1 #include <linux/workqueue.h> 2 #include <linux/rtnetlink.h> 3 #include <linux/cache.h> 4 #include <linux/slab.h> 5 #include <linux/list.h> 6 #include <linux/delay.h> 7 #include <linux/sched.h> 8 #include <linux/idr.h> 9 #include <net/net_namespace.h> 10 #include <net/netns/generic.h> 11 12 /* 13 * Our network namespace constructor/destructor lists 14 */ 15 16 static LIST_HEAD(pernet_list); 17 static struct list_head *first_device = &pernet_list; 18 static DEFINE_MUTEX(net_mutex); 19 20 LIST_HEAD(net_namespace_list); 21 EXPORT_SYMBOL_GPL(net_namespace_list); 22 23 struct net init_net; 24 EXPORT_SYMBOL(init_net); 25 26 #define INITIAL_NET_GEN_PTRS 13 /* +1 for len +2 for rcu_head */ 27 28 /* 29 * setup_net runs the initializers for the network namespace object. 30 */ 31 static __net_init int setup_net(struct net *net) 32 { 33 /* Must be called with net_mutex held */ 34 struct pernet_operations *ops; 35 int error = 0; 36 37 atomic_set(&net->count, 1); 38 39 #ifdef NETNS_REFCNT_DEBUG 40 atomic_set(&net->use_count, 0); 41 #endif 42 43 list_for_each_entry(ops, &pernet_list, list) { 44 if (ops->init) { 45 error = ops->init(net); 46 if (error < 0) 47 goto out_undo; 48 } 49 } 50 out: 51 return error; 52 53 out_undo: 54 /* Walk through the list backwards calling the exit functions 55 * for the pernet modules whose init functions did not fail. 56 */ 57 list_for_each_entry_continue_reverse(ops, &pernet_list, list) { 58 if (ops->exit) 59 ops->exit(net); 60 } 61 62 rcu_barrier(); 63 goto out; 64 } 65 66 static struct net_generic *net_alloc_generic(void) 67 { 68 struct net_generic *ng; 69 size_t generic_size = sizeof(struct net_generic) + 70 INITIAL_NET_GEN_PTRS * sizeof(void *); 71 72 ng = kzalloc(generic_size, GFP_KERNEL); 73 if (ng) 74 ng->len = INITIAL_NET_GEN_PTRS; 75 76 return ng; 77 } 78 79 #ifdef CONFIG_NET_NS 80 static struct kmem_cache *net_cachep; 81 static struct workqueue_struct *netns_wq; 82 83 static struct net *net_alloc(void) 84 { 85 struct net *net = NULL; 86 struct net_generic *ng; 87 88 ng = net_alloc_generic(); 89 if (!ng) 90 goto out; 91 92 net = kmem_cache_zalloc(net_cachep, GFP_KERNEL); 93 if (!net) 94 goto out_free; 95 96 rcu_assign_pointer(net->gen, ng); 97 out: 98 return net; 99 100 out_free: 101 kfree(ng); 102 goto out; 103 } 104 105 static void net_free(struct net *net) 106 { 107 #ifdef NETNS_REFCNT_DEBUG 108 if (unlikely(atomic_read(&net->use_count) != 0)) { 109 printk(KERN_EMERG "network namespace not free! Usage: %d\n", 110 atomic_read(&net->use_count)); 111 return; 112 } 113 #endif 114 kfree(net->gen); 115 kmem_cache_free(net_cachep, net); 116 } 117 118 struct net *copy_net_ns(unsigned long flags, struct net *old_net) 119 { 120 struct net *new_net = NULL; 121 int err; 122 123 get_net(old_net); 124 125 if (!(flags & CLONE_NEWNET)) 126 return old_net; 127 128 err = -ENOMEM; 129 new_net = net_alloc(); 130 if (!new_net) 131 goto out_err; 132 133 mutex_lock(&net_mutex); 134 err = setup_net(new_net); 135 if (!err) { 136 rtnl_lock(); 137 list_add_tail(&new_net->list, &net_namespace_list); 138 rtnl_unlock(); 139 } 140 mutex_unlock(&net_mutex); 141 142 if (err) 143 goto out_free; 144 out: 145 put_net(old_net); 146 return new_net; 147 148 out_free: 149 net_free(new_net); 150 out_err: 151 new_net = ERR_PTR(err); 152 goto out; 153 } 154 155 static void cleanup_net(struct work_struct *work) 156 { 157 struct pernet_operations *ops; 158 struct net *net; 159 160 net = container_of(work, struct net, work); 161 162 mutex_lock(&net_mutex); 163 164 /* Don't let anyone else find us. */ 165 rtnl_lock(); 166 list_del(&net->list); 167 rtnl_unlock(); 168 169 /* Run all of the network namespace exit methods */ 170 list_for_each_entry_reverse(ops, &pernet_list, list) { 171 if (ops->exit) 172 ops->exit(net); 173 } 174 175 mutex_unlock(&net_mutex); 176 177 /* Ensure there are no outstanding rcu callbacks using this 178 * network namespace. 179 */ 180 rcu_barrier(); 181 182 /* Finally it is safe to free my network namespace structure */ 183 net_free(net); 184 } 185 186 void __put_net(struct net *net) 187 { 188 /* Cleanup the network namespace in process context */ 189 INIT_WORK(&net->work, cleanup_net); 190 queue_work(netns_wq, &net->work); 191 } 192 EXPORT_SYMBOL_GPL(__put_net); 193 194 #else 195 struct net *copy_net_ns(unsigned long flags, struct net *old_net) 196 { 197 if (flags & CLONE_NEWNET) 198 return ERR_PTR(-EINVAL); 199 return old_net; 200 } 201 #endif 202 203 static int __init net_ns_init(void) 204 { 205 struct net_generic *ng; 206 int err; 207 208 printk(KERN_INFO "net_namespace: %zd bytes\n", sizeof(struct net)); 209 #ifdef CONFIG_NET_NS 210 net_cachep = kmem_cache_create("net_namespace", sizeof(struct net), 211 SMP_CACHE_BYTES, 212 SLAB_PANIC, NULL); 213 214 /* Create workqueue for cleanup */ 215 netns_wq = create_singlethread_workqueue("netns"); 216 if (!netns_wq) 217 panic("Could not create netns workq"); 218 #endif 219 220 ng = net_alloc_generic(); 221 if (!ng) 222 panic("Could not allocate generic netns"); 223 224 rcu_assign_pointer(init_net.gen, ng); 225 226 mutex_lock(&net_mutex); 227 err = setup_net(&init_net); 228 229 rtnl_lock(); 230 list_add_tail(&init_net.list, &net_namespace_list); 231 rtnl_unlock(); 232 233 mutex_unlock(&net_mutex); 234 if (err) 235 panic("Could not setup the initial network namespace"); 236 237 return 0; 238 } 239 240 pure_initcall(net_ns_init); 241 242 #ifdef CONFIG_NET_NS 243 static int register_pernet_operations(struct list_head *list, 244 struct pernet_operations *ops) 245 { 246 struct net *net, *undo_net; 247 int error; 248 249 list_add_tail(&ops->list, list); 250 if (ops->init) { 251 for_each_net(net) { 252 error = ops->init(net); 253 if (error) 254 goto out_undo; 255 } 256 } 257 return 0; 258 259 out_undo: 260 /* If I have an error cleanup all namespaces I initialized */ 261 list_del(&ops->list); 262 if (ops->exit) { 263 for_each_net(undo_net) { 264 if (undo_net == net) 265 goto undone; 266 ops->exit(undo_net); 267 } 268 } 269 undone: 270 return error; 271 } 272 273 static void unregister_pernet_operations(struct pernet_operations *ops) 274 { 275 struct net *net; 276 277 list_del(&ops->list); 278 if (ops->exit) 279 for_each_net(net) 280 ops->exit(net); 281 } 282 283 #else 284 285 static int register_pernet_operations(struct list_head *list, 286 struct pernet_operations *ops) 287 { 288 if (ops->init == NULL) 289 return 0; 290 return ops->init(&init_net); 291 } 292 293 static void unregister_pernet_operations(struct pernet_operations *ops) 294 { 295 if (ops->exit) 296 ops->exit(&init_net); 297 } 298 #endif 299 300 static DEFINE_IDA(net_generic_ids); 301 302 /** 303 * register_pernet_subsys - register a network namespace subsystem 304 * @ops: pernet operations structure for the subsystem 305 * 306 * Register a subsystem which has init and exit functions 307 * that are called when network namespaces are created and 308 * destroyed respectively. 