From nobody Sun Jun 14 00:20:58 2026 Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6F1023DCDBE for ; Tue, 5 May 2026 07:20:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777965626; cv=none; b=OYsaSAWzB94Gi1XtgaSf0uxEE8bervbGKRe9XRBcOPtrIXId1pB0wt1B8ox0o3xXkHHpeXRUrI7gnFHDVbfkhAQGLD5JaTS1a8BGvNZy9Iv++kk57F5fIceC/dTLRUo8Z1iXol9JTsFllMayPG9J7DnrJxZl0oZ/YIILfhLHr8w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777965626; c=relaxed/simple; bh=lX3/cikTXdsSWmYhnFJIwfxPeUjb7oER4YyFpC9sMTg=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=SyymrhqgdhSfd+X1+/Tl2aZN6Pwv8SZxzOtU4aXD568aPvB7jD2eU6CeHXLescEq1RB4/CWFARWL7ERoPwtUeBjhLFao8lueyd3BBCXvGnTvAS3645RfoYpuFGaFZXZqvuNk/KJILbLo0UEWjBvK6kBsq1c1/x8rJ9PcIdxUhEw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=DnW2r4XU; arc=none smtp.client-ip=209.85.210.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="DnW2r4XU" Received: by mail-pf1-f179.google.com with SMTP id d2e1a72fcca58-834da62e52dso2344836b3a.3 for ; Tue, 05 May 2026 00:20:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777965624; x=1778570424; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Qwjbtkwr2FWhUlTbYPqxcC7rI+ouC/k6Ix4Q9N1Kqz8=; b=DnW2r4XUNE2mVbot61dbvBrf0XdqHa1YG+fsIrqUf5mEdHWwwilDYWzZAUlZLOy5Dp PmALLlnRN6lQN/O6v0GTHp6sODdqUGFTqlhbCUqhpaGXLj9mqHGEueOdSvAqi/yyHnCq KAEut3+y9gCmKqDBSReCNJl0NlZBkhl+52RrZeCO+vODDktuUutaL/XOfJS9Zscal3W5 04JLGS0vskTzgmvF6rHK+jQ9blMoPhb5j5Pn/F5k4JNWjT0m08L239/uiEsvc9nxGiz3 I9qkKlq8BNkhONPCpZUCqfYydcWOrJVljR61glvTzzd8i2GVccibX5aYDH6UZ5rDB4Uu T/vA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777965624; x=1778570424; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=Qwjbtkwr2FWhUlTbYPqxcC7rI+ouC/k6Ix4Q9N1Kqz8=; b=BufZNtgbIk7F4/0gfBDCQwLBSX4mBIvfBsTAuqtl6oiybWCwT6awbG/8PjN0sxv5Nf BG0y+E7YjdXYSFMrgdP5bJljxuQWwWVOt49Ct0hH/SeRPOcL+2e9Gj3g+WNnZjzA+Fa0 17ZuhTzkx1JfRl9TodsSileTWtZraJBZCOv07Q8k7BB/IK++3dPCg6jEwFpwkGrzGI2x YppkSKMfoqIJJqaFeZSLrplr12yQHmyt07DnQh8a0fynXE+HYmPMNkp+fLkAr9pM+2gP i/aemQY6KirpsU/KjpNqFLBdef7vPB6i4w/jDHzWkvY49+pfQ2BztFjYkEwIvA0WjlJW Dmyw== X-Forwarded-Encrypted: i=1; AFNElJ/tK6sr1+Myl3+UEx6S0ncibEaAOEFDrG2SRhiaYXh5698hjplYOBvhlARwulo4Hac2dFhIwOyKK2JWGok=@vger.kernel.org X-Gm-Message-State: AOJu0YwYFMW2V165GHrGBpBG8YFAyd8t9eXNYKYRk1BEtlfIEjGOAl5J 0uzbn5B2RiRYO6nCgZ2+/zIG01t4RizBRbSW9jMq/uZBKi9O1/nWPZtn X-Gm-Gg: AeBDiesPybeLdOks73gvpNSWrZdKoGChii7RA2JQNCbyHAnuy1l+2Qk97ecEktxOBHq bt2jpbZyCiGZq1B4XumwZVXk8ABSWz2Fth64ma2w9YJuEt1uahRnQgT8lI0ncrNmpkuzI8n20T3 TCItAwYbusItaYTmmW6wjHY287WBTiHfixuxj7S0hivXzqqVX5p6mKUcEMMxyhxfLxYjSzmYD/u saJrys2JFVS/SOGMXZY0bWJw9Za71IggtvTULZOtnAISWUz7oz1YKpr0J9HL2TPtOaR36dv3f0O KqukITtkCabfvU2z6tvRqeEsvane3XbaTA9UOHo0oqBf6R62oSd3wZp+n4HgAQmMAJT0R0czBuk g0SDx4RQcDlCmqcDi7KqWjP15SFRvi/YMZc3L17Nt4dkJ+oDI17w5YTcrlrPVtIpe4n52PqesyT vlrOWgGnXfg+M2XluFotaDt2SuaM0Aiy3hRsH1C6YGqV3tidD9vXaBwef/oCxYK6Vk5fJsgA== X-Received: by 2002:a05:6a00:2e17:b0:82f:5d4f:7355 with SMTP id d2e1a72fcca58-839242a6080mr2160599b3a.33.1777965623740; Tue, 05 May 2026 00:20:23 -0700 (PDT) Received: from csl-conti-dell7858.ntu.edu.sg ([155.69.195.57]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-839682a4bffsm1036227b3a.56.2026.05.05.00.20.