. Hallyn wrote:
> Quoting Eric W. Biederman (ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org):
> > "Serge E. Hallyn" <serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org> writes:
> > 
> > > Quoting Dilip Daya (dilip.daya-VXdhtT5mjnY@public.gmane.org):
> > >> Hi,
> > >> 
> > >> I'd discussed the following with Serge Hallyn.
> > >> 
> > >> => Environment based on 3.2.18 / x86_64 kernel.
> > >> => WARNING: at fs/proc/generic.c:808 remove_proc_entry+0xdb/0x21f()
> > >> => WARNING: at fs/proc/generic.c:849 remove_proc_entry+0x208/0x21f()
> > >
> > > Hi,
> > >
> > > thanks much for sending this.  I'm still getting this error on
> > > 3.5.0-2-generic (today's ubuntu quantal kernel)
> > >
> > >> network namespace and bonding
> > >> -----------------------------
> > >> 
> > >> * Migrate two phy nics from host to netns (netns0).
> > >>   - ip link set ethX netns netns0
> > >> 
> > >> * In host environment:
> > >>   - load bonding module, /sbin/modprobe -v bonding mode=1 miimon=100
> > >>   - /sys/class/net/bond0 exists.
> > >>   - /proc/net/bonding/bond0 exists.
> > >>   - /sys/class/net/bonding_masters has bond0.
> > >> 
> > >> * Migrate bond0 to netns (netns0):
> > >>   - ip link set bond0 netns netns0.
> > >> 
> > >> * Within netns (netns0):
> > >>   - /sys/class/net/bonding_masters is empty.
> > >>   - /sys/class/net/bond0 exist.
> > >>   - configure bond0 and ifenslave with two phy nics.
> > >>   - /proc/net/bonding/bond0 does not exist within netns0, but does
> > >>     exist in the host environment.
> > >>   - /sys/class/net/bonding_masters is empty.
> > >
> > > mine is not empty, fwiw.  However
> > >
> > >>   - ping to remote end of bond0 works.
> > >> 
> > >> * Within netns (netns0), flushing ethX and bondY:
> > >>   - down bond0 and its phy nic interfaces:
> > >>   - ip link set ... down
> > >>   - ip addr flush dev [bond0 | eth#]
> > >>   - deleting bond0, /sbin/ip link del dev bond0
> > >
> > > Yup I still get a remove_proc_entry WARNING at fs/proc/generic.c:808,
> > > which is the warning when (!de)
> > 
> > It looks like Dilip is running an old kernel.  There should have been
> > some version of /sys/class/net/bonding_masters in every network
> > namespace since sometime in 2009.
> > 
> > >From the warning it looks like the proc files are being added/removed
> > to the wrong network namespace.  So in one namespace we get an error
> > when we delete the moved device and in the other network namespace
> > we get an error when we remove the /proc/directory.
> > 
> > An old kernel without proper network namespace support is the only
> > reason I can imagine someone would be moving an existing bond device
> > between network namespaces.
> > 
> > If there are other reasons for wanting to move a bonding device between
> > network namespaces it is possible to catch the NETDEV_UNREGISTER and
> > NETDEV_REGISTER events to remove/add the per device proc files at the
> > appropriate time.
> > 
> > However since moving bonding devices appears to be an unneded operation
> > let's just do things simply and forbid moving bonding devices between
> > network namespaces.  Serge, Dilip can you two test the patch below
> > and see if it fixes the warnings.
> > 
> > Eric
> > 
> > 
> > diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
> > index 2ee8cf9..818ed64 100644
> > --- a/drivers/net/bonding/bond_main.c
> > +++ b/drivers/net/bonding/bond_main.c
> > @@ -4345,6 +4345,9 @@ static void bond_setup(struct net_device *bond_dev)
> >         bond_dev->priv_flags |= IFF_BONDING;
> >         bond_dev->priv_flags &= ~(IFF_XMIT_DST_RELEASE | IFF_TX_SKB_SHARING);
> >  
> > +       /* Don't allow bond devices to change network namespaces. */
> > +       bond_dev->features |= NETIF_F_LOCAL;
> 
> I believe this needs to be NETIF_F_NETNS_LOCAL.  Test build still going with
> that change.


Correct, I made that change and rebuilt bonding driver:

# modinfo bonding | head
filename:       /lib/modules/3.2.18-clim-3-amd64/kernel/drivers/net/bonding/bonding.ko
alias:          rtnl-link-bond
author:         Thomas Davis, tadavis-/3juihCSby0@public.gmane.org and many others
description:    Ethernet Channel Bonding Driver, v3.7.1-netns
version:        3.7.1-netns
...


My results with the above bonding driver:

(1) Migrating bond0 from host to netns:

  # ip link set bond0 netns netns0
  RTNETLINK answers: Invalid argument

  => cannot migrate bond0 from host to netns.
  => No warnings.


