1 #include <linux/workqueue.h> 2 #include <linux/rtnetlink.h> 3 #include <linux/cache.h> 4 #include <linux/slab.h> 5 #include <linux/list.h> 6 #include <linux/delay.h> 7 #include <linux/sched.h> 8 #include <linux/idr.h> 9 #include <net/net_namespace.h> 10 11 /* 12 * Our network namespace constructor/destructor lists 13 */ 14 15 static LIST_HEAD(pernet_list); 16 static struct list_head *first_device = &pernet_list; 17 static DEFINE_MUTEX(net_mutex); 18 19 LIST_HEAD(net_namespace_list); 20 21 struct net init_net; 22 EXPORT_SYMBOL(init_net); 23 24 /* 25 * setup_net runs the initializers for the network namespace object. 26 */ 27 static __net_init int setup_net(struct net *net) 28 { 29 /* Must be called with net_mutex held */ 30 struct pernet_operations *ops; 31 int error; 32 33 atomic_set(&net->count, 1); 34 atomic_set(&net->use_count, 0); 35 36 error = 0; 37 list_for_each_entry(ops, &pernet_list, list) { 38 if (ops->init) { 39 error = ops->init(net); 40 if (error < 0) 41 goto out_undo; 42 } 43 } 44 out: 45 return error; 46 47 out_undo: 48 /* Walk through the list backwards calling the exit functions 49 * for the pernet modules whose init functions did not fail. 50 */ 51 list_for_each_entry_continue_reverse(ops, &pernet_list, list) { 52 if (ops->exit) 53 ops->exit(net); 54 } 55 56 rcu_barrier(); 57 goto out; 58 } 59 60 #ifdef CONFIG_NET_NS 61 static struct kmem_cache *net_cachep; 62 static struct workqueue_struct *netns_wq; 63 64 static struct net *net_alloc(void) 65 { 66 return kmem_cache_zalloc(net_cachep, GFP_KERNEL); 67 } 68 69 static void net_free(struct net *net) 70 { 71 if (!net) 72 return; 73 74 if (unlikely(atomic_read(&net->use_count) != 0)) { 75 printk(KERN_EMERG "network namespace not free! Usage: %d\n", 76 atomic_read(&net->use_count)); 77 return; 78 } 79 80 kmem_cache_free(net_cachep, net); 81 } 82 83 struct net *copy_net_ns(unsigned long flags, struct net *old_net) 84 { 85 struct net *new_net = NULL; 86 int err; 87 88 get_net(old_net); 89 90 if (!(flags & CLONE_NEWNET)) 91 return old_net; 92 93 err = -ENOMEM; 94 new_net = net_alloc(); 95 if (!new_net) 96 goto out; 97 98 mutex_lock(&net_mutex); 99 err = setup_net(new_net); 100 if (err) 101 goto out_unlock; 102 103 rtnl_lock(); 104 list_add_tail(&new_net->list, &net_namespace_list); 105 rtnl_unlock(); 106 107 108 out_unlock: 109 mutex_unlock(&net_mutex); 110 out: 111 put_net(old_net); 112 if (err) { 113 net_free(new_net); 114 new_net = ERR_PTR(err); 115 } 116 return new_net; 117 } 118 119 static void cleanup_net(struct work_struct *work) 120 { 121 struct pernet_operations *ops; 122 struct net *net; 123 124 net = container_of(work, struct net, work); 125 126 mutex_lock(&net_mutex); 127 128 /* Don't let anyone else find us. */ 129 rtnl_lock(); 130 list_del(&net->list); 131 rtnl_unlock(); 132 133 /* Run all of the network namespace exit methods */ 134 list_for_each_entry_reverse(ops, &pernet_list, list) { 135 if (ops->exit) 136 ops->exit(net); 137 } 138 139 mutex_unlock(&net_mutex); 140 141 /* Ensure there are no outstanding rcu callbacks using this 142 * network namespace. 