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2026 00:20:23 -0700 (PDT) From: Maoyi Xie X-Google-Original-From: Maoyi Xie To: "David S . Miller" Cc: Jakub Kicinski , Paolo Abeni , Eric Dumazet , David Ahern , Alexey Kuznetsov , Willem de Bruijn , Willem de Bruijn , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: [PATCH net v7 1/2] ipv6: flowlabel: take ip6_fl_lock across mem_check and fl_intern Date: Tue, 5 May 2026 15:20:14 +0800 Message-Id: <20260505072015.1672730-2-maoyi.xie@ntu.edu.sg> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260505072015.1672730-1-maoyi.xie@ntu.edu.sg> References: <20260505072015.1672730-1-maoyi.xie@ntu.edu.sg> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" mem_check() in net/ipv6/ip6_flowlabel.c reads fl_size without holding ip6_fl_lock. fl_intern() takes the lock immediately afterwards. The two checks therefore race against concurrent fl_intern, ip6_fl_gc and ip6_fl_purge writers, which makes the mem_check budget check approximate. Move spin_lock_bh(&ip6_fl_lock) and the matching unlock from fl_intern() into its only caller ipv6_flowlabel_get(). The mem_check() call now runs under the same critical section as the fl_intern() insert, so the budget check is exact. With all writers and the read of fl_size under ip6_fl_lock, convert fl_size from atomic_t to plain int. The four sites that update or read fl_size are fl_intern (insert path), ip6_fl_gc (garbage collector, the !sched check and the per-entry decrement), ip6_fl_purge (per-netns purge), and mem_check (budget check), and all four now run under ip6_fl_lock. This is a prerequisite for adding a per-netns budget alongside fl_size. The follow-up patch adds netns_ipv6::flowlabel_count and folds it into mem_check(). Suggested-by: Willem de Bruijn Signed-off-by: Maoyi Xie Reviewed-by: Willem de Bruijn --- net/ipv6/ip6_flowlabel.c | 33 ++++++++++++++++++++------------- 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c index c92f98c6f..43b5e9ce9 100644 --- a/net/ipv6/ip6_flowlabel.c +++ b/net/ipv6/ip6_flowlabel.c @@ -40,7 +40,7 @@ #define FL_HASH_MASK 255 #define FL_HASH(l) (ntohl(l)&FL_HASH_MASK) =20 -static atomic_t fl_size =3D ATOMIC_INIT(0); +static int fl_size; static struct ip6_flowlabel __rcu *fl_ht[FL_HASH_MASK+1]; =20 static void ip6_fl_gc(struct timer_list *unused); @@ -163,7 +163,7 @@ static void ip6_fl_gc(struct timer_list *unused) if (time_after_eq(now, ttd)) { *flp =3D fl->next; fl_free(fl); - atomic_dec(&fl_size); + fl_size--; continue; } if (!sched || time_before(ttd, sched)) @@ -172,7 +172,7 @@ static void ip6_fl_gc(struct timer_list *unused) flp =3D &fl->next; } } - if (!sched && atomic_read(&fl_size)) + if (!sched && fl_size) sched =3D now + FL_MAX_LINGER; if (sched) { mod_timer(&ip6_fl_gc_timer, sched); @@ -196,7 +196,7 @@ static void __net_exit ip6_fl_purge(struct net *net) atomic_read(&fl->users) =3D=3D 0) { *flp =3D fl->next; fl_free(fl); - atomic_dec(&fl_size); + fl_size--; continue; } flp =3D &fl->next; @@ -205,6 +205,7 @@ static void __net_exit ip6_fl_purge(struct net *net) spin_unlock_bh(&ip6_fl_lock); } =20 +/* Caller must hold ip6_fl_lock. */ static struct ip6_flowlabel *fl_intern(struct net *net, struct ip6_flowlabel *fl, __be32 label) { @@ -212,8 +213,6 @@ static struct ip6_flowlabel *fl_intern(struct net *net, =20 fl->label =3D label & IPV6_FLOWLABEL_MASK; =20 - rcu_read_lock(); - spin_lock_bh(&ip6_fl_lock); if (label =3D=3D 0) { for (;;) { fl->label =3D htonl(get_random_u32())&IPV6_FLOWLABEL_MASK; @@ -235,8 +234,6 @@ static struct ip6_flowlabel *fl_intern(struct net *net, lfl =3D __fl_lookup(net, fl->label); if (lfl) { atomic_inc(&lfl->users); - spin_unlock_bh(&ip6_fl_lock); - rcu_read_unlock(); return lfl; } } @@ -244,9 +241,7 @@ static struct ip6_flowlabel *fl_intern(struct net *net, fl->lastuse =3D jiffies; fl->next =3D fl_ht[FL_HASH(fl->label)]; rcu_assign_pointer(fl_ht[FL_HASH(fl->label)], fl); - atomic_inc(&fl_size); - spin_unlock_bh(&ip6_fl_lock); - rcu_read_unlock(); + fl_size++; return NULL; } =20 @@ -464,10 +459,14 @@ fl_create(struct net *net, struct sock *sk, struct in= 6_flowlabel_req *freq, =20 static int mem_check(struct sock *sk) { - int room =3D FL_MAX_SIZE - atomic_read(&fl_size); + int room; struct ipv6_fl_socklist *sfl; int count =3D 0; =20 + lockdep_assert_held(&ip6_fl_lock); + + room =3D FL_MAX_SIZE - fl_size; + if (room > FL_MAX_SIZE - FL_MAX_PER_SOCK) return 0; =20 @@ -692,11 +691,19 @@ static int ipv6_flowlabel_get(struct sock *sk, struct= in6_flowlabel_req *freq, if (!sfl1) goto done; =20 + rcu_read_lock(); + spin_lock_bh(&ip6_fl_lock); err =3D mem_check(sk); + if (err =3D=3D 0) + fl1 =3D fl_intern(net, fl, freq->flr_label); + else + fl1 =3D NULL; + spin_unlock_bh(&ip6_fl_lock); + rcu_read_unlock(); + if (err !=3D 0) goto done; =20 - fl1 =3D fl_intern(net, fl, freq->flr_label); if (fl1) goto recheck; =20 base-commit: ebb639024ebd47a13a511cce6ae630c15e4b3126 --=20 2.34.1 From nobody Sun Jun 14 00:20:58 2026 Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8E1B73DC4C1 for ; Tue, 5 May 2026 07:20:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.174 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777965630; cv=none; b=UgosVKiqcrPMEv6gTsBKEfEwqqWu3T0m/vC+9bCIVOC6K0sDNRP2zUIG34cooT7eQ562K8RiXlLfvAeixqBVDm30BaAAyH9fWll28M6mBZqW+DLkYXm35dK0TgQlzd0G+JqO59KZ0Q2DaSh0p1cg6Y2GAEpC+eVMGk8lrAkDxHg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777965630; c=relaxed/simple; bh=CWPXKjsjnzf2MJSXTZixtgVN37D9acgZ3iGAC6v+QiQ=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=rqlDMOIcSlrUiXd68eVEapKPY7h6d7Km0BchbNGRPrP7Hx1votyc8HZPWxhu4yp7G7svF0LUqR/8/mKvmyf6DD/6xA35+cryqQ4JK7m+FAvBKuzAG68mPL4FqmSQvxL0ImHlgCsfRBOP5zsInjUnpuOWV4MJahIsWs/qyQbEhqY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=pvzcBau9; arc=none smtp.client-ip=209.85.210.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="pvzcBau9" Received: by mail-pf1-f174.google.com with SMTP id d2e1a72fcca58-8353c9f24d2so1518477b3a.3 for ; Tue, 05 May 2026 00:20:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777965627; x=1778570427; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=7yqj3j5E+sxGL3D0rj/RO5rzFrYw+YF42d/8r6R+oyY=; b=pvzcBau9NYr51G6D0Z7v2/CUW2wh53Fja+bcvZWWUOM+P+xpJWjSBcRL3lNb5MwC3l PgzwI3Vudijfme3xbecJVeixa2cW+JJpjKyaZEX4mJ3R24s9QSyieLJ2hOfN34MRgqnU