1 #include <linux/workqueue.h> 2 #include <linux/rtnetlink.h> 3 #include <linux/cache.h> 4 #include <linux/slab.h> 5 #include <linux/list.h> 6 #include <linux/delay.h> 7 #include <linux/sched.h> 8 #include <linux/idr.h> 9 #include <net/net_namespace.h> 10 #include <net/netns/generic.h> 11 12 /* 13 * Our network namespace constructor/destructor lists 14 */ 15 16 static LIST_HEAD(pernet_list); 17 static struct list_head *first_device = &pernet_list; 18 static DEFINE_MUTEX(net_mutex); 19 20 LIST_HEAD(net_namespace_list); 21 EXPORT_SYMBOL_GPL(net_namespace_list); 22 23 struct net init_net; 24 EXPORT_SYMBOL(init_net); 25 26 #define INITIAL_NET_GEN_PTRS 13 /* +1 for len +2 for rcu_head */ 27 28 /* 29 * setup_net runs the initializers for the network namespace object. 30 */ 31 static __net_init int setup_net(struct net *net) 32 { 33 /* Must be called with net_mutex held */ 34 struct pernet_operations *ops; 35 int error = 0; 36 37 atomic_set(&net->count, 1); 38 39 #ifdef NETNS_REFCNT_DEBUG 40 atomic_set(&net->use_count, 0); 41 #endif 42 43 list_for_each_entry(ops, &pernet_list, list) { 44 if (ops->init) { 45 error = ops->init(net); 46 if (error < 0) 47 goto out_undo; 48 } 49 } 50 out: 51 return error; 52 53 out_undo: 54 /* Walk through the list backwards calling the exit functions 55 * for the pernet modules whose init functions did not fail. 56 */ 57 list_for_each_entry_continue_reverse(ops, &pernet_list, list) { 58 if (ops->exit) 59 ops->exit(net); 60 } 61 62 rcu_barrier(); 63 goto out; 64 } 65 66 static struct net_generic *net_alloc_generic(void) 67 { 68 struct net_generic *ng; 69 size_t generic_size = sizeof(struct net_generic) + 70 INITIAL_NET_GEN_PTRS * sizeof(void *); 71 72 ng = kzalloc(generic_size, GFP_KERNEL); 73 if (ng) 74 ng->len = INITIAL_NET_GEN_PTRS; 75 76 return ng; 77 } 78 79 #ifdef CONFIG_NET_NS 80 static struct kmem_cache *net_cachep; 81 static struct workqueue_struct *netns_wq; 82 83 static struct net *net_alloc(void) 84 { 85 struct net *net = NULL; 86 struct net_generic *ng; 87 88 ng = net_alloc_generic(); 89 if (!ng) 90 goto out; 91 92 net = kmem_cache_zalloc(net_cachep, GFP_KERNEL); 93 if (!net) 94 goto out_free; 95 96 rcu_assign_pointer(net->gen, ng); 97 out: 98 return net; 99 100 out_free: 101 kfree(ng); 102 goto out; 103 } 104 105 static void net_free(struct net *net) 106 { 107 #ifdef NETNS_REFCNT_DEBUG 108 if (unlikely(atomic_read(&net->use_count) != 0)) { 109 printk(KERN_EMERG "network namespace not free! Usage: %d\n", 110 atomic_read(&net->use_count)); 111 return; 112 } 113 #endif 114 kfree(net->gen); 115 kmem_cache_free(net_cachep, net); 116 } 117 118 static struct net *net_create(void) 119 { 120 struct net *net; 121 int rv; 122 123 net = net_alloc(); 124 if (!net) 125 return ERR_PTR(-ENOMEM); 126 mutex_lock(&net_mutex); 127 rv = setup_net(net); 128 if (rv == 0) { 129 rtnl_lock(); 130 list_add_tail(&net->list, &net_namespace_list); 131 rtnl_unlock(); 132 } 133 mutex_unlock(&net_mutex); 134 if (rv < 0) { 135 net_free(net); 136 return ERR_PTR(rv); 137 } 138 return net; 139 } 140 141 struct net *copy_net_ns(unsigned long flags, struct net *old_net) 142 { 143 if (!(flags & CLONE_NEWNET)) 144 return get_net(old_net); 145 return net_create(); 146 } 147 148 static void cleanup_net(struct work_struct *work) 149 { 150 struct pernet_operations *ops; 151 struct net *net; 152 153 net = container_of(work, struct net, work); 154 155 mutex_lock(&net_mutex); 156 157 /* Don't let anyone else find us. */ 158 rtnl_lock(); 159 list_del(&net->list); 160 rtnl_unlock(); 161 162 /* Run all of the network namespace exit methods */ 163 list_for_each_entry_reverse(ops, &pernet_list, list) { 164 if (ops->exit) 165 ops->exit(net); 166 } 167 168 mutex_unlock(&net_mutex); 169 170 /* Ensure there are no outstanding rcu callbacks using this 171 * network namespace. 