Commit f5769fae authored by Eric Dumazet's avatar Eric Dumazet Committed by David S. Miller
Browse files

net: Namespace-ify sysctl_optmem_max 



optmem_max being used in tx zerocopy,
we want to be able to control it on a netns basis.

Following patch changes two tests.

Tested:

oqq130:~# cat /proc/sys/net/core/optmem_max
131072
oqq130:~# echo 1000000 >/proc/sys/net/core/optmem_max
oqq130:~# cat /proc/sys/net/core/optmem_max
1000000
oqq130:~# unshare -n
oqq130:~# cat /proc/sys/net/core/optmem_max
131072
oqq130:~# exit
logout
oqq130:~# cat /proc/sys/net/core/optmem_max
1000000

Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
Reviewed-by: default avatarWillem de Bruijn <willemb@google.com>
Acked-by: default avatarNeal Cardwell <ncardwell@google.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 49445667

include/net/netns/core.h

+1 −0
Original line number Diff line number Diff line
@@ -13,6 +13,7 @@ struct netns_core { 
	struct ctl_table_header	*sysctl_hdr;



	int	sysctl_somaxconn;

	int	sysctl_optmem_max;

	u8	sysctl_txrehash;



#ifdef CONFIG_PROC_FS

include/net/sock.h

+0 −1
Original line number Diff line number Diff line
@@ -2920,7 +2920,6 @@ extern __u32 sysctl_wmem_max; 
extern __u32 sysctl_rmem_max;



extern int sysctl_tstamp_allow_data;

extern int sysctl_optmem_max;



extern __u32 sysctl_wmem_default;

extern __u32 sysctl_rmem_default;

net/core/bpf_sk_storage.c

+2 −1
Original line number Diff line number Diff line
@@ -275,9 +275,10 @@ BPF_CALL_2(bpf_sk_storage_delete, struct bpf_map *, map, struct sock *, sk) 
static int bpf_sk_storage_charge(struct bpf_local_storage_map *smap,

				 void *owner, u32 size)

{

	int optmem_max = READ_ONCE(sysctl_optmem_max);

	struct sock *sk = (struct sock *)owner;

	int optmem_max;



	optmem_max = READ_ONCE(sock_net(sk)->core.sysctl_optmem_max);

	/* same check as in sock_kmalloc() */

	if (size <= optmem_max &&

	    atomic_read(&sk->sk_omem_alloc) + size < optmem_max) {

net/core/filter.c

+7 −5
Original line number Diff line number Diff line
@@ -1219,8 +1219,8 @@ void sk_filter_uncharge(struct sock *sk, struct sk_filter *fp) 
 */

static bool __sk_filter_charge(struct sock *sk, struct sk_filter *fp)

{

	int optmem_max = READ_ONCE(sock_net(sk)->core.sysctl_optmem_max);

	u32 filter_size = bpf_prog_size(fp->prog->len);

	int optmem_max = READ_ONCE(sysctl_optmem_max);



	/* same check as in sock_kmalloc() */

	if (filter_size <= optmem_max &&
@@ -1550,12 +1550,13 @@ EXPORT_SYMBOL_GPL(sk_attach_filter); 
int sk_reuseport_attach_filter(struct sock_fprog *fprog, struct sock *sk)

{

	struct bpf_prog *prog = __get_filter(fprog, sk);

	int err;

	int err, optmem_max;



	if (IS_ERR(prog))

		return PTR_ERR(prog);



	if (bpf_prog_size(prog->len) > READ_ONCE(sysctl_optmem_max))

	optmem_max = READ_ONCE(sock_net(sk)->core.sysctl_optmem_max);

	if (bpf_prog_size(prog->len) > optmem_max)

		err = -ENOMEM;

	else

		err = reuseport_attach_prog(sk, prog);
@@ -1594,7 +1595,7 @@ int sk_attach_bpf(u32 ufd, struct sock *sk) 
int sk_reuseport_attach_bpf(u32 ufd, struct sock *sk)

{

	struct bpf_prog *prog;

	int err;

	int err, optmem_max;



	if (sock_flag(sk, SOCK_FILTER_LOCKED))

		return -EPERM;
@@ -1622,7 +1623,8 @@ int sk_reuseport_attach_bpf(u32 ufd, struct sock *sk) 
		}

	} else {

		/* BPF_PROG_TYPE_SOCKET_FILTER */

		if (bpf_prog_size(prog->len) > READ_ONCE(sysctl_optmem_max)) {

		optmem_max = READ_ONCE(sock_net(sk)->core.sysctl_optmem_max);

		if (bpf_prog_size(prog->len) > optmem_max) {

			err = -ENOMEM;

			goto err_prog_put;

		}

net/core/net_namespace.c

+4 −0
Original line number Diff line number Diff line
@@ -372,6 +372,10 @@ static __net_init int setup_net(struct net *net, struct user_namespace *user_ns) 
static int __net_init net_defaults_init_net(struct net *net)

{

	net->core.sysctl_somaxconn = SOMAXCONN;

	/* Limits per socket sk_omem_alloc usage.

	 * TCP zerocopy regular usage needs 128 KB.

	 */

	net->core.sysctl_optmem_max = 128 * 1024;

	net->core.sysctl_txrehash = SOCK_TXREHASH_ENABLED;



	return 0;