From patchwork Sat Apr 29 13:30:59 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: William Tu X-Patchwork-Id: 756744 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3wFWmL58hQz9s2Q for ; Sat, 29 Apr 2017 23:31:14 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="AKVYJB3b"; dkim-atps=neutral Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 194958D7; Sat, 29 Apr 2017 13:31:11 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 518D7721 for ; Sat, 29 Apr 2017 13:31:09 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pg0-f67.google.com (mail-pg0-f67.google.com [74.125.83.67]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 5845410A for ; Sat, 29 Apr 2017 13:31:08 +0000 (UTC) Received: by mail-pg0-f67.google.com with SMTP id t7so9446569pgt.1 for ; Sat, 29 Apr 2017 06:31:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=4tLCBrCeGqpJ753BPwmexMiesVux9Nn1HIZvC2dAaKY=; b=AKVYJB3bs+1kOSSZM8kYk1GN+6HetenmBSAu1yvDua4izok2oc/ytPcra3ylUoOnUL jwONrZ1jljNIJNuOwfi3c8DmmJXX7KBbKW4O5UyQdXeFmOoXQnzx4VTJ6v8OFp1tTB/W g4LGvcLro1F8XHlnzyAK4SlAH8lXAfuELeHJxE/T/27vIf6wOkAjhrvFQLljoTQVrCGy iYdf0FwDSiqyN5Nw+LdG3ObiePwaP+rUUB7RozMQLexS3uOv8HkGhD9usP5vcCjH5L+1 w7eHDcWXSKmNYgZiOjWDoXwhhhHYlzjwnyT76ewagdC9NbhHpvDyar1PB80zWRBzcN4i rLBA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=4tLCBrCeGqpJ753BPwmexMiesVux9Nn1HIZvC2dAaKY=; b=Vqr8M8vwUtz/ZGRUY4A/tZRLaICnsPF4atlDsesIOgl4I9YyPALOdo34fERy/Vax6m NBIyF5Z2gj4ndwIlNQuPw88zkeFOcve+em2C9a92tNjr0yQRr76sdyjUlWv35LjtdMnB hmxr1ya8c2agSiSXW3NQqicQ1bL6fy98Idle7Va2PdsQK1pfgb8Upbv7R4wYbcjQCNW6 jK8LkWqddzVIve+YDKZYyTI7FPHJTFsqyfkMXkWFLXc2QPoay7GGNvGRSpmzBaUbaK5m RRTR2ofTxTLzcnaAqAtWO4AL7x6MmYoH6AJ4uDwCg4njPf9bmdvG3eahzm1SBYfscU+b F5mA== X-Gm-Message-State: AN3rC/7x1XAixfL8pCKZXfLKrlEpv49iRom92BS/o9TqAi06dNGwHnbb i18sLE+kDeoWQQ== X-Received: by 10.99.149.67 with SMTP id t3mr17623023pgn.152.1493472667853; Sat, 29 Apr 2017 06:31:07 -0700 (PDT) Received: from localhost.localdomain ([76.126.157.223]) by smtp.gmail.com with ESMTPSA id y29sm18378528pfj.90.2017.04.29.06.31.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sat, 29 Apr 2017 06:31:06 -0700 (PDT) From: William Tu To: dev@openvswitch.org Date: Sat, 29 Apr 2017 06:30:59 -0700 Message-Id: <1493472659-12834-1-git-send-email-u9012063@gmail.com> X-Mailer: git-send-email 2.7.4 X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,RCVD_IN_SORBS_SPAM autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCHv2] bridge: Prohibit "default" and "all" bridge name. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org Under Linux, when users create bridge named "default" or "all", although ovs-vsctl fails but vswitchd in the background will keep retrying it, causing the systemd-udev to reach 100% cpu utilization. The patch prevents any attempt to create or open a netdev named "default" or "all" because these two names are reserved on Linux due to /proc/sys/net/ipv4/conf/ always contains directories by these names. The reason for high CPU utilization is due to frequent calls into kernel's register_netdevice function, which will invoke several kernel elements who has registered on the netdevice notifier chain. And due to creation failed, OVS wakes up and re-recreate the device, which ends up as a high CPU loop. VMWare-BZ: #1842388 Signed-off-by: William Tu Signed-off-by: Ben Pfaff Acked-by: Greg Rose --- v1->v2: move to Linux specific implementation. --- lib/netdev-linux.c | 39 ++++++++++++++++++++++++++++++--------- 1 file changed, 30 insertions(+), 9 deletions(-) diff --git a/lib/netdev-linux.c b/lib/netdev-linux.c index 9ff1333f8e85..79e827303d07 100644 --- a/lib/netdev-linux.c +++ b/lib/netdev-linux.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016 Nicira, Inc. + * Copyright (c) 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017 Nicira, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -773,10 +773,28 @@ netdev_linux_alloc(void) return &netdev->up; } -static void -netdev_linux_common_construct(struct netdev_linux *netdev) -{ +static int +netdev_linux_common_construct(struct netdev *netdev_) +{ + /* Prevent any attempt to create (or open) a network device named "default" + * or "all". These device names are effectively reserved on Linux because + * /proc/sys/net/ipv4/conf/ always contains directories by these names. By + * itself this wouldn't call for any special treatment, but in practice if + * a program tries to create devices with these names, it causes the kernel + * to fire a "new device" notification event even though creation failed, + * and in turn that causes OVS to wake up and try to create them again, + * which ends up as a 100% CPU loop. */ + struct netdev_linux *netdev = netdev_linux_cast(netdev_); + const char *name = netdev_->name; + if (!strcmp(name, "default") || !strcmp(name, "all")) { + static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1); + VLOG_WARN_RL(&rl, "%s: Linux forbids network device with this name", + name); + return EINVAL; + } + ovs_mutex_init(&netdev->mutex); + return 0; } /* Creates system and internal devices. */ @@ -784,9 +802,10 @@ static int netdev_linux_construct(struct netdev *netdev_) { struct netdev_linux *netdev = netdev_linux_cast(netdev_); - int error; - - netdev_linux_common_construct(netdev); + int error = netdev_linux_common_construct(netdev_); + if (error) { + return error; + } error = get_flags(&netdev->up, &netdev->ifi_flags); if (error == ENODEV) { @@ -817,9 +836,11 @@ netdev_linux_construct_tap(struct netdev *netdev_) static const char tap_dev[] = "/dev/net/tun"; const char *name = netdev_->name; struct ifreq ifr; - int error; - netdev_linux_common_construct(netdev); + int error = netdev_linux_common_construct(netdev_); + if (error) { + return error; + } /* Open tap device. */ netdev->tap_fd = open(tap_dev, O_RDWR);