From: ebiederm@xmission•com (Eric W. Biederman)
To: Stephen Hemminger <shemminger@vyatta•com>
Cc: netdev@vger•kernel.org
Subject: Re: network namespace and kernel bind issue
Date: Mon, 01 Oct 2012 15:40:56 -0700 [thread overview]
Message-ID: <87fw5xeryf.fsf@xmission.com> (raw)
In-Reply-To: <20121001145838.5eafef4c@nehalam.linuxnetplumber.net> (Stephen Hemminger's message of "Mon, 1 Oct 2012 14:58:38 -0700")
Stephen Hemminger <shemminger@vyatta•com> writes:
> On Mon, 1 Oct 2012 14:16:09 -0700
> Stephen Hemminger <shemminger@vyatta•com> wrote:
>
>> When testing VXLAN I noticed that the kernel bind seems to be a problem for
>> network tunnels. The init_net function is called repeatedly for the same
>> network namespace!
It definitely should not be.
>> 1. Create vxlan device:
>> # ip li add vxlan0 type vxlan id 11 group 239.1.1.1 dev eth0
>> # dmesg | tail
>> [11580.671016] vxlan: vxlan_init_net in net 1
Net 1? What are you printing out? It isn't the net_id by any chance?
>> 2. Start Chrome (or other application using namespaces)
>>
>> dmesg | tail
>> [11587.371195] vxlan: vxlan_init_net in net 1
>> [11587.371211] vxlan: bind for UDP socket 0.0.0.0:8472 (-98)
>>
>>
>> Isn't init_net supposed to be unique. The current semantics also break
>> L2TP.
The init method should be called exactly once per network namespace.
The timing of the init methods you report seems correct.
The vxlan code isn't in net-next or I would take a look.
I took a quick look at l2tp and the code is doing some weird things.
There are a bunch of references to &init_net that I would expect
to references to either sk_net() or dev_net().
Adding support for multiple network namespaces and then reaching
out to the initial network namespace for things is definitely a recipe
for getting confused.
So my blind guess would be that someone half implemented network
namespace support for l2tp and vxlan copied the bugs.
Eric
>> This is with 3.6.0-rc7-net-next
>
> Here is back trace from where duplicate network namespace init gets done.
> [13532.579900] vxlan: bind for UDP socket 0.0.0.0:8472 (-98)
> [13532.579903] ------------[ cut here ]------------
> [13532.579906] WARNING: at drivers/net/vxlan.c:1148 vxlan_init_net+0xc9/0x126 [vxlan]()
> [13532.579907] Hardware name: System Product Name
> [13532.579908] Modules linked in: vxlan nfnetlink_log nfnetlink ip6table_filter ip6_tables ebtable_nat ebtables ipt_MASQUERADE iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack ipt_REJECT xt_CHECKSUM iptable_mangle xt_tcpudp iptable_filter ip_tables x_tables tun bridge stp llc cpufreq_stats cpufreq_powersave cpufreq_conservative cpufreq_userspace binfmt_misc fuse loop snd_hda_codec_hdmi snd_hda_codec_realtek i915 hid_belkin hid_generic snd_hda_intel evdev snd_hda_codec drm_kms_helper snd_hwdep drm snd_pcm_oss snd_pcm psmouse microcode snd_page_alloc serio_raw pcspkr i2c_i801 snd_timer i2c_algo_bit i2c_core acpi_cpufreq mperf processor video button btrfs libcrc32c lzo_compress zlib_deflate crc32c_intel ghash_clmulni_intel aesni_intel aes_x86_64 ablk_hel
per cryptd usbhid hid ixgbe r8169 mii mdio thermal [last unloaded: vxlan]
> [13532.579965] Pid: 7130, comm: chromium-sandbo Not tainted 3.6.0-rc7-net-next+ #10
> [13532.579966] Call Trace:
> [13532.579972] [<ffffffff8106674e>] warn_slowpath_common+0x83/0x9c
> [13532.579974] [<ffffffff81066781>] warn_slowpath_null+0x1a/0x1c
> [13532.579976] [<ffffffffa03ea87d>] vxlan_init_net+0xc9/0x126 [vxlan]
> [13532.579980] [<ffffffff8136b4dd>] ops_init+0xcd/0xfc
> [13532.579982] [<ffffffff8136b824>] setup_net+0x51/0xd8
> [13532.579984] [<ffffffff8136bd37>] copy_net_ns+0x6c/0xd7
> [13532.579987] [<ffffffff810882bb>] create_new_namespaces+0xd8/0x14f
> [13532.579989] [<ffffffff81088417>] copy_namespaces+0x69/0x9e
> [13532.579991] [<ffffffff81065b10>] copy_process.part.27+0x12ae/0x12f5
> [13532.579994] [<ffffffff8144170f>] ? do_page_fault+0x2fb/0x37c
> [13532.579997] [<ffffffff8111d4d8>] ? might_fault+0x5c/0xac
> [13532.579998] [<ffffffff81065cb2>] do_fork+0x120/0x2fc
> [13532.580001] [<ffffffff810e7343>] ? time_hardirqs_off+0x15/0x2a
> [13532.580004] [<ffffffff8143ea53>] ? error_sti+0x5/0x6
> [13532.580007] [<ffffffff810a7204>] ? trace_hardirqs_off_caller+0x3f/0x9e
> [13532.580009] [<ffffffff8143e646>] ? retint_swapgs+0xe/0x13
> [13532.580012] [<ffffffff8103e541>] sys_clone+0x28/0x2a
> [13532.580014] [<ffffffff814450e3>] stub_clone+0x13/0x20
> [13532.580016] [<ffffffff81444d92>] ? system_call_fastpath+0x16/0x1b
> [13532.580018] ---[ end trace 2c2b222e23a4d880 ]---
> [13573.765721] vxlan: bind for UDP socket 0.0.0.0:8472 (-98)
next parent reply other threads:[~2012-10-01 22:41 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20121001141609.14639bc0@nehalam.linuxnetplumber.net>
[not found] ` <20121001145838.5eafef4c@nehalam.linuxnetplumber.net>
2012-10-01 22:40 ` Eric W. Biederman [this message]
2012-10-01 22:57 ` network namespace and kernel bind issue Stephen Hemminger
2012-10-01 23:11 ` Eric W. Biederman
2012-10-01 23:32 ` Stephen Hemminger
2012-10-02 0:35 ` Eric W. Biederman
2012-10-02 0:48 ` Stephen Hemminger
2012-10-02 6:15 ` Julian Anastasov
2012-10-02 15:51 ` Stephen Hemminger
2012-10-02 0:51 ` [PATCH net-next] vxlan: put UDP socket in correct namespace Stephen Hemminger
2012-10-02 0:58 ` Eric W. Biederman
2012-10-02 4:49 ` [PATCHv2 " Stephen Hemminger
2012-10-02 15:18 ` Eric W. Biederman
2012-10-02 18:39 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87fw5xeryf.fsf@xmission.com \
--to=ebiederm@xmission$(echo .)com \
--cc=netdev@vger$(echo .)kernel.org \
--cc=shemminger@vyatta$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox