netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH bpf-next] bpf: Generate cookie for new non-initial net NS
@ 2020-07-20 14:09 Jianlin Lv
  2020-07-21 20:17 ` Daniel Borkmann
  0 siblings, 1 reply; 3+ messages in thread
From: Jianlin Lv @ 2020-07-20 14:09 UTC (permalink / raw)
  To: bpf
  Cc: davem, kuba, ast, daniel, yhs, Song.Zhu, Jianlin.Lv,
	linux-kernel, netdev

For non-initial network NS, the net cookie is generated when
bpf_get_netns_cookie_sock is called for the first time, but it is more
reasonable to complete the cookie generation work when creating a new
network NS, just like init_net.
net_gen_cookie() be moved into setup_net() that it can serve the initial
and non-initial network namespace.

Signed-off-by: Jianlin Lv <Jianlin.Lv@arm.com>
---
 net/core/net_namespace.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
index dcd61aca343e..5937bd0df56d 100644
--- a/net/core/net_namespace.c
+++ b/net/core/net_namespace.c
@@ -336,6 +336,7 @@ static __net_init int setup_net(struct net *net, struct user_namespace *user_ns)
 	idr_init(&net->netns_ids);
 	spin_lock_init(&net->nsid_lock);
 	mutex_init(&net->ipv4.ra_mutex);
+	net_gen_cookie(net);
 
 	list_for_each_entry(ops, &pernet_list, list) {
 		error = ops_init(ops, net);
@@ -1101,7 +1102,6 @@ static int __init net_ns_init(void)
 		panic("Could not allocate generic netns");
 
 	rcu_assign_pointer(init_net.gen, ng);
-	net_gen_cookie(&init_net);
 
 	down_write(&pernet_ops_rwsem);
 	if (setup_net(&init_net, &init_user_ns))
-- 
2.17.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH bpf-next] bpf: Generate cookie for new non-initial net NS
  2020-07-20 14:09 [PATCH bpf-next] bpf: Generate cookie for new non-initial net NS Jianlin Lv
@ 2020-07-21 20:17 ` Daniel Borkmann
  2020-07-22  6:30   ` Jianlin Lv
  0 siblings, 1 reply; 3+ messages in thread
From: Daniel Borkmann @ 2020-07-21 20:17 UTC (permalink / raw)
  To: Jianlin Lv, bpf; +Cc: davem, kuba, ast, yhs, Song.Zhu, linux-kernel, netdev

On 7/20/20 4:09 PM, Jianlin Lv wrote:
> For non-initial network NS, the net cookie is generated when
> bpf_get_netns_cookie_sock is called for the first time, but it is more
> reasonable to complete the cookie generation work when creating a new
> network NS, just like init_net.
> net_gen_cookie() be moved into setup_net() that it can serve the initial
> and non-initial network namespace.
> 
> Signed-off-by: Jianlin Lv <Jianlin.Lv@arm.com>

What use-case are you trying to solve? Why should it be different than, say,
socket cookie generation? I'm currently not seeing much of a point in moving
this. When it's not used in the system, it would actually create more work.

> ---
>   net/core/net_namespace.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
> index dcd61aca343e..5937bd0df56d 100644
> --- a/net/core/net_namespace.c
> +++ b/net/core/net_namespace.c
> @@ -336,6 +336,7 @@ static __net_init int setup_net(struct net *net, struct user_namespace *user_ns)
>   	idr_init(&net->netns_ids);
>   	spin_lock_init(&net->nsid_lock);
>   	mutex_init(&net->ipv4.ra_mutex);
> +	net_gen_cookie(net);
>   
>   	list_for_each_entry(ops, &pernet_list, list) {
>   		error = ops_init(ops, net);
> @@ -1101,7 +1102,6 @@ static int __init net_ns_init(void)
>   		panic("Could not allocate generic netns");
>   
>   	rcu_assign_pointer(init_net.gen, ng);
> -	net_gen_cookie(&init_net);
>   
>   	down_write(&pernet_ops_rwsem);
>   	if (setup_net(&init_net, &init_user_ns))
> 