143 */ 144 rcu_barrier(); 145 146 /* Finally it is safe to free my network namespace structure */ 147 net_free(net); 148 } 149 150 void __put_net(struct net *net) 151 { 152 /* Cleanup the network namespace in process context */ 153 INIT_WORK(&net->work, cleanup_net); 154 queue_work(netns_wq, &net->work); 155 } 156 EXPORT_SYMBOL_GPL(__put_net); 157 158 #else 159 struct net *copy_net_ns(unsigned long flags, struct net *old_net) 160 { 161 if (flags & CLONE_NEWNET) 162 return ERR_PTR(-EINVAL); 163 return old_net; 164 } 165 #endif 166 167 static int __init net_ns_init(void) 168 { 169 int err; 170 171 printk(KERN_INFO "net_namespace: %zd bytes\n", sizeof(struct net)); 172 #ifdef CONFIG_NET_NS 173 net_cachep = kmem_cache_create("net_namespace", sizeof(struct net), 174 SMP_CACHE_BYTES, 175 SLAB_PANIC, NULL); 176 177 /* Create workqueue for cleanup */ 178 netns_wq = create_singlethread_workqueue("netns"); 179 if (!netns_wq) 180 panic("Could not create netns workq"); 181 #endif 182 183 mutex_lock(&net_mutex); 184 err = setup_net(&init_net); 185 186 rtnl_lock(); 187 list_add_tail(&init_net.list, &net_namespace_list); 188 rtnl_unlock(); 189 190 mutex_unlock(&net_mutex); 191 if (err) 192 panic("Could not setup the initial network namespace"); 193 194 return 0; 195 } 196 197 pure_initcall(net_ns_init); 198 199 #ifdef CONFIG_NET_NS 200 static int register_pernet_operations(struct list_head *list, 201 struct pernet_operations *ops) 202 { 203 struct net *net, *undo_net; 204 int error; 205 206 list_add_tail(&ops->list, list); 207 if (ops->init) { 208 for_each_net(net) { 209 error = ops->init(net); 210 if (error) 211 goto out_undo; 212 } 213 } 214 return 0; 215 216 out_undo: 217 /* If I have an error cleanup all namespaces I initialized */ 218 list_del(&ops->list); 219 if (ops->exit) { 220 for_each_net(undo_net) { 221 if (undo_net == net) 222 goto undone; 223 ops->exit(undo_net); 224 } 225 } 226 undone: 227 return error; 228 } 229 230 static void unregister_pernet_operations(struct pernet_operations *ops) 231 { 232 struct net *net; 233 234 list_del(&ops->list); 235 if (ops->exit) 236 for_each_net(net) 237 ops->exit(net); 238 } 239 240 #else 241 242 static int register_pernet_operations(struct list_head *list, 243 struct pernet_operations *ops) 244 { 245 if (ops->init == NULL) 246 return 0; 247 return ops->init(&init_net); 248 } 249 250 static void unregister_pernet_operations(struct pernet_operations *ops) 251 { 252 if (ops->exit) 253 ops->exit(&init_net); 254 } 255 #endif 256 257 static DEFINE_IDA(net_generic_ids); 258 259 /** 260 * register_pernet_subsys - register a network namespace subsystem 261 * @ops: pernet operations structure for the subsystem 262 * 263 * Register a subsystem which has init and exit functions 264 * that are called when network namespaces are created and 265 * destroyed respectively. 266 * 267 * When registered all network namespace init functions are 268 * called for every existing network namespace. Allowing kernel 269 * modules to have a race free view of the set of network namespaces. 270 * 271 * When a new network namespace is created all of the init 272 * methods are called in the order in which they were registered. 273 * 274 * When a network namespace is destroyed all of the exit methods 275 * are called in the reverse of the order with which they were 276 * registered. 