(2) Loading bonding module in host environment and unloading bonding
    module from within netns:

  # modprobe -v -r bonding
  #
rmmod /lib/modules/3.2.18-clim-3-amd64/kernel/drivers/net/bonding/bonding.ko

	# lsmod | grep bond
	<<< bonding module does not exist >>>

	# ll /sys/class/net/
total 0
lrwxrwxrwx 1 root root 0 Jul  6 11:00 lo
-> ../../devices/virtual/net/lo/
lrwxrwxrwx 1 root root 0 Jul  6 11:00 eth7
-> ../../devices/pci0000:00/0000:00:05.0/0000:14:00.1/net/eth7/
lrwxrwxrwx 1 root root 0 Jul  6 11:00 eth6
-> ../../devices/pci0000:00/0000:00:05.0/0000:14:00.0/net/eth6/

	=> No warnings.


-DilipD.

Re: Network namespace and bonding WARNING at fs/proc/generic.c remove_proc_entry

[Dilip Daya]

Hi Serge,

On Fri, 2012-07-06 at 17:05 +0000, Serge E. Hallyn wrote:
> Quoting Eric W. Biederman (ebiederm@xmission.com):
> > "Serge E. Hallyn" <serge@hallyn.com> writes:
> > 
> > > Quoting Dilip Daya (dilip.daya@hp.com):
> > >> Hi,
> > >> 
> > >> I'd discussed the following with Serge Hallyn.
> > >> 
> > >> => Environment based on 3.2.18 / x86_64 kernel.
> > >> => WARNING: at fs/proc/generic.c:808 remove_proc_entry+0xdb/0x21f()
> > >> => WARNING: at fs/proc/generic.c:849 remove_proc_entry+0x208/0x21f()
> > >
> > > Hi,
> > >
> > > thanks much for sending this.  I'm still getting this error on
> > > 3.5.0-2-generic (today's ubuntu quantal kernel)
> > >
> > >> network namespace and bonding
> > >> -----------------------------
> > >> 
> > >> * Migrate two phy nics from host to netns (netns0).
> > >>   - ip link set ethX netns netns0
> > >> 
> > >> * In host environment:
> > >>   - load bonding module, /sbin/modprobe -v bonding mode=1 miimon=100
> > >>   - /sys/class/net/bond0 exists.
> > >>   - /proc/net/bonding/bond0 exists.
> > >>   - /sys/class/net/bonding_masters has bond0.
> > >> 
> > >> * Migrate bond0 to netns (netns0):
> > >>   - ip link set bond0 netns netns0.
> > >> 
> > >> * Within netns (netns0):
> > >>   - /sys/class/net/bonding_masters is empty.
> > >>   - /sys/class/net/bond0 exist.
> > >>   - configure bond0 and ifenslave with two phy nics.
> > >>   - /proc/net/bonding/bond0 does not exist within netns0, but does
> > >>     exist in the host environment.
> > >>   - /sys/class/net/bonding_masters is empty.
> > >
> > > mine is not empty, fwiw.  However
> > >
> > >>   - ping to remote end of bond0 works.
> > >> 
> > >> * Within netns (netns0), flushing ethX and bondY:
> > >>   - down bond0 and its phy nic interfaces:
> > >>   - ip link set ... down
> > >>   - ip addr flush dev [bond0 | eth#]
> > >>   - deleting bond0, /sbin/ip link del dev bond0
> > >
> > > Yup I still get a remove_proc_entry WARNING at fs/proc/generic.c:808,
> > > which is the warning when (!de)
> > 
> > It looks like Dilip is running an old kernel.  There should have been
> > some version of /sys/class/net/bonding_masters in every network
> > namespace since sometime in 2009.
> > 
> > >From the warning it looks like the proc files are being added/removed
> > to the wrong network namespace.  So in one namespace we get an error
> > when we delete the moved device and in the other network namespace
> > we get an error when we remove the /proc/directory.
> > 
> > An old kernel without proper network namespace support is the only
> > reason I can imagine someone would be moving an existing bond device
> > between network namespaces.
> > 
> > If there are other reasons for wanting to move a bonding device between
> > network namespaces it is possible to catch the NETDEV_UNREGISTER and
> > NETDEV_REGISTER events to remove/add the per device proc files at the
> > appropriate time.
> > 
> > However since moving bonding devices appears to be an unneded operation
> > let's just do things simply and forbid moving bonding devices between
> > network namespaces.  Serge, Dilip can you two test the patch below
> > and see if it fixes the warnings.
> > 
> > Eric
> > 
> > 
> > diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
> > index 2ee8cf9..818ed64 100644
> > --- a/drivers/net/bonding/bond_main.c
> > +++ b/drivers/net/bonding/bond_main.c
> > @@ -4345,6 +4345,9 @@ static void bond_setup(struct net_device *bond_dev)
> >         bond_dev->priv_flags |= IFF_BONDING;
> >         bond_dev->priv_flags &= ~(IFF_XMIT_DST_RELEASE | IFF_TX_SKB_SHARING);
> >  
> > +       /* Don't allow bond devices to change network namespaces. */
> > +       bond_dev->features |= NETIF_F_LOCAL;
> 
> I believe this needs to be NETIF_F_NETNS_LOCAL.  Test build still going with
> that change.