309 * 310 * When registered all network namespace init functions are 311 * called for every existing network namespace. Allowing kernel 312 * modules to have a race free view of the set of network namespaces. 313 * 314 * When a new network namespace is created all of the init 315 * methods are called in the order in which they were registered. 316 * 317 * When a network namespace is destroyed all of the exit methods 318 * are called in the reverse of the order with which they were 319 * registered. 320 */ 321 int register_pernet_subsys(struct pernet_operations *ops) 322 { 323 int error; 324 mutex_lock(&net_mutex); 325 error = register_pernet_operations(first_device, ops); 326 mutex_unlock(&net_mutex); 327 return error; 328 } 329 EXPORT_SYMBOL_GPL(register_pernet_subsys); 330 331 /** 332 * unregister_pernet_subsys - unregister a network namespace subsystem 333 * @ops: pernet operations structure to manipulate 334 * 335 * Remove the pernet operations structure from the list to be 336 * used when network namespaces are created or destroyed. In 337 * addition run the exit method for all existing network 338 * namespaces. 339 */ 340 void unregister_pernet_subsys(struct pernet_operations *module) 341 { 342 mutex_lock(&net_mutex); 343 unregister_pernet_operations(module); 344 mutex_unlock(&net_mutex); 345 } 346 EXPORT_SYMBOL_GPL(unregister_pernet_subsys); 347 348 int register_pernet_gen_subsys(int *id, struct pernet_operations *ops) 349 { 350 int rv; 351 352 mutex_lock(&net_mutex); 353 again: 354 rv = ida_get_new_above(&net_generic_ids, 1, id); 355 if (rv < 0) { 356 if (rv == -EAGAIN) { 357 ida_pre_get(&net_generic_ids, GFP_KERNEL); 358 goto again; 359 } 360 goto out; 361 } 362 rv = register_pernet_operations(first_device, ops); 363 if (rv < 0) 364 ida_remove(&net_generic_ids, *id); 365 out: 366 mutex_unlock(&net_mutex); 367 return rv; 368 } 369 EXPORT_SYMBOL_GPL(register_pernet_gen_subsys); 370 371 void unregister_pernet_gen_subsys(int id, struct pernet_operations *ops) 372 { 373 mutex_lock(&net_mutex); 374 unregister_pernet_operations(ops); 375 ida_remove(&net_generic_ids, id); 376 mutex_unlock(&net_mutex); 377 } 378 EXPORT_SYMBOL_GPL(unregister_pernet_gen_subsys); 379 380 /** 381 * register_pernet_device - register a network namespace device 382 * @ops: pernet operations structure for the subsystem 383 * 384 * Register a device which has init and exit functions 385 * that are called when network namespaces are created and 386 * destroyed respectively. 387 * 388 * When registered all network namespace init functions are 389 * called for every existing network namespace. Allowing kernel 390 * modules to have a race free view of the set of network namespaces. 391 * 392 * When a new network namespace is created all of the init 393 * methods are called in the order in which they were registered. 