172 */ 173 rcu_barrier(); 174 175 /* Finally it is safe to free my network namespace structure */ 176 net_free(net); 177 } 178 179 void __put_net(struct net *net) 180 { 181 /* Cleanup the network namespace in process context */ 182 INIT_WORK(&net->work, cleanup_net); 183 queue_work(netns_wq, &net->work); 184 } 185 EXPORT_SYMBOL_GPL(__put_net); 186 187 #else 188 struct net *copy_net_ns(unsigned long flags, struct net *old_net) 189 { 190 if (flags & CLONE_NEWNET) 191 return ERR_PTR(-EINVAL); 192 return old_net; 193 } 194 #endif 195 196 static int __init net_ns_init(void) 197 { 198 struct net_generic *ng; 199 int err; 200 201 #ifdef CONFIG_NET_NS 202 net_cachep = kmem_cache_create("net_namespace", sizeof(struct net), 203 SMP_CACHE_BYTES, 204 SLAB_PANIC, NULL); 205 206 /* Create workqueue for cleanup */ 207 netns_wq = create_singlethread_workqueue("netns"); 208 if (!netns_wq) 209 panic("Could not create netns workq"); 210 #endif 211 212 ng = net_alloc_generic(); 213 if (!ng) 214 panic("Could not allocate generic netns"); 215 216 rcu_assign_pointer(init_net.gen, ng); 217 218 mutex_lock(&net_mutex); 219 err = setup_net(&init_net); 220 221 rtnl_lock(); 222 list_add_tail(&init_net.list, &net_namespace_list); 223 rtnl_unlock(); 224 225 mutex_unlock(&net_mutex); 226 if (err) 227 panic("Could not setup the initial network namespace"); 228 229 return 0; 230 } 231 232 pure_initcall(net_ns_init); 233 234 #ifdef CONFIG_NET_NS 235 static int register_pernet_operations(struct list_head *list, 236 struct pernet_operations *ops) 237 { 238 struct net *net, *undo_net; 239 int error; 240 241 list_add_tail(&ops->list, list); 242 if (ops->init) { 243 for_each_net(net) { 244 error = ops->init(net); 245 if (error) 246 goto out_undo; 247 } 248 } 249 return 0; 250 251 out_undo: 252 /* If I have an error cleanup all namespaces I initialized */ 253 list_del(&ops->list); 254 if (ops->exit) { 255 for_each_net(undo_net) { 256 if (undo_net == net) 257 goto undone; 258 ops->exit(undo_net); 259 } 260 } 261 undone: 262 return error; 263 } 264 265 static void unregister_pernet_operations(struct pernet_operations *ops) 266 { 267 struct net *net; 268 269 list_del(&ops->list); 270 if (ops->exit) 271 for_each_net(net) 272 ops->exit(net); 273 } 274 275 #else 276 277 static int register_pernet_operations(struct list_head *list, 278 struct pernet_operations *ops) 279 { 280 if (ops->init == NULL) 281 return 0; 282 return ops->init(&init_net); 283 } 284 285 static void unregister_pernet_operations(struct pernet_operations *ops) 286 { 287 if (ops->exit) 288 ops->exit(&init_net); 289 } 290 #endif 291 292 static DEFINE_IDA(net_generic_ids); 293 294 /** 295 * register_pernet_subsys - register a network namespace subsystem 296 * @ops: pernet operations structure for the subsystem 297 * 298 * Register a subsystem which has init and exit functions 299 * that are called when network namespaces are created and 300 * destroyed respectively. 301 * 302 * When registered all network namespace init functions are 303 * called for every existing network namespace. Allowing kernel 304 * modules to have a race free view of the set of network namespaces. 305 * 306 * When a new network namespace is created all of the init 307 * methods are called in the order in which they were registered. 308 * 309 * When a network namespace is destroyed all of the exit methods 310 * are called in the reverse of the order with which they were 311 * registered. 312 */ 313 int register_pernet_subsys(struct pernet_operations *ops) 314 { 315 int error; 316 mutex_lock(&net_mutex); 317 error = register_pernet_operations(first_device, ops); 318 mutex_unlock(&net_mutex); 319 return error; 320 } 321 EXPORT_SYMBOL_GPL(register_pernet_subsys); 322 323 /** 324 * unregister_pernet_subsys - unregister a network namespace subsystem 325 * @ops: pernet operations structure to manipulate 326 * 327 * Remove the pernet operations structure from the list to be 328 * used when network namespaces are created or destroyed. In 329 * addition run the exit method for all existing network 330 * namespaces. 331 */ 332 void unregister_pernet_subsys(struct pernet_operations *module) 333 { 334 mutex_lock(&net_mutex); 335 unregister_pernet_operations(module); 336 mutex_unlock(&net_mutex); 337 } 338 EXPORT_SYMBOL_GPL(unregister_pernet_subsys); 339 340 int register_pernet_gen_subsys(int *id, struct pernet_operations *ops) 341 { 342 int rv; 343 344 mutex_lock(&net_mutex); 345 again: 346 rv = ida_get_new_above(&net_generic_ids, 1, id); 347 if (rv < 0) { 348 if (rv == -EAGAIN) { 349 ida_pre_get(&net_generic_ids, GFP_KERNEL); 350 goto again; 351 } 352 goto out; 353 } 354 rv = register_pernet_operations(first_device, ops); 355 if (rv < 0) 356 ida_remove(&net_generic_ids, *id); 357 out: 358 mutex_unlock(&net_mutex); 359 return rv; 360 } 361 EXPORT_SYMBOL_GPL(register_pernet_gen_subsys); 362 363 void unregister_pernet_gen_subsys(int id, struct pernet_operations *ops) 364 { 365 mutex_lock(&net_mutex); 366 unregister_pernet_operations(ops); 367 ida_remove(&net_generic_ids, id); 368 mutex_unlock(&net_mutex); 369 } 370 EXPORT_SYMBOL_GPL(unregister_pernet_gen_subsys); 371 372 /** 373 * register_pernet_device - register a network namespace device 374 * @ops: pernet operations structure for the subsystem 375 * 376 * Register a device which has init and exit functions 377 * that are called when network namespaces are created and 378 * destroyed respectively. 