Correct, I made that change and rebuilt bonding driver:

# modinfo bonding | head
filename:       /lib/modules/3.2.18-clim-3-amd64/kernel/drivers/net/bonding/bonding.ko
alias:          rtnl-link-bond
author:         Thomas Davis, tadavis@lbl.gov and many others
description:    Ethernet Channel Bonding Driver, v3.7.1-netns
version:        3.7.1-netns
...


My results with the above bonding driver:

(1) Migrating bond0 from host to netns:

  # ip link set bond0 netns netns0
  RTNETLINK answers: Invalid argument

  => cannot migrate bond0 from host to netns.
  => No warnings.


(2) Loading bonding module in host environment and unloading bonding
    module from within netns:

  # modprobe -v -r bonding
  #
rmmod /lib/modules/3.2.18-clim-3-amd64/kernel/drivers/net/bonding/bonding.ko

	# lsmod | grep bond
	<<< bonding module does not exist >>>

	# ll /sys/class/net/
total 0
lrwxrwxrwx 1 root root 0 Jul  6 11:00 lo
-> ../../devices/virtual/net/lo/
lrwxrwxrwx 1 root root 0 Jul  6 11:00 eth7
-> ../../devices/pci0000:00/0000:00:05.0/0000:14:00.1/net/eth7/
lrwxrwxrwx 1 root root 0 Jul  6 11:00 eth6
-> ../../devices/pci0000:00/0000:00:05.0/0000:14:00.0/net/eth6/

	=> No warnings.


-DilipD.

Re: Network namespace and bonding WARNING at fs/proc/generic.c remove_proc_entry

[Eric W. Biederman]

Dilip Daya <dilip.daya-VXdhtT5mjnY@public.gmane.org> writes:

> Hi Eric,

> We do need to move bonds between namespaces - because we require
> physical interfaces in each namespace -- we don't want the overheads of
> virtual interfaces, don't have the management infrastructure, and don't
> want to manufacture fake mac addresses that would be required for
> macvlan interfaces.   Since the bonds are implicitly created in the host
> namespace, the only way we know to get bonds directly into the
> namespaces is to move them.

There about 3 ways to create bonding devices.  One of those ways
is to create bonding devices when loading the module.  Another
way is to create a bond device with "echo '+bond35 > /sys/class/net/bonding_masters".
them when loading the module, and my favorite is the standard way
"ip link add type bond".  All but loading the bonding device work in the
network namespace you are in at the type.

> Would "NETDEV_UNREGISTER and NETDEV_REGISTER events to remove/add the
> per device proc files at the appropriate time." help in the case?

Yes.  But since you can create the bonding device in the network
namespace you need it in, I don't see the point, of adding a code
path no one will test for 3 years at a time.

It seems easier to me to just not allow migration of bonding devices
and set peoples expectations a little lower.  Especially given
the very complex user space interfaces.

On ther other hand if you want to write and test and generally own the
patch I will review it.

Eric

Re: Network namespace and bonding WARNING at fs/proc/generic.c remove_proc_entry

[Eric W. Biederman]

Dilip Daya <dilip.daya@hp.com> writes:

> Hi Eric,

> We do need to move bonds between namespaces - because we require
> physical interfaces in each namespace -- we don't want the overheads of
> virtual interfaces, don't have the management infrastructure, and don't
> want to manufacture fake mac addresses that would be required for
> macvlan interfaces.   Since the bonds are implicitly created in the host
> namespace, the only way we know to get bonds directly into the
> namespaces is to move them.

There about 3 ways to create bonding devices.  One of those ways
is to create bonding devices when loading the module.  Another
way is to create a bond device with "echo '+bond35 > /sys/class/net/bonding_masters".
them when loading the module, and my favorite is the standard way
"ip link add type bond".  All but loading the bonding device work in the
network namespace you are in at the type.

> Would "NETDEV_UNREGISTER and NETDEV_REGISTER events to remove/add the
> per device proc files at the appropriate time." help in the case?

Yes.  But since you can create the bonding device in the network
namespace you need it in, I don't see the point, of adding a code
path no one will test for 3 years at a time.

It seems easier to me to just not allow migration of bonding devices
and set peoples expectations a little lower.  Especially given
the very complex user space interfaces.

On ther other hand if you want to write and test and generally own the
patch I will review it.

