UBUNTU: SAUCE: netns: Add quota for number of NET_NS instances.

12-01-2011, 08:28 PM

CONFIG_NET_NS support in 2.6.32 has a problem that leads to OOM killer when
clone(CLONE_NEWNET) is called instantly.
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/720095
But disabling CONFIG_NET_NS broke lxc containers.
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/790863

This patch introduces /proc/sys/net/core/netns_max interface that limits
max number of network namespace instances.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
---
include/net/sock.h | 4 ++++
net/core/net_namespace.c | 9 +++++++++
net/core/sysctl_net_core.c | 10 ++++++++++
3 files changed, 23 insertions(+), 0 deletions(-)

diff --git a/include/net/sock.h b/include/net/sock.h
index 4babe89..3cd628c 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -1620,4 +1620,8 @@ extern int sysctl_optmem_max;
extern __u32 sysctl_wmem_default;
extern __u32 sysctl_rmem_default;

+#ifdef CONFIG_NET_NS
+extern int max_netns_count;
+#endif
+
#endif /* _SOCK_H */
diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
index 1c1af27..4020874 100644
--- a/net/core/net_namespace.c
+++ b/net/core/net_namespace.c
@@ -81,12 +81,18 @@ static struct net_generic *net_alloc_generic(void)
#ifdef CONFIG_NET_NS
static struct kmem_cache *net_cachep;
static struct workqueue_struct *netns_wq;
+static atomic_t used_netns_count = ATOMIC_INIT(0);
+unsigned int max_netns_count;

static struct net *net_alloc(void)
{
struct net *net = NULL;
struct net_generic *ng;

+ atomic_inc(&used_netns_count);
+ if (atomic_read(&used_netns_count) > max_netns_count)
+ goto out;
+
ng = net_alloc_generic();
if (!ng)
goto out;
@@ -96,7 +102,9 @@ static struct net *net_alloc(void)
goto out_free;

rcu_assign_pointer(net->gen, ng);
+ return net;
out:
+ atomic_dec(&used_netns_count);
return net;

out_free:
@@ -115,6 +123,7 @@ static void net_free(struct net *net)
#endif
kfree(net->gen);
kmem_cache_free(net_cachep, net);
+ atomic_dec(&used_netns_count);
}

static struct net *net_create(void)
diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
index 7db1de0..81c79df 100644
--- a/net/core/sysctl_net_core.c
+++ b/net/core/sysctl_net_core.c
@@ -89,6 +89,16 @@ static struct ctl_table net_core_table[] = {
.mode = 0644,
.proc_handler = proc_dointvec
},
+#ifdef CONFIG_NET_NS
+ {
+ .ctl_name = CTL_UNNUMBERED,
+ .procname = "netns_max",
+ .data = &max_netns_count,
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec,
+ },
+#endif
#endif /* CONFIG_NET */
{
.ctl_name = NET_CORE_BUDGET,
--
1.7.0.4

--------------060004030001050809090500
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team

--------------060004030001050809090500--

12-01-2011, 08:28 PM

CONFIG_NET_NS support in 2.6.32 has a problem that leads to OOM killer when
clone(CLONE_NEWNET) is called instantly.
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/720095
But disabling CONFIG_NET_NS broke lxc containers.
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/790863

This patch introduces /proc/sys/net/core/netns_max interface that limits
max number of network namespace instances.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
---
include/net/sock.h | 4 ++++
net/core/net_namespace.c | 13 +++++++++++++
net/core/sysctl_net_core.c | 10 ++++++++++
3 files changed, 27 insertions(+), 0 deletions(-)

diff --git a/include/net/sock.h b/include/net/sock.h
index 4babe89..3cd628c 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -1620,4 +1620,8 @@ extern int sysctl_optmem_max;
extern __u32 sysctl_wmem_default;
extern __u32 sysctl_rmem_default;

+#ifdef CONFIG_NET_NS
+extern int max_netns_count;
+#endif
+
#endif /* _SOCK_H */
diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
index 1c1af27..841df10 100644
--- a/net/core/net_namespace.c
+++ b/net/core/net_namespace.c
@@ -81,12 +81,22 @@ static struct net_generic *net_alloc_generic(void)
#ifdef CONFIG_NET_NS
static struct kmem_cache *net_cachep;
static struct workqueue_struct *netns_wq;
+static atomic_t used_netns_count = ATOMIC_INIT(0);
+unsigned int max_netns_count = 1024;

static struct net *net_alloc(void)
{
struct net *net = NULL;
struct net_generic *ng;

+ atomic_inc(&used_netns_count);
+ if (atomic_read(&used_netns_count) >= max_netns_count) {
+ printk_once(KERN_WARNING
+ "net_alloc: Exceeded maximum (%d) net namespace allocations.
",
+ max_netns_count);
+ goto out;
+ }
+
ng = net_alloc_generic();
if (!ng)
goto out;
@@ -96,7 +106,9 @@ static struct net *net_alloc(void)
goto out_free;

rcu_assign_pointer(net->gen, ng);
+ return net;
out:
+ atomic_dec(&used_netns_count);
return net;

out_free:
@@ -115,6 +127,7 @@ static void net_free(struct net *net)
#endif
kfree(net->gen);
kmem_cache_free(net_cachep, net);
+ atomic_dec(&used_netns_count);
}

static struct net *net_create(void)
diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
index 7db1de0..81c79df 100644
--- a/net/core/sysctl_net_core.c
+++ b/net/core/sysctl_net_core.c
@@ -89,6 +89,16 @@ static struct ctl_table net_core_table[] = {
.mode = 0644,
.proc_handler = proc_dointvec
},
+#ifdef CONFIG_NET_NS
+ {
+ .ctl_name = CTL_UNNUMBERED,
+ .procname = "netns_max",
+ .data = &max_netns_count,
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec,
+ },
+#endif
#endif /* CONFIG_NET */
{
.ctl_name = NET_CORE_BUDGET,
--
1.7.0.4