277 */ 278 int register_pernet_subsys(struct pernet_operations *ops) 279 { 280 int error; 281 mutex_lock(&net_mutex); 282 error = register_pernet_operations(first_device, ops); 283 mutex_unlock(&net_mutex); 284 return error; 285 } 286 EXPORT_SYMBOL_GPL(register_pernet_subsys); 287 288 /** 289 * unregister_pernet_subsys - unregister a network namespace subsystem 290 * @ops: pernet operations structure to manipulate 291 * 292 * Remove the pernet operations structure from the list to be 293 * used when network namespaces are created or destroyed. In 294 * addition run the exit method for all existing network 295 * namespaces. 296 */ 297 void unregister_pernet_subsys(struct pernet_operations *module) 298 { 299 mutex_lock(&net_mutex); 300 unregister_pernet_operations(module); 301 mutex_unlock(&net_mutex); 302 } 303 EXPORT_SYMBOL_GPL(unregister_pernet_subsys); 304 305 /** 306 * register_pernet_device - register a network namespace device 307 * @ops: pernet operations structure for the subsystem 308 * 309 * Register a device which has init and exit functions 310 * that are called when network namespaces are created and 311 * destroyed respectively. 312 * 313 * When registered all network namespace init functions are 314 * called for every existing network namespace. Allowing kernel 315 * modules to have a race free view of the set of network namespaces. 316 * 317 * When a new network namespace is created all of the init 318 * methods are called in the order in which they were registered. 319 * 320 * When a network namespace is destroyed all of the exit methods 321 * are called in the reverse of the order with which they were 322 * registered. 323 */ 324 int register_pernet_device(struct pernet_operations *ops) 325 { 326 int error; 327 mutex_lock(&net_mutex); 328 error = register_pernet_operations(&pernet_list, ops); 329 if (!error && (first_device == &pernet_list)) 330 first_device = &ops->list; 331 mutex_unlock(&net_mutex); 332 return error; 333 } 334 EXPORT_SYMBOL_GPL(register_pernet_device); 335 336 int register_pernet_gen_device(int *id, struct pernet_operations *ops) 337 { 338 int error; 339 mutex_lock(&net_mutex); 340 again: 341 error = ida_get_new_above(&net_generic_ids, 1, id); 342 if (error) { 343 if (error == -EAGAIN) { 344 ida_pre_get(&net_generic_ids, GFP_KERNEL); 345 goto again; 346 } 347 goto out; 348 } 349 error = register_pernet_operations(&pernet_list, ops); 350 if (error) 351 ida_remove(&net_generic_ids, *id); 352 else if (first_device == &pernet_list) 353 first_device = &ops->list; 354 out: 355 mutex_unlock(&net_mutex); 356 return error; 357 } 358 EXPORT_SYMBOL_GPL(register_pernet_gen_device); 359 360 /** 361 * unregister_pernet_device - unregister a network namespace netdevice 362 * @ops: pernet operations structure to manipulate 363 * 364 * Remove the pernet operations structure from the list to be 365 * used when network namespaces are created or destroyed. In 366 * addition run the exit method for all existing network 367 * namespaces. 368 */ 369 void unregister_pernet_device(struct pernet_operations *ops) 370 { 371 mutex_lock(&net_mutex); 372 if (&ops->list == first_device) 373 first_device = first_device->next; 374 unregister_pernet_operations(ops); 375 mutex_unlock(&net_mutex); 376 } 377 EXPORT_SYMBOL_GPL(unregister_pernet_device); 378 379 void unregister_pernet_gen_device(int id, struct pernet_operations *ops) 380 { 381 mutex_lock(&net_mutex); 382 if (&ops->list == first_device) 383 first_device = first_device->next; 384 unregister_pernet_operations(ops); 385 ida_remove(&net_generic_ids, id); 386 mutex_unlock(&net_mutex); 387 } 388 EXPORT_SYMBOL_GPL(unregister_pernet_gen_device); 389