Eric

Re: Network namespace and bonding WARNING at fs/proc/generic.c remove_proc_entry

[Eric W. Biederman]

"Serge E. Hallyn" <serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org> writes:

>> diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
>> index 2ee8cf9..818ed64 100644
>> --- a/drivers/net/bonding/bond_main.c
>> +++ b/drivers/net/bonding/bond_main.c
>> @@ -4345,6 +4345,9 @@ static void bond_setup(struct net_device *bond_dev)
>>         bond_dev->priv_flags |= IFF_BONDING;
>>         bond_dev->priv_flags &= ~(IFF_XMIT_DST_RELEASE | IFF_TX_SKB_SHARING);
>>  
>> +       /* Don't allow bond devices to change network namespaces. */
>> +       bond_dev->features |= NETIF_F_LOCAL;
>
> I believe this needs to be NETIF_F_NETNS_LOCAL.  Test build still going with
> that change.

Yes that is what I mean.

Eric

Re: Network namespace and bonding WARNING at fs/proc/generic.c remove_proc_entry

[Eric W. Biederman]

"Serge E. Hallyn" <serge@hallyn.com> writes:

>> diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
>> index 2ee8cf9..818ed64 100644
>> --- a/drivers/net/bonding/bond_main.c
>> +++ b/drivers/net/bonding/bond_main.c
>> @@ -4345,6 +4345,9 @@ static void bond_setup(struct net_device *bond_dev)
>>         bond_dev->priv_flags |= IFF_BONDING;
>>         bond_dev->priv_flags &= ~(IFF_XMIT_DST_RELEASE | IFF_TX_SKB_SHARING);
>>  
>> +       /* Don't allow bond devices to change network namespaces. */
>> +       bond_dev->features |= NETIF_F_LOCAL;
>
> I believe this needs to be NETIF_F_NETNS_LOCAL.  Test build still going with
> that change.

Yes that is what I mean.

Eric

Re: Network namespace and bonding WARNING at fs/proc/generic.c remove_proc_entry

[Serge E. Hallyn]

Quoting Eric W. Biederman (ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org):
> "Serge E. Hallyn" <serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org> writes:
> 
> >> diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
> >> index 2ee8cf9..818ed64 100644
> >> --- a/drivers/net/bonding/bond_main.c
> >> +++ b/drivers/net/bonding/bond_main.c
> >> @@ -4345,6 +4345,9 @@ static void bond_setup(struct net_device *bond_dev)
> >>         bond_dev->priv_flags |= IFF_BONDING;
> >>         bond_dev->priv_flags &= ~(IFF_XMIT_DST_RELEASE | IFF_TX_SKB_SHARING);
> >>  
> >> +       /* Don't allow bond devices to change network namespaces. */
> >> +       bond_dev->features |= NETIF_F_LOCAL;
> >
> > I believe this needs to be NETIF_F_NETNS_LOCAL.  Test build still going with
> > that change.
> 
> Yes that is what I mean.

With that change, build is fine, boots fine, I can't pass a bond to another
netns (preventing the problem), and I can create a bond in a child netns
just fine.

Thanks!

Acked-by: Serge Hallyn <serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>

-serge

Re: Network namespace and bonding WARNING at fs/proc/generic.c remove_proc_entry

[Serge E. Hallyn]

Quoting Eric W. Biederman (ebiederm@xmission.com):
> "Serge E. Hallyn" <serge@hallyn.com> writes:
> 
> >> diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
> >> index 2ee8cf9..818ed64 100644
> >> --- a/drivers/net/bonding/bond_main.c
> >> +++ b/drivers/net/bonding/bond_main.c
> >> @@ -4345,6 +4345,9 @@ static void bond_setup(struct net_device *bond_dev)
> >>         bond_dev->priv_flags |= IFF_BONDING;
> >>         bond_dev->priv_flags &= ~(IFF_XMIT_DST_RELEASE | IFF_TX_SKB_SHARING);
> >>  
> >> +       /* Don't allow bond devices to change network namespaces. */
> >> +       bond_dev->features |= NETIF_F_LOCAL;
> >
> > I believe this needs to be NETIF_F_NETNS_LOCAL.  Test build still going with
> > that change.
> 
> Yes that is what I mean.

With that change, build is fine, boots fine, I can't pass a bond to another
netns (preventing the problem), and I can create a bond in a child netns
just fine.

Thanks!

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>

-serge

[PATCH 1/2] bonding: Manage /proc/net/bonding/ entries from the netdev events

[Eric W. Biederman]

It was recently reported that moving a bonding device between network
namespaces causes warnings from /proc.  It turns out after the move we
were trying to add and to remove the /proc/net/bonding entries from the
wrong network namespace.

Move the bonding /proc registration code into the NETDEV_REGISTER and
NETDEV_UNREGISTER events where the proc registration and unregistration
will always happen at the right time.

Signed-off-by: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
---
 drivers/net/bonding/bond_main.c |    9 ++++++---
 1 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index 2ee8cf9..50de0fe 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -3226,6 +3226,12 @@ static int bond_master_netdev_event(unsigned long event,
 	switch (event) {
 	case NETDEV_CHANGENAME:
 		return bond_event_changename(event_bond);
+	case NETDEV_UNREGISTER:
+		bond_remove_proc_entry(event_bond);
+		break;
+	case NETDEV_REGISTER:
+		bond_create_proc_entry(event_bond);
+		break;
 	default:
 		break;
 	}
@@ -4410,8 +4416,6 @@ static void bond_uninit(struct net_device *bond_dev)
 
 	bond_work_cancel_all(bond);
 
-	bond_remove_proc_entry(bond);
-
 	bond_debug_unregister(bond);
 
 	__hw_addr_flush(&bond->mc_list);
@@ -4813,7 +4817,6 @@ static int bond_init(struct net_device *bond_dev)
 
 	bond_set_lockdep_class(bond_dev);
 
-	bond_create_proc_entry(bond);
 	list_add_tail(&bond->bond_list, &bn->dev_list);
 
 	bond_prepare_sysfs_group(bond);
-- 
1.7.5.4

[PATCH 1/2] bonding: Manage /proc/net/bonding/ entries from the netdev events

[Eric W. Biederman]

It was recently reported that moving a bonding device between network
namespaces causes warnings from /proc.  It turns out after the move we
were trying to add and to remove the /proc/net/bonding entries from the
wrong network namespace.

Move the bonding /proc registration code into the NETDEV_REGISTER and
NETDEV_UNREGISTER events where the proc registration and unregistration
will always happen at the right time.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
 drivers/net/bonding/bond_main.c |    9 ++++++---
 1 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index 2ee8cf9..50de0fe 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -3226,6 +3226,12 @@ static int bond_master_netdev_event(unsigned long event,
 	switch (event) {
 	case NETDEV_CHANGENAME:
 		return bond_event_changename(event_bond);
+	case NETDEV_UNREGISTER:
+		bond_remove_proc_entry(event_bond);
+		break;
+	case NETDEV_REGISTER:
+		bond_create_proc_entry(event_bond);
+		break;
 	default:
 		break;
 	}
@@ -4410,8 +4416,6 @@ static void bond_uninit(struct net_device *bond_dev)
 
 	bond_work_cancel_all(bond);
 
-	bond_remove_proc_entry(bond);
-
 	bond_debug_unregister(bond);
 
 	__hw_addr_flush(&bond->mc_list);
@@ -4813,7 +4817,6 @@ static int bond_init(struct net_device *bond_dev)
 
 	bond_set_lockdep_class(bond_dev);
 
-	bond_create_proc_entry(bond);
 	list_add_tail(&bond->bond_list, &bn->dev_list);
 
 	bond_prepare_sysfs_group(bond);
-- 
1.7.5.4

[PATCH 2/2] bonding: debugfs and network namespaces are incompatible

[Eric W. Biederman]

The bonding debugfs support has been broken in the presence of network
namespaces since it has been added.  The debugfs support does not handle
multiple bonding devices with the same name in different network
namespaces.

I haven't had any bug reports, and I'm not interested in getting any.
Disable the debugfs support when network namespaces are enabled.

Signed-off-by: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
---
 drivers/net/bonding/bond_debugfs.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/drivers/net/bonding/bond_debugfs.c b/drivers/net/bonding/bond_debugfs.c
index 3680aa2..2cf084e 100644
--- a/drivers/net/bonding/bond_debugfs.c
+++ b/drivers/net/bonding/bond_debugfs.c
@@ -6,7 +6,7 @@
 #include "bonding.h"
 #include "bond_alb.h"
 
-#ifdef CONFIG_DEBUG_FS
+#if defined(CONFIG_DEBUG_FS) && !defined(CONFIG_NET_NS)
 
 #include <linux/debugfs.h>
 #include <linux/seq_file.h>
-- 
1.7.5.4

[PATCH 2/2] bonding: debugfs and network namespaces are incompatible

[Eric W. Biederman]

The bonding debugfs support has been broken in the presence of network
namespaces since it has been added.  The debugfs support does not handle
multiple bonding devices with the same name in different network
namespaces.