^ permalink raw reply	[flat|nested] 3+ messages in thread
* RE: [PATCH bpf-next] bpf: Generate cookie for new non-initial net NS
  2020-07-21 20:17 ` Daniel Borkmann
@ 2020-07-22  6:30   ` Jianlin Lv
  0 siblings, 0 replies; 3+ messages in thread
From: Jianlin Lv @ 2020-07-22  6:30 UTC (permalink / raw)
  To: Daniel Borkmann, bpf
  Cc: davem, kuba, ast, yhs, Song Zhu, linux-kernel, netdev



> -----Original Message-----
> From: bpf-owner@vger.kernel.org <bpf-owner@vger.kernel.org> On Behalf
> Of Daniel Borkmann
> Sent: Wednesday, July 22, 2020 4:18 AM
> To: Jianlin Lv <Jianlin.Lv@arm.com>; bpf@vger.kernel.org
> Cc: davem@davemloft.net; kuba@kernel.org; ast@kernel.org; yhs@fb.com;
> Song Zhu <Song.Zhu@arm.com>; linux-kernel@vger.kernel.org;
> netdev@vger.kernel.org
> Subject: Re: [PATCH bpf-next] bpf: Generate cookie for new non-initial net NS
>
> On 7/20/20 4:09 PM, Jianlin Lv wrote:
> > For non-initial network NS, the net cookie is generated when
> > bpf_get_netns_cookie_sock is called for the first time, but it is more
> > reasonable to complete the cookie generation work when creating a new
> > network NS, just like init_net.
> > net_gen_cookie() be moved into setup_net() that it can serve the
> > initial and non-initial network namespace.
> >
> > Signed-off-by: Jianlin Lv <Jianlin.Lv@arm.com>
>
> What use-case are you trying to solve? Why should it be different than, say,
> socket cookie generation? I'm currently not seeing much of a point in moving
> this. When it's not used in the system, it would actually create more work.

This patch does not come from use-case, but based on the following points were considered:
1. setup_net() runs the initializers for the network namespace object, net_cookie is a member of struct net, and its initialization is more reasonable in setup_net();
2. For initial network namespaces, this patch does not introduce additional burden;
3. For systems that have not created non-initial network namespaces, this will not introduce additional work;
4. For newly created non-initial network namespaces, the added effort of net_gen_cookie() is weak for the entire network namespaces creation process, and net_cookie is only written once during the entire life cycle of network namespaces.

>
> > ---
> >   net/core/net_namespace.c | 2 +-
> >   1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c index
> > dcd61aca343e..5937bd0df56d 100644
> > --- a/net/core/net_namespace.c
> > +++ b/net/core/net_namespace.c
> > @@ -336,6 +336,7 @@ static __net_init int setup_net(struct net *net,
> struct user_namespace *user_ns)
> >   idr_init(&net->netns_ids);
> >   spin_lock_init(&net->nsid_lock);
> >   mutex_init(&net->ipv4.ra_mutex);
> > +net_gen_cookie(net);
> >
> >   list_for_each_entry(ops, &pernet_list, list) {
> >   error = ops_init(ops, net);
> > @@ -1101,7 +1102,6 @@ static int __init net_ns_init(void)
> >   panic("Could not allocate generic netns");
> >
> >   rcu_assign_pointer(init_net.gen, ng);
> > -net_gen_cookie(&init_net);
> >
> >   down_write(&pernet_ops_rwsem);
> >   if (setup_net(&init_net, &init_user_ns))
> >

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-07-22  6:30 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-20 14:09 [PATCH bpf-next] bpf: Generate cookie for new non-initial net NS Jianlin Lv
2020-07-21 20:17 ` Daniel Borkmann
2020-07-22  6:30   ` Jianlin Lv

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).