xyre9GcspC0FG9Ml4wozmaWfM9exFykOZPcFUA6l93dpE2Eu4mGyc2eYF1sYvXDjg81B v0+c+EgcMvFZ4/89slGacydSWhZ/GuERtd59M8PxhWW5NhYrzUdVv/J76i4brHi+1yvZ 0B2TOrQ7Beo+95o7EVxVSCiPH7njv2LZ2r25vblJ4Rb+pZCAz8zOkSmozJq4fWZ+DVUW bXlw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777965627; x=1778570427; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=7yqj3j5E+sxGL3D0rj/RO5rzFrYw+YF42d/8r6R+oyY=; b=LYDqt8dPIApF5AgfuAaKbo/C+By9MDkS7B/BdRbLbpFaOBdGdLRne6LQNZZRrPo9ww 3bkNHjmuudAbzQkaCdfOi8InK61mQuhYua5oDWqStOTrRICVWsggrFqqJE77DHvcO0+M hc7FDoBxHnXAmor2VcW2hbiTP9CaEo1yVh28x7SvCGeTbmUfxzZiQciNj4tS0W9ap0NS uxzsgV0pM+AvCFa5X41ViDLsl+MfuGJSwYKgmEi6iiMCJgAB3Wh0BjJib2XMNQKLJfZG Q4C7JQwaqAOWH8ZPR1ZeVQPRCixonZtcXGHYjbAZw9+eGrBbEag0mKbyjjYzyxF5rfkM wM/Q== X-Forwarded-Encrypted: i=1; AFNElJ8IuY8pDQmGlR+1tV7AwaSjN2oOsH85akbuBJ/1sWF0lWDLndDjQ2wBRJin3LGUCoSj/K79KTDdRNT+XFo=@vger.kernel.org X-Gm-Message-State: AOJu0YylSS7cxkqMYD3tONX9rQ1C0rtWhrbGtv2xec0GssmH07bTCv0A hd9Jw8y3oRbu3+f32j6TcbyT408bz5NiAyR63e/+6ct+eblMT7THC6Yn X-Gm-Gg: AeBDievLETtTZZb4H3gZnhzt6hfEJXkHZ5HFa6dSGIn0OoCt+CN/NqWqvzu3sPOCem3 J91LhzyLbUDWpumkVH3APhjdiQdqlJqrw2QgX4rDFaRnnpySdT7+QWrVrhF9BsJP3us7xnA7XIL KQ28Uazh3+JeMxCMynv67Blm1yWm8XuE3kwxLrftPAgQ5uj//tOnEVjLLu8l409MXU0sLfhSn/3 sOZB6Xfa96NPwR25oK5R7k+fGWMhKGyf/nYqBNE1y0nmQRra7+FEDu5n3O519T26M6v0FVCvEWI qXm46kia8jmC7uy3TOnHNC0aPzjrMuKd3L9kOcAsmaQwZRcVJCPgafp7+ClgDV4wwu45RENjMtn jLWsIQtw2Kuc7HyxQ1wFmIQc6cjK5o0LIU/llQDQPiP+39oeUUkigi54SVxcL8YiG9nGxB/BMt0 HhrNl2vcZYNM4JcASJce3tbBQ8iG5BVFNE5lErdy6FP350nRGIxvUjeqBLEZs= X-Received: by 2002:aa7:88d2:0:b0:838:127d:a16e with SMTP id d2e1a72fcca58-839228cb3afmr1943221b3a.17.1777965626775; Tue, 05 May 2026 00:20:26 -0700 (PDT) Received: from csl-conti-dell7858.ntu.edu.sg ([155.69.195.57]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-839682a4bffsm1036227b3a.56.2026.05.05.00.20.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2026 00:20:26 -0700 (PDT) From: Maoyi Xie X-Google-Original-From: Maoyi Xie To: "David S . Miller" Cc: Jakub Kicinski , Paolo Abeni , Eric Dumazet , David Ahern , Alexey Kuznetsov , Willem de Bruijn , Willem de Bruijn , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: [PATCH net v7 2/2] ipv6: flowlabel: enforce per-netns limit for unprivileged callers Date: Tue, 5 May 2026 15:20:15 +0800 Message-Id: <20260505072015.1672730-3-maoyi.xie@ntu.edu.sg> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260505072015.1672730-1-maoyi.xie@ntu.edu.sg> References: <20260505072015.1672730-1-maoyi.xie@ntu.edu.sg> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" fl_size, fl_ht and ip6_fl_lock in net/ipv6/ip6_flowlabel.c are file scope and shared across netns. mem_check() reads fl_size to decide whether to deny non-CAP_NET_ADMIN callers. capable() runs against init_user_ns, so an unprivileged user in any non-init userns can push fl_size past FL_MAX_SIZE - FL_MAX_SIZE / 4 and starve every other unprivileged userns on the host. Add struct netns_ipv6::flowlabel_count, bumped and decremented next to fl_size in fl_intern, ip6_fl_gc and ip6_fl_purge. The new field fills the existing 4-byte hole after ipmr_seq, so struct netns_ipv6 stays the same size on 64-bit builds. Bump FL_MAX_SIZE from 4096 to 8192. It