--------------000103040006000608030301
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team

--------------000103040006000608030301--

Mon Dec 19 18:30:02 2011
Return-path: <aur-general-bounces@archlinux.org>
Envelope-to: tom@linux-archive.org
Delivery-date: Mon, 19 Dec 2011 18:23:16 +0200
Received: from gerolde.archlinux.org ([66.211.214.132]:58127)
by s2.java-tips.org with esmtp (Exim 4.69)
(envelope-from <aur-general-bounces@archlinux.org>)
id 1Rcfzg-0007JR-AW
for tom@linux-archive.org; Mon, 19 Dec 2011 18:23:16 +0200
Received: from gudrun.archlinux.org (gudrun.archlinux.org [66.211.214.131])
by gerolde.archlinux.org (Postfix) with ESMTP id A8F7690029;
Mon, 19 Dec 2011 11:23:18 -0500 (EST)
Received: from gerolde.archlinux.org (gerolde.archlinux.org [66.211.214.132])
by gudrun.archlinux.org (Postfix) with ESMTP id DB2A78615E
for <aur-general@archlinux.org>; Mon, 19 Dec 2011 11:23:17 -0500 (EST)
Received-SPF: pass (gmail.com ... _spf.google.com: 74.125.83.44 is authorized
to use 'techlivezheng@gmail.com' in 'mfrom' identity (mechanism
'ip4:74.125.0.0/16' matched)) receiver=gerolde.archlinux.org;
identity=mailfrom; envelope-from="techlivezheng@gmail.com";
helo=mail-ee0-f44.google.com; client-ip=74.125.83.44
Received: from mail-ee0-f44.google.com (mail-ee0-f44.google.com [74.125.83.44])
by gerolde.archlinux.org (Postfix) with ESMTPS id 9151490027
for <aur-general@archlinux.org>; Mon, 19 Dec 2011 11:23:16 -0500 (EST)
Received: by eekc14 with SMTP id c14so4904724eek.3
for <aur-general@archlinux.org>; Mon, 19 Dec 2011 08:23:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
h=mime-version:from:date:message-id:subject:to:content-type;
bh=Yb2/MiPpB1VLMrFES0SDsLN/n0tpxzQ9tGIFX5HqmMU=;
b=M5b9QbleckHbCyYMLI1Kuz1ncqPr/mucZkuRucPNgGXAmeaQOySXNP6CRs8tzfh5Yy
q8Zyhti0D2VRsS6Iw/QW5+klqGDzBD3ERbtlYQvhqssRQTzJQI+7qLlOtAodZ22+Mul8
guBY88NFZH8wc3oW8gHNxmSpnhLaDfo9sE0eE=
Received: by 10.204.10.65 with SMTP id o1mr5343585bko.19.1324311796417; Mon,
19 Dec 2011 08:23:16 -0800 (PST)
MIME-Version: 1.0
Received: by 10.204.143.198 with HTTP; Mon, 19 Dec 2011 08:22:35 -0800 (PST)
From: =?UTF-8?B?6YOR5paH6L6JKFRlY2hsaXZlIFpoZW5nKQ==?=
<techlivezheng@gmail.com>
Date: Tue, 20 Dec 2011 00:22:35 +0800
Message-ID: <CAPYzjrQp49atrX9=PFxVhfotW-SwPDruUQZOyOHsnb6QFvURLg@mail.gmail.com>
To: AUR <aur-general@archlinux.org>
Content-Type: text/plain; charset=ISO-8859-1
Subject: [aur-general] Remove request:gstreamer0.10-python-songbird
X-BeenThere: aur-general@archlinux.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: "Discussion about the Arch User Repository (AUR)"
<aur-general@archlinux.org>
List-Id: "Discussion about the Arch User Repository (AUR)"
<aur-general.archlinux.org>
List-Unsubscribe: <http://mailman.archlinux.org/mailman/options/aur-general>,
<mailto:aur-general-request@archlinux.org?subject=unsubscribe>
List-Archive: <http://mailman.archlinux.org/pipermail/aur-general>
List-Post: <mailto:aur-general@archlinux.org>
List-Help: <mailto:aur-general-request@archlinux.org?subject=help>
List-Subscribe: <http://mailman.archlinux.org/mailman/listinfo/aur-general>,
<mailto:aur-general-request@archlinux.org?subject=subscribe>
Errors-To: aur-general-bounces@archlinux.org
Sender: aur-general-bounces@archlinux.org

[gstreamer0.10-python-songbird][1]

This should be deleted. It's out of date, and also useless.

[1]:https://aur.archlinux.org/packages.php?ID=27875