394 * 395 * When a network namespace is destroyed all of the exit methods 396 * are called in the reverse of the order with which they were 397 * registered. 398 */ 399 int register_pernet_device(struct pernet_operations *ops) 400 { 401 int error; 402 mutex_lock(&net_mutex); 403 error = register_pernet_operations(&pernet_list, ops); 404 if (!error && (first_device == &pernet_list)) 405 first_device = &ops->list; 406 mutex_unlock(&net_mutex); 407 return error; 408 } 409 EXPORT_SYMBOL_GPL(register_pernet_device); 410 411 int register_pernet_gen_device(int *id, struct pernet_operations *ops) 412 { 413 int error; 414 mutex_lock(&net_mutex); 415 again: 416 error = ida_get_new_above(&net_generic_ids, 1, id); 417 if (error) { 418 if (error == -EAGAIN) { 419 ida_pre_get(&net_generic_ids, GFP_KERNEL); 420 goto again; 421 } 422 goto out; 423 } 424 error = register_pernet_operations(&pernet_list, ops); 425 if (error) 426 ida_remove(&net_generic_ids, *id); 427 else if (first_device == &pernet_list) 428 first_device = &ops->list; 429 out: 430 mutex_unlock(&net_mutex); 431 return error; 432 } 433 EXPORT_SYMBOL_GPL(register_pernet_gen_device); 434 435 /** 436 * unregister_pernet_device - unregister a network namespace netdevice 437 * @ops: pernet operations structure to manipulate 438 * 439 * Remove the pernet operations structure from the list to be 440 * used when network namespaces are created or destroyed. In 441 * addition run the exit method for all existing network 442 * namespaces. 443 */ 444 void unregister_pernet_device(struct pernet_operations *ops) 445 { 446 mutex_lock(&net_mutex); 447 if (&ops->list == first_device) 448 first_device = first_device->next; 449 unregister_pernet_operations(ops); 450 mutex_unlock(&net_mutex); 451 } 452 EXPORT_SYMBOL_GPL(unregister_pernet_device); 453 454 void unregister_pernet_gen_device(int id, struct pernet_operations *ops) 455 { 456 mutex_lock(&net_mutex); 457 if (&ops->list == first_device) 458 first_device = first_device->next; 459 unregister_pernet_operations(ops); 460 ida_remove(&net_generic_ids, id); 461 mutex_unlock(&net_mutex); 462 } 463 EXPORT_SYMBOL_GPL(unregister_pernet_gen_device); 464 465 static void net_generic_release(struct rcu_head *rcu) 466 { 467 struct net_generic *ng; 468 469 ng = container_of(rcu, struct net_generic, rcu); 470 kfree(ng); 471 } 472 473 int net_assign_generic(struct net *net, int id, void *data) 474 { 475 struct net_generic *ng, *old_ng; 476 477 BUG_ON(!mutex_is_locked(&net_mutex)); 478 BUG_ON(id == 0); 479 480 ng = old_ng = net->gen; 481 if (old_ng->len >= id) 482 goto assign; 483 484 ng = kzalloc(sizeof(struct net_generic) + 485 id * sizeof(void *), GFP_KERNEL); 486 if (ng == NULL) 487 return -ENOMEM; 488 489 /* 490 * Some synchronisation notes: 491 * 492 * The net_generic explores the net->gen array inside rcu 493 * read section. Besides once set the net->gen->ptr[x] 494 * pointer never changes (see rules in netns/generic.h). 495 * 496 * That said, we simply duplicate this array and schedule 497 * the old copy for kfree after a grace period. 498 */ 499 500 ng->len = id; 501 memcpy(&ng->ptr, &old_ng->ptr, old_ng->len); 502 503 rcu_assign_pointer(net->gen, ng); 504 call_rcu(&old_ng->rcu, net_generic_release); 505 assign: 506 ng->ptr[id - 1] = data; 507 return 0; 508 } 509 EXPORT_SYMBOL_GPL(net_assign_generic); 510