| Message ID | 1557470163-30071-3-git-send-email-wenbinzeng@tencent.com |
|---|---|
| State | Not Applicable |
| Delegated to: | David Miller |
| Headers | show |
| Series | auth_gss: netns refcount leaks when use-gss-proxy==1 | expand |
From: Wenbin Zeng <wenbin.zeng@gmail.com> Date: Fri, 10 May 2019 14:36:02 +0800 > The newly added netns_evict() shall be called when the netns inode being > evicted. It provides another path to release netns refcounts, previously > netns_put() is the only choice, but it is not able to release all netns > refcount, for example, a rpc client holds two netns refcounts, these > refcounts are supposed to be released when the rpc client is freed, but > the code to free rpc client is normally triggered by put() callback only > when netns refcount gets to 0, specifically: > refcount=0 -> cleanup_net() -> ops_exit_list -> free rpc client > But netns refcount will never get to 0 before rpc client gets freed, to > break the deadlock, the code to free rpc client can be put into the newly > added netns_evict. > > Signed-off-by: Wenbin Zeng <wenbinzeng@tencent.com> Acked-by: David S. Miller <davem@davemloft.net>
diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h index 12689dd..c44306a 100644 --- a/include/net/net_namespace.h +++ b/include/net/net_namespace.h @@ -357,6 +357,7 @@ struct pernet_operations { int (*init)(struct net *net); void (*exit)(struct net *net); void (*exit_batch)(struct list_head *net_exit_list); + void (*evict)(struct net *net); unsigned int *id; size_t size; }; diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c index 7e6dcc6..0626fc4 100644 --- a/net/core/net_namespace.c +++ b/net/core/net_namespace.c @@ -1296,6 +1296,17 @@ static void netns_put(struct ns_common *ns) put_net(to_net_ns(ns)); } +static void netns_evict(struct ns_common *ns) +{ + struct net *net = to_net_ns(ns); + const struct pernet_operations *ops; + + list_for_each_entry_reverse(ops, &pernet_list, list) { + if (ops->evict) + ops->evict(net); + } +} + static int netns_install(struct nsproxy *nsproxy, struct ns_common *ns) { struct net *net = to_net_ns(ns); @@ -1319,6 +1330,7 @@ static struct user_namespace *netns_owner(struct ns_common *ns) .type = CLONE_NEWNET, .get = netns_get, .put = netns_put, + .evict = netns_evict, .install = netns_install, .owner = netns_owner, };
The newly added netns_evict() shall be called when the netns inode being evicted. It provides another path to release netns refcounts, previously netns_put() is the only choice, but it is not able to release all netns refcount, for example, a rpc client holds two netns refcounts, these refcounts are supposed to be released when the rpc client is freed, but the code to free rpc client is normally triggered by put() callback only when netns refcount gets to 0, specifically: refcount=0 -> cleanup_net() -> ops_exit_list -> free rpc client But netns refcount will never get to 0 before rpc client gets freed, to break the deadlock, the code to free rpc client can be put into the newly added netns_evict. Signed-off-by: Wenbin Zeng <wenbinzeng@tencent.com> --- include/net/net_namespace.h | 1 + net/core/net_namespace.c | 12 ++++++++++++ 2 files changed, 13 insertions(+)