Re: [tipc-discussion] [net-next] tipc: improve throughput between nodes in netns

[Hoang L. <hoa...@de...>]

Hi Eric,

Thanks for quick feedback.
See my inline answer.

Regards,
Hoang
-----Original Message-----
From: Eric Dumazet <eri...@gm...> 
Sent: Tuesday, October 22, 2019 9:41 AM
To: Hoang Le <hoa...@de...>; jon...@er...; ma...@do...; tip...@li...; ne...@vg...
Subject: Re: [net-next] tipc: improve throughput between nodes in netns


On 10/21/19 7:20 PM, Hoang Le wrote:
>  	n->net = net;
>  	n->capabilities = capabilities;
> +	n->pnet = NULL;
> +	for_each_net_rcu(tmp) {

This does not scale well, if say you have a thousand netns ?
[Hoang] This check execs only once at setup step. So we get no problem with huge namespaces.

> +		tn_peer = net_generic(tmp, tipc_net_id);
> +		if (!tn_peer)
> +			continue;
> +		/* Integrity checking whether node exists in namespace or not */
> +		if (tn_peer->net_id != tn->net_id)
> +			continue;
> +		if (memcmp(peer_id, tn_peer->node_id, NODE_ID_LEN))
> +			continue;
> +
> +		hash_chk = tn_peer->random;
> +		hash_chk ^= net_hash_mix(&init_net);

Why the xor with net_hash_mix(&init_net) is needed ?
[Hoang] We're trying to eliminate a sniff at injectable discovery message. 
Building hash-mixes as much as possible is to prevent fake discovery messages.

> +		hash_chk ^= net_hash_mix(tmp);
> +		if (hash_chk ^ hash_mixes)
> +			continue;
> +		n->pnet = tmp;
> +		break;
> +	}


How can we set n->pnet without increasing netns ->count ?
Using check_net() later might trigger an use-after-free.

[Hoang] In this case, peer node is down. I assume the tipc xmit function already bypassed these lines.