netns: add pre_exit method to struct pernet_operations

Current struct pernet_operations exit() handlers are highly
discouraged to call synchronize_rcu().

There are cases where we need them, and exit_batch() does
not help the common case where a single netns is dismantled.

This patch leverages the existing synchronize_rcu() call
in cleanup_net()

Calling optional ->pre_exit() method before ->exit() or
->exit_batch() allows to benefit from a single synchronize_rcu()
call.

Note that the synchronize_rcu() calls added in this patch
are only in error paths or slow paths.

Tested:

$ time for i in {1..1000}; do unshare -n /bin/false;done

real	0m2.612s
user	0m0.171s
sys	0m2.216s

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Eric Dumazet 2019-06-18 11:08:59 -07:00 committed by David S. Miller
parent 2a54003e7a
commit d7d99872c1
2 changed files with 33 additions and 0 deletions

View File

@ -355,8 +355,13 @@ struct pernet_operations {
* synchronize_rcu() related to these pernet_operations, * synchronize_rcu() related to these pernet_operations,
* instead of separate synchronize_rcu() for every net. * instead of separate synchronize_rcu() for every net.
* Please, avoid synchronize_rcu() at all, where it's possible. * Please, avoid synchronize_rcu() at all, where it's possible.
*
* Note that a combination of pre_exit() and exit() can
* be used, since a synchronize_rcu() is guaranteed between
* the calls.
*/ */
int (*init)(struct net *net); int (*init)(struct net *net);
void (*pre_exit)(struct net *net);
void (*exit)(struct net *net); void (*exit)(struct net *net);
void (*exit_batch)(struct list_head *net_exit_list); void (*exit_batch)(struct list_head *net_exit_list);
unsigned int *id; unsigned int *id;

View File

@ -145,6 +145,17 @@ static void ops_free(const struct pernet_operations *ops, struct net *net)
} }
} }
static void ops_pre_exit_list(const struct pernet_operations *ops,
struct list_head *net_exit_list)
{
struct net *net;
if (ops->pre_exit) {
list_for_each_entry(net, net_exit_list, exit_list)
ops->pre_exit(net);
}
}
static void ops_exit_list(const struct pernet_operations *ops, static void ops_exit_list(const struct pernet_operations *ops,
struct list_head *net_exit_list) struct list_head *net_exit_list)
{ {
@ -328,6 +339,12 @@ static __net_init int setup_net(struct net *net, struct user_namespace *user_ns)
* for the pernet modules whose init functions did not fail. * for the pernet modules whose init functions did not fail.
*/ */
list_add(&net->exit_list, &net_exit_list); list_add(&net->exit_list, &net_exit_list);
saved_ops = ops;
list_for_each_entry_continue_reverse(ops, &pernet_list, list)
ops_pre_exit_list(ops, &net_exit_list);
synchronize_rcu();
saved_ops = ops; saved_ops = ops;
list_for_each_entry_continue_reverse(ops, &pernet_list, list) list_for_each_entry_continue_reverse(ops, &pernet_list, list)
ops_exit_list(ops, &net_exit_list); ops_exit_list(ops, &net_exit_list);
@ -541,10 +558,15 @@ static void cleanup_net(struct work_struct *work)
list_add_tail(&net->exit_list, &net_exit_list); list_add_tail(&net->exit_list, &net_exit_list);
} }
/* Run all of the network namespace pre_exit methods */
list_for_each_entry_reverse(ops, &pernet_list, list)
ops_pre_exit_list(ops, &net_exit_list);
/* /*
* Another CPU might be rcu-iterating the list, wait for it. * Another CPU might be rcu-iterating the list, wait for it.
* This needs to be before calling the exit() notifiers, so * This needs to be before calling the exit() notifiers, so
* the rcu_barrier() below isn't sufficient alone. * the rcu_barrier() below isn't sufficient alone.
* Also the pre_exit() and exit() methods need this barrier.
*/ */
synchronize_rcu(); synchronize_rcu();
@ -1101,6 +1123,8 @@ static int __register_pernet_operations(struct list_head *list,
out_undo: out_undo:
/* If I have an error cleanup all namespaces I initialized */ /* If I have an error cleanup all namespaces I initialized */
list_del(&ops->list); list_del(&ops->list);
ops_pre_exit_list(ops, &net_exit_list);
synchronize_rcu();
ops_exit_list(ops, &net_exit_list); ops_exit_list(ops, &net_exit_list);
ops_free_list(ops, &net_exit_list); ops_free_list(ops, &net_exit_list);
return error; return error;
@ -1115,6 +1139,8 @@ static void __unregister_pernet_operations(struct pernet_operations *ops)
/* See comment in __register_pernet_operations() */ /* See comment in __register_pernet_operations() */
for_each_net(net) for_each_net(net)
list_add_tail(&net->exit_list, &net_exit_list); list_add_tail(&net->exit_list, &net_exit_list);
ops_pre_exit_list(ops, &net_exit_list);
synchronize_rcu();
ops_exit_list(ops, &net_exit_list); ops_exit_list(ops, &net_exit_list);
ops_free_list(ops, &net_exit_list); ops_free_list(ops, &net_exit_list);
} }
@ -1139,6 +1165,8 @@ static void __unregister_pernet_operations(struct pernet_operations *ops)
} else { } else {
LIST_HEAD(net_exit_list); LIST_HEAD(net_exit_list);
list_add(&init_net.exit_list, &net_exit_list); list_add(&init_net.exit_list, &net_exit_list);
ops_pre_exit_list(ops, &net_exit_list);
synchronize_rcu();
ops_exit_list(ops, &net_exit_list); ops_exit_list(ops, &net_exit_list);
ops_free_list(ops, &net_exit_list); ops_free_list(ops, &net_exit_list);
} }