I haven't had any bug reports, and I'm not interested in getting any.
Disable the debugfs support when network namespaces are enabled.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
 drivers/net/bonding/bond_debugfs.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/drivers/net/bonding/bond_debugfs.c b/drivers/net/bonding/bond_debugfs.c
index 3680aa2..2cf084e 100644
--- a/drivers/net/bonding/bond_debugfs.c
+++ b/drivers/net/bonding/bond_debugfs.c
@@ -6,7 +6,7 @@
 #include "bonding.h"
 #include "bond_alb.h"
 
-#ifdef CONFIG_DEBUG_FS
+#if defined(CONFIG_DEBUG_FS) && !defined(CONFIG_NET_NS)
 
 #include <linux/debugfs.h>
 #include <linux/seq_file.h>
-- 
1.7.5.4

Re: [PATCH 1/2] bonding: Manage /proc/net/bonding/ entries from the netdev events

[David Miller]

From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman)
Date: Mon, 09 Jul 2012 13:51:45 -0700

> 
> It was recently reported that moving a bonding device between network
> namespaces causes warnings from /proc.  It turns out after the move we
> were trying to add and to remove the /proc/net/bonding entries from the
> wrong network namespace.
> 
> Move the bonding /proc registration code into the NETDEV_REGISTER and
> NETDEV_UNREGISTER events where the proc registration and unregistration
> will always happen at the right time.
> 
> Signed-off-by: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>

Applied.

Re: [PATCH 1/2] bonding: Manage /proc/net/bonding/ entries from the netdev events

[David Miller]

From: ebiederm@xmission.com (Eric W. Biederman)
Date: Mon, 09 Jul 2012 13:51:45 -0700

> 
> It was recently reported that moving a bonding device between network
> namespaces causes warnings from /proc.  It turns out after the move we
> were trying to add and to remove the /proc/net/bonding entries from the
> wrong network namespace.
> 
> Move the bonding /proc registration code into the NETDEV_REGISTER and
> NETDEV_UNREGISTER events where the proc registration and unregistration
> will always happen at the right time.
> 
> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>

Applied.

Re: [PATCH 2/2] bonding: debugfs and network namespaces are incompatible

[David Miller]

From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman)
Date: Mon, 09 Jul 2012 13:52:43 -0700

> 
> The bonding debugfs support has been broken in the presence of network
> namespaces since it has been added.  The debugfs support does not handle
> multiple bonding devices with the same name in different network
> namespaces.
> 
> I haven't had any bug reports, and I'm not interested in getting any.
> Disable the debugfs support when network namespaces are enabled.
> 
> Signed-off-by: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>

Applied.

Re: [PATCH 2/2] bonding: debugfs and network namespaces are incompatible

[David Miller]

From: ebiederm@xmission.com (Eric W. Biederman)
Date: Mon, 09 Jul 2012 13:52:43 -0700

> 
> The bonding debugfs support has been broken in the presence of network
> namespaces since it has been added.  The debugfs support does not handle
> multiple bonding devices with the same name in different network
> namespaces.
> 
> I haven't had any bug reports, and I'm not interested in getting any.
> Disable the debugfs support when network namespaces are enabled.
> 
> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>

Applied.

Re: [PATCH 2/2] bonding: debugfs and network namespaces are incompatible

[Jay Vosburgh]

David Miller <davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org> wrote:

>From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman)
>Date: Mon, 09 Jul 2012 13:52:43 -0700
>
>> 
>> The bonding debugfs support has been broken in the presence of network
>> namespaces since it has been added.  The debugfs support does not handle
>> multiple bonding devices with the same name in different network
>> namespaces.
>> 
>> I haven't had any bug reports, and I'm not interested in getting any.
>> Disable the debugfs support when network namespaces are enabled.
>> 
>> Signed-off-by: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
>
>Applied.

	Since distro kernels appear to set CONFIG_NET_NS, doesn't this
effectively disable debugfs for bonding on most distros?

	Do the other network device drivers that support debugfs have a
similar problem?  E.g., if each of two namespaces have an skge device
with the same name, will there be a debugfs conflict there as well?

	-J

---
	-Jay Vosburgh, IBM Linux Technology Center, fubar-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org

Re: [PATCH 2/2] bonding: debugfs and network namespaces are incompatible

[Jay Vosburgh]

David Miller <davem@davemloft.net> wrote:

>From: ebiederm@xmission.com (Eric W. Biederman)
>Date: Mon, 09 Jul 2012 13:52:43 -0700
>
>> 
>> The bonding debugfs support has been broken in the presence of network
>> namespaces since it has been added.  The debugfs support does not handle
>> multiple bonding devices with the same name in different network
>> namespaces.
>> 
>> I haven't had any bug reports, and I'm not interested in getting any.
>> Disable the debugfs support when network namespaces are enabled.
>> 
>> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
>
>Applied.

	Since distro kernels appear to set CONFIG_NET_NS, doesn't this
effectively disable debugfs for bonding on most distros?

	Do the other network device drivers that support debugfs have a
similar problem?  E.g., if each of two namespaces have an skge device
with the same name, will there be a debugfs conflict there as well?

