Commit 728dba3a authored by Eric W. Biederman's avatar Eric W. Biederman
Browse files

namespaces: Use task_lock and not rcu to protect nsproxy 



The synchronous syncrhonize_rcu in switch_task_namespaces makes setns
a sufficiently expensive system call that people have complained.

Upon inspect nsproxy no longer needs rcu protection for remote reads.
remote reads are rare.  So optimize for same process reads and write
by switching using rask_lock instead.

This yields a simpler to understand lock, and a faster setns system call.

In particular this fixes a performance regression observed
by Rafael David Tinoco <rafael.tinoco@canonical.com>.

This is effectively a revert of Pavel Emelyanov's commit
cf7b708c Make access to task's nsproxy lighter
from 2007.  The race this originialy fixed no longer exists as
do_notify_parent uses task_active_pid_ns(parent) instead of
parent->nsproxy.

Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
parent 9a3c4145

fs/namespace.c

+3 −3
Original line number Diff line number Diff line
@@ -2972,13 +2972,13 @@ static void *mntns_get(struct task_struct *task) 
	struct mnt_namespace *ns = NULL;

	struct nsproxy *nsproxy;



	rcu_read_lock();

	nsproxy = task_nsproxy(task);

	task_lock(task);

	nsproxy = task->nsproxy;

	if (nsproxy) {

		ns = nsproxy->mnt_ns;

		get_mnt_ns(ns);

	}

	rcu_read_unlock();

	task_unlock(task);



	return ns;

}

fs/proc/proc_net.c

+3 −1
Original line number Diff line number Diff line
@@ -113,9 +113,11 @@ static struct net *get_proc_task_net(struct inode *dir) 
	rcu_read_lock();

	task = pid_task(proc_pid(dir), PIDTYPE_PID);

	if (task != NULL) {

		ns = task_nsproxy(task);

		task_lock(task);

		ns = task->nsproxy;

		if (ns != NULL)

			net = get_net(ns->net_ns);

		task_unlock(task);

	}

	rcu_read_unlock();

fs/proc_namespace.c

+3 −5
Original line number Diff line number Diff line
@@ -232,17 +232,15 @@ static int mounts_open_common(struct inode *inode, struct file *file, 
	if (!task)

		goto err;



	rcu_read_lock();

	nsp = task_nsproxy(task);

	task_lock(task);

	nsp = task->nsproxy;

	if (!nsp || !nsp->mnt_ns) {

		rcu_read_unlock();

		task_unlock(task);

		put_task_struct(task);

		goto err;

	}

	ns = nsp->mnt_ns;

	get_mnt_ns(ns);

	rcu_read_unlock();

	task_lock(task);

	if (!task->fs) {

		task_unlock(task);

		put_task_struct(task);

include/linux/nsproxy.h

+6 −10
Original line number Diff line number Diff line
@@ -40,32 +40,28 @@ extern struct nsproxy init_nsproxy; 
 * the namespaces access rules are:

 *

 *  1. only current task is allowed to change tsk->nsproxy pointer or

 *     any pointer on the nsproxy itself

 *     any pointer on the nsproxy itself.  Current must hold the task_lock

 *     when changing tsk->nsproxy.

 *

 *  2. when accessing (i.e. reading) current task's namespaces - no

 *     precautions should be taken - just dereference the pointers

 *

 *  3. the access to other task namespaces is performed like this

 *     rcu_read_lock();

 *     nsproxy = task_nsproxy(tsk);

 *     task_lock(task);

 *     nsproxy = task->nsproxy;

 *     if (nsproxy != NULL) {

 *             / *

 *               * work with the namespaces here

 *               * e.g. get the reference on one of them

 *               * /

 *     } / *

 *         * NULL task_nsproxy() means that this task is

 *         * NULL task->nsproxy means that this task is

 *         * almost dead (zombie)

 *         * /

 *     rcu_read_unlock();

 *     task_unlock(task);

 *

 */



static inline struct nsproxy *task_nsproxy(struct task_struct *tsk)

{

	return rcu_dereference(tsk->nsproxy);

}



int copy_namespaces(unsigned long flags, struct task_struct *tsk);

void exit_task_namespaces(struct task_struct *tsk);

void switch_task_namespaces(struct task_struct *tsk, struct nsproxy *new);

ipc/namespace.c

+3 −3
Original line number Diff line number Diff line
@@ -154,11 +154,11 @@ static void *ipcns_get(struct task_struct *task) 
	struct ipc_namespace *ns = NULL;

	struct nsproxy *nsproxy;



	rcu_read_lock();

	nsproxy = task_nsproxy(task);

	task_lock(task);

	nsproxy = task->nsproxy;

	if (nsproxy)

		ns = get_ipc_ns(nsproxy->ipc_ns);

	rcu_read_unlock();

	task_unlock(task);



	return ns;

}

CRA Git | Maintained and supported by SUSTech CRA and CCSE