379 * 380 * When registered all network namespace init functions are 381 * called for every existing network namespace. Allowing kernel 382 * modules to have a race free view of the set of network namespaces. 383 * 384 * When a new network namespace is created all of the init 385 * methods are called in the order in which they were registered. 386 * 387 * When a network namespace is destroyed all of the exit methods 388 * are called in the reverse of the order with which they were 389 * registered. 390 */ 391 int register_pernet_device(struct pernet_operations *ops) 392 { 393 int error; 394 mutex_lock(&net_mutex); 395 error = register_pernet_operations(&pernet_list, ops); 396 if (!error && (first_device == &pernet_list)) 397 first_device = &ops->list; 398 mutex_unlock(&net_mutex); 399 return error; 400 } 401 EXPORT_SYMBOL_GPL(register_pernet_device); 402 403 int register_pernet_gen_device(int *id, struct pernet_operations *ops) 404 { 405 int error; 406 mutex_lock(&net_mutex); 407 again: 408 error = ida_get_new_above(&net_generic_ids, 1, id); 409 if (error) { 410 if (error == -EAGAIN) { 411 ida_pre_get(&net_generic_ids, GFP_KERNEL); 412 goto again; 413 } 414 goto out; 415 } 416 error = register_pernet_operations(&pernet_list, ops); 417 if (error) 418 ida_remove(&net_generic_ids, *id); 419 else if (first_device == &pernet_list) 420 first_device = &ops->list; 421 out: 422 mutex_unlock(&net_mutex); 423 return error; 424 } 425 EXPORT_SYMBOL_GPL(register_pernet_gen_device); 426 427 /** 428 * unregister_pernet_device - unregister a network namespace netdevice 429 * @ops: pernet operations structure to manipulate 430 * 431 * Remove the pernet operations structure from the list to be 432 * used when network namespaces are created or destroyed. In 433 * addition run the exit method for all existing network 434 * namespaces. 435 */ 436 void unregister_pernet_device(struct pernet_operations *ops) 437 { 438 mutex_lock(&net_mutex); 439 if (&ops->list == first_device) 440 first_device = first_device->next; 441 unregister_pernet_operations(ops); 442 mutex_unlock(&net_mutex); 443 } 444 EXPORT_SYMBOL_GPL(unregister_pernet_device); 445 446 void unregister_pernet_gen_device(int id, struct pernet_operations *ops) 447 { 448 mutex_lock(&net_mutex); 449 if (&ops->list == first_device) 450 first_device = first_device->next; 451 unregister_pernet_operations(ops); 452 ida_remove(&net_generic_ids, id); 453 mutex_unlock(&net_mutex); 454 } 455 EXPORT_SYMBOL_GPL(unregister_pernet_gen_device); 456 457 static void net_generic_release(struct rcu_head *rcu) 458 { 459 struct net_generic *ng; 460 461 ng = container_of(rcu, struct net_generic, rcu); 462 kfree(ng); 463 } 464 465 int net_assign_generic(struct net *net, int id, void *data) 466 { 467 struct net_generic *ng, *old_ng; 468 469 BUG_ON(!mutex_is_locked(&net_mutex)); 470 BUG_ON(id == 0); 471 472 ng = old_ng = net->gen; 473 if (old_ng->len >= id) 474 goto assign; 475 476 ng = kzalloc(sizeof(struct net_generic) + 477 id * sizeof(void *), GFP_KERNEL); 478 if (ng == NULL) 479 return -ENOMEM; 480 481 /* 482 * Some synchronisation notes: 483 * 484 * The net_generic explores the net->gen array inside rcu 485 * read section. Besides once set the net->gen->ptr[x] 486 * pointer never changes (see rules in netns/generic.h). 487 * 488 * That said, we simply duplicate this array and schedule 489 * the old copy for kfree after a grace period. 490 */ 491 492 ng->len = id; 493 memcpy(&ng->ptr, &old_ng->ptr, old_ng->len); 494 495 rcu_assign_pointer(net->gen, ng); 496 call_rcu(&old_ng->rcu, net_generic_release); 497 assign: 498 ng->ptr[id - 1] = data; 499 return 0; 500 } 501 EXPORT_SYMBOL_GPL(net_assign_generic); 502