	-J

---
	-Jay Vosburgh, IBM Linux Technology Center, fubar@us.ibm.com

Re: [PATCH 2/2] bonding: debugfs and network namespaces are incompatible

[Jay Vosburgh]

	[ adding netdev back to cc: ]

Eric W. Biederman <ebiederm@xmission.com> wrote:

>Jay Vosburgh <fubar@us.ibm.com> wrote:
>
>>David Miller <davem@davemloft.net> wrote:
>>
>>>From: ebiederm@xmission.com (Eric W. Biederman)
>>>Date: Mon, 09 Jul 2012 13:52:43 -0700
>>>
>>>> 
>>>> The bonding debugfs support has been broken in the presence of
>>network
>>>> namespaces since it has been added.  The debugfs support does not
>>handle
>>>> multiple bonding devices with the same name in different network
>>>> namespaces.
>>>> 
>>>> I haven't had any bug reports, and I'm not interested in getting
>>any.
>>>> Disable the debugfs support when network namespaces are enabled.
>>>> 
>>>> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
>>>
>>>Applied.
>>
>>	Since distro kernels appear to set CONFIG_NET_NS, doesn't this
>>effectively disable debugfs for bonding on most distros?
>
>Yes.
>
>>	Do the other network device drivers that support debugfs have a
>>similar problem?  E.g., if each of two namespaces have an skge device
>>with the same name, will there be a debugfs conflict there as well?
>
>I haven't run across any of those network devices, but if they create a
>debugfs entry that embeds the device name it will be a problem.

	A quick grep suggests that cxgb4, skge, sky2, stmmac, ipoib and
half a dozen of the wireless drivers all create files in debugfs.  I did
not check exhaustively, but at least some of them include the device
name.

>Last I looked any custom user space interface from network devices was
>rare and bonding using debugfs is the first instance of using debugfs
>from networking devices I have seen.
>
>I think the problem will be a little less severe for physical network
>devices as they all start in the initial network namespace and so start
>with distinct names.
>
>With bonding I can do "ip link add type bond" in any network namespace
>and get another bond0.  So name conflicts are very much expeted with all
>virtual networking devices.

	Fair enough, although it is trivial to rename any network device
such that a conflict would occur.

	It looks like some of the drivers use fixed names for some
things as well.

>But if you know of any other networking devices using debugsfs that
>code should probably get the same treatment as the bonding debugfs code.

	Is there no alternative than simply disabling debugfs whenever
network namespaces are enabled?  The information bonding displays via
debugfs is useful, and having it unavailable on all distro kernels seems
a bit harsh.

	Why is the logic already in the driver not sufficient?  If the
attempt to create the debugfs directory with the interface name fails,
then it merely prints a warning and continues without the debugfs for
that interface.

	-J

---
	-Jay Vosburgh, IBM Linux Technology Center, fubar@us.ibm.com

Re: [PATCH 2/2] bonding: debugfs and network namespaces are incompatible

[Eric W. Biederman]

Jay Vosburgh <fubar@us.ibm.com> writes:

> Eric W. Biederman <ebiederm@xmission.com> wrote:

>>I haven't run across any of those network devices, but if they create a
>>debugfs entry that embeds the device name it will be a problem.
>
> 	A quick grep suggests that cxgb4, skge, sky2, stmmac, ipoib and
> half a dozen of the wireless drivers all create files in debugfs.  I did
> not check exhaustively, but at least some of them include the device
> name.

Yep.  It looks like imperfect habits are common.

>>Last I looked any custom user space interface from network devices was
>>rare and bonding using debugfs is the first instance of using debugfs
>>from networking devices I have seen.
>>
>>I think the problem will be a little less severe for physical network
>>devices as they all start in the initial network namespace and so start
>>with distinct names.
>>
>>With bonding I can do "ip link add type bond" in any network namespace
>>and get another bond0.  So name conflicts are very much expeted with all
>>virtual networking devices.
>
> 	Fair enough, although it is trivial to rename any network device
> such that a conflict would occur.

Actually for userspace and administrative reasons frequently it isn't
trivial to rename devices.

>>But if you know of any other networking devices using debugsfs that
>>code should probably get the same treatment as the bonding debugfs code.
>
> 	Is there no alternative than simply disabling debugfs whenever
> network namespaces are enabled?  The information bonding displays via
> debugfs is useful, and having it unavailable on all distro kernels seems
> a bit harsh.


I took a good hard look at debugfs while writing this reply and debufs
scares me.  It is the kind of code that just about wants to me to throw
in the towel seeing no hope of a good solid kernel. 

I can definitely open a /sys/kernel/debug/bonding/bond0/rlb_hash_table
and delete the bond and then read the file.  On a bad day that will oops
the kernel, as there is nothing holding a reference to the network
device.  I think only the BOND_MODE_ALB check makes keeps the kernel
from oopsing in my quick tests.

The fact that debugfs is enabled in distro kernels is actually apalling
to me.  debugfs makes it easy to oops the kernel.

There are lots of alternatives to debugfs on where to put information
and the bonding driver already uses most of them.

