Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Ubuntu Kernel Team (http://www.linux-archive.org/ubuntu-kernel-team/)
-   -   Lucid SRU - UBUNTU: SAUCE: netns: Add quota for number of NET_NS instances. (http://www.linux-archive.org/ubuntu-kernel-team/605378-lucid-sru-ubuntu-sauce-netns-add-quota-number-net_ns-instances.html)

Tetsuo Handa 12-02-2011 03:36 AM

Lucid SRU - UBUNTU: SAUCE: netns: Add quota for number of NET_NS instances.
 
Tim Gardner wrote:
> So, the first patch simply synchronously returns an error if the number
> of network name spaces exceeds the specified maximum. This happens
> within the context of the fork, the login process is aborted, and the
> remote user is told to buzz off.

According to comment #24 of bug #790863, vsftpd in Lucid was updated to use
Debian's 10-remote-dos.patch 2.3.4-1 patch. So, we no longer need to worry
about vsftpd users, don't we?

I guess normal lxr containers will not start/terminate as frequent as ftp
clients. Thus, I think the first patch (give up immediately version) is fine.
Just setting initial quota value to 512 or so?

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team

Tim Gardner 12-19-2011 12:50 PM

Lucid SRU - UBUNTU: SAUCE: netns: Add quota for number of NET_NS instances.
 
On 12/01/2011 02:48 PM, Tim Gardner wrote:

Please consider this (untested) patch for inclusion in Lucid. See the
discussion in http://bugs.launchpad.net/bugs/790863 for arguments
proposing to restore CONFIG_NET_NS.

I'll post a test kernel to the bug in awhile.

One of the issues I have with this patch is that it appears that any
consumer of network name spaces will have to initially write a non-zero
value to netns_max before _any_ name spaces can be successfully
allocated. If copy_net_ns() fails in create_new_namespaces(), then it
seems the whole allocation is buggered.

rtg



At least 2 testers have reported good results with this patch. Is there
any dissent ? Otherwise I shall apply it to master-next.


rtg
--
Tim Gardner tim.gardner@canonical.com

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team

Serge Hallyn 12-19-2011 02:32 PM

Lucid SRU - UBUNTU: SAUCE: netns: Add quota for number of NET_NS instances.
 
Quoting Brad Figg (brad.figg@canonical.com):
> On 12/01/2011 01:48 PM, Tim Gardner wrote:
> >Please consider this (untested) patch for inclusion in Lucid. See the discussion in http://bugs.launchpad.net/bugs/790863 for arguments proposing to restore CONFIG_NET_NS.
> >
> >I'll post a test kernel to the bug in awhile.
> >
> >One of the issues I have with this patch is that it appears that any consumer of network name spaces will have to initially write a non-zero value to netns_max before _any_ name spaces can be successfully allocated. If copy_net_ns() fails in
> >create_new_namespaces(), then it seems the whole allocation is buggered.
> >
> >rtg
> >
> >
>
> Tim,
>
> If you follow the thread that starts at:
> http://www.spinics.net/lists/netdev/msg180263.html
> you will see that Tetsuo actually proposed a modified
> version of this patch: http://www.spinics.net/lists/netdev/msg180360.html.

(Shouldn't used_netns_count default to 1? :)

It looks good, I'd only ask that a warning be printed, even if only
printk_once(), when the limit is hit. Otherwise we risk mysterious
bugs reported against other software.

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>

thanks,
-serge

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team

Tim Gardner 12-19-2011 03:21 PM

Lucid SRU - UBUNTU: SAUCE: netns: Add quota for number of NET_NS instances.
 
This is a multi-part message in MIME format.
On 12/19/2011 08:32 AM, Serge Hallyn wrote:

Quoting Brad Figg (brad.figg@canonical.com):

On 12/01/2011 01:48 PM, Tim Gardner wrote:

Please consider this (untested) patch for inclusion in Lucid. See the discussion in http://bugs.launchpad.net/bugs/790863 for arguments proposing to restore CONFIG_NET_NS.

I'll post a test kernel to the bug in awhile.

One of the issues I have with this patch is that it appears that any consumer of network name spaces will have to initially write a non-zero value to netns_max before _any_ name spaces can be successfully allocated. If copy_net_ns() fails in
create_new_namespaces(), then it seems the whole allocation is buggered.

rtg




Tim,

If you follow the thread that starts at:
http://www.spinics.net/lists/netdev/msg180263.html
you will see that Tetsuo actually proposed a modified
version of this patch: http://www.spinics.net/lists/netdev/msg180360.html.


(Shouldn't used_netns_count default to 1? :)

It looks good, I'd only ask that a warning be printed, even if only
printk_once(), when the limit is hit. Otherwise we risk mysterious
bugs reported against other software.

Acked-by: Serge Hallyn<serge.hallyn@canonical.com>

thanks,
-serge


Serge - How about this? Changes include a non-zero initial value for
max_netns_count, and a printk_once() warning if the count is ever exceeded.


rtg
--
Tim Gardner tim.gardner@canonical.com

Serge Hallyn 12-19-2011 03:31 PM

Lucid SRU - UBUNTU: SAUCE: netns: Add quota for number of NET_NS instances.
 
Quoting Tim Gardner (tim.gardner@canonical.com):
> On 12/19/2011 08:32 AM, Serge Hallyn wrote:
> >Quoting Brad Figg (brad.figg@canonical.com):
> >>On 12/01/2011 01:48 PM, Tim Gardner wrote:
> >>>Please consider this (untested) patch for inclusion in Lucid. See the discussion in http://bugs.launchpad.net/bugs/790863 for arguments proposing to restore CONFIG_NET_NS.
> >>>
> >>>I'll post a test kernel to the bug in awhile.
> >>>
> >>>One of the issues I have with this patch is that it appears that any consumer of network name spaces will have to initially write a non-zero value to netns_max before _any_ name spaces can be successfully allocated. If copy_net_ns() fails in
> >>>create_new_namespaces(), then it seems the whole allocation is buggered.
> >>>
> >>>rtg
> >>>
> >>>
> >>
> >>Tim,
> >>
> >>If you follow the thread that starts at:
> >>http://www.spinics.net/lists/netdev/msg180263.html
> >>you will see that Tetsuo actually proposed a modified
> >>version of this patch: http://www.spinics.net/lists/netdev/msg180360.html.
> >
> >(Shouldn't used_netns_count default to 1? :)
> >
> >It looks good, I'd only ask that a warning be printed, even if only
> >printk_once(), when the limit is hit. Otherwise we risk mysterious
> >bugs reported against other software.
> >
> >Acked-by: Serge Hallyn<serge.hallyn@canonical.com>
> >
> >thanks,
> >-serge
>
> Serge - How about this? Changes include a non-zero initial value for
> max_netns_count, and a printk_once() warning if the count is ever
> exceeded.

Looks great, thanks.

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>

-serge

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team


All times are GMT. The time now is 10:31 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.