> 	Why is the logic already in the driver not sufficient?  If the
> attempt to create the debugfs directory with the interface name fails,
> then it merely prints a warning and continues without the debugfs for
> that interface.

All I know for certain is the existing logic will eventually cause
someone doing something reasonable to send me a bug report.

I can see where you are coming from in that the bonding driver debugfs
code really was built to gracefully fail and ignore problems of instead
of just hapharzardly and sloppily ignore problems.  At the same time
I can oops the kernel if I try with your debugfs in the bonding driver.

But it causes the code to fail and issue a warning.  So if I don't
disable the code now, I expect I will get a bug report, and who
knows how many sill files in bonding will have in debugfs by then.
what silly things bonding may be doing in debugfs by then.

Eric

Re: [PATCH 2/2] bonding: debugfs and network namespaces are incompatible

[Jay Vosburgh]

Eric W. Biederman <ebiederm@xmission.com> wrote:

>Jay Vosburgh <fubar@us.ibm.com> writes:
>
>> Eric W. Biederman <ebiederm@xmission.com> wrote:
>
>>>I haven't run across any of those network devices, but if they create a
>>>debugfs entry that embeds the device name it will be a problem.
>>
>> 	A quick grep suggests that cxgb4, skge, sky2, stmmac, ipoib and
>> half a dozen of the wireless drivers all create files in debugfs.  I did
>> not check exhaustively, but at least some of them include the device
>> name.
>
>Yep.  It looks like imperfect habits are common.
>
>>>Last I looked any custom user space interface from network devices was
>>>rare and bonding using debugfs is the first instance of using debugfs
>>>from networking devices I have seen.
>>>
>>>I think the problem will be a little less severe for physical network
>>>devices as they all start in the initial network namespace and so start
>>>with distinct names.
>>>
>>>With bonding I can do "ip link add type bond" in any network namespace
>>>and get another bond0.  So name conflicts are very much expeted with all
>>>virtual networking devices.
>>
>> 	Fair enough, although it is trivial to rename any network device
>> such that a conflict would occur.
>
>Actually for userspace and administrative reasons frequently it isn't
>trivial to rename devices.

	Well, perhaps it's uncommon for users to do so, but "ip link set
dev eth0 name eth44" is pretty easy to do.

>>>But if you know of any other networking devices using debugsfs that
>>>code should probably get the same treatment as the bonding debugfs code.
>>
>> 	Is there no alternative than simply disabling debugfs whenever
>> network namespaces are enabled?  The information bonding displays via
>> debugfs is useful, and having it unavailable on all distro kernels seems
>> a bit harsh.
>
>
>I took a good hard look at debugfs while writing this reply and debufs
>scares me.  It is the kind of code that just about wants to me to throw
>in the towel seeing no hope of a good solid kernel. 
>
>I can definitely open a /sys/kernel/debug/bonding/bond0/rlb_hash_table
>and delete the bond and then read the file.  On a bad day that will oops
>the kernel, as there is nothing holding a reference to the network
>device.  I think only the BOND_MODE_ALB check makes keeps the kernel
>from oopsing in my quick tests.
>
>The fact that debugfs is enabled in distro kernels is actually apalling
>to me.  debugfs makes it easy to oops the kernel.

	I'm not so sure things are that bad.  I cannot unload the
bonding module while a program holds an open file descriptor on its
debugfs file (it appears to hold a reference to the module), so uses
that only remove the debugfs file on module unload shouldn't have a
problem.

	The /proc file that bonding removes when an interface is
dynamically removed does not have this problem, as subsequent reads on
that file descriptor will fail.  I suspect that's because
remove_proc_entry NULLs the proc_fops, whereas debugfs_remove does not
do the equivalent for its case.  It may not be that simple, though; I'm
just looking at the code and have not tested anything.

>There are lots of alternatives to debugfs on where to put information
>and the bonding driver already uses most of them.
>
>> 	Why is the logic already in the driver not sufficient?  If the
>> attempt to create the debugfs directory with the interface name fails,
>> then it merely prints a warning and continues without the debugfs for
>> that interface.
>
>All I know for certain is the existing logic will eventually cause
>someone doing something reasonable to send me a bug report.
>
>I can see where you are coming from in that the bonding driver debugfs
>code really was built to gracefully fail and ignore problems of instead
>of just hapharzardly and sloppily ignore problems.  At the same time
>I can oops the kernel if I try with your debugfs in the bonding driver.
>
>But it causes the code to fail and issue a warning.  So if I don't
>disable the code now, I expect I will get a bug report, and who
>knows how many sill files in bonding will have in debugfs by then.
>what silly things bonding may be doing in debugfs by then.

	Or perhaps we can fix the debugfs support to function correctly
even in the face of network namespaces.  For example, do namespaces have
a unique name or identifier than can go into the debugfs name?

	-J

---
	-Jay Vosburgh, IBM Linux Technology Center, fubar@us.ibm.com