has been 4096 since the file was added. Machines and connection counts have grown. mem_check() folds an extra per-netns ceiling into the existing non-CAP_NET_ADMIN conditional. The ceiling is half of the total budget that unprivileged callers have ever been able to use, i.e. (FL_MAX_SIZE - FL_MAX_SIZE / 4) / 2 =3D 3072 entries. With FL_MAX_SIZE doubled, this preserves the original per-user reach of 3K (what an unprivileged caller could already obtain before this change), while forcing an attacker to spread allocations across at least two netns to exhaust the global non-CAP_NET_ADMIN budget. CAP_NET_ADMIN against init_user_ns still bypasses both caps. The previous patch took ip6_fl_lock across mem_check and fl_intern, so the new flowlabel_count read in mem_check and the new flowlabel_count++ in fl_intern run under the same critical section. flowlabel_count is therefore plain int, like fl_size. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Suggested-by: Willem de Bruijn Cc: stable@vger.kernel.org # v5.15+ Signed-off-by: Maoyi Xie Reviewed-by: Willem de Bruijn --- include/net/netns/ipv6.h | 1 + net/ipv6/ip6_flowlabel.c | 14 +++++++++++--- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/include/net/netns/ipv6.h b/include/net/netns/ipv6.h index 499e42881..875916d60 100644 --- a/include/net/netns/ipv6.h +++ b/include/net/netns/ipv6.h @@ -119,6 +119,7 @@ struct netns_ipv6 { struct fib_notifier_ops *notifier_ops; struct fib_notifier_ops *ip6mr_notifier_ops; atomic_t ipmr_seq; + int flowlabel_count; struct { struct hlist_head head; spinlock_t lock; diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c index 43b5e9ce9..e1b2460f9 100644 --- a/net/ipv6/ip6_flowlabel.c +++ b/net/ipv6/ip6_flowlabel.c @@ -36,7 +36,7 @@ /* FL hash table */ =20 #define FL_MAX_PER_SOCK 32 -#define FL_MAX_SIZE 4096 +#define FL_MAX_SIZE 8192 #define FL_HASH_MASK 255 #define FL_HASH(l) (ntohl(l)&FL_HASH_MASK) =20 @@ -162,8 +162,9 @@ static void ip6_fl_gc(struct timer_list *unused) ttd =3D fl->expires; if (time_after_eq(now, ttd)) { *flp =3D fl->next; - fl_free(fl); fl_size--; + fl->fl_net->ipv6.flowlabel_count--; + fl_free(fl); continue; } if (!sched || time_before(ttd, sched)) @@ -197,6 +198,7 @@ static void __net_exit ip6_fl_purge(struct net *net) *flp =3D fl->next; fl_free(fl); fl_size--; + net->ipv6.flowlabel_count--; continue; } flp =3D &fl->next; @@ -242,6 +244,7 @@ static struct ip6_flowlabel *fl_intern(struct net *net, fl->next =3D fl_ht[FL_HASH(fl->label)]; rcu_assign_pointer(fl_ht[FL_HASH(fl->label)], fl); fl_size++; + net->ipv6.flowlabel_count++; return NULL; } =20 @@ -459,6 +462,9 @@ fl_create(struct net *net, struct sock *sk, struct in6_= flowlabel_req *freq, =20 static int mem_check(struct sock *sk) { + const int unpriv_total_limit =3D FL_MAX_SIZE - (FL_MAX_SIZE / 4); + const int unpriv_user_limit =3D unpriv_total_limit / 2; + struct net *net =3D sock_net(sk); int room; struct ipv6_fl_socklist *sfl; int count =3D 0; @@ -477,7 +483,9 @@ static int mem_check(struct sock *sk) =20 if (room <=3D 0 || ((count >=3D FL_MAX_PER_SOCK || - (count > 0 && room < FL_MAX_SIZE/2) || room < FL_MAX_SIZE/4) && + (count > 0 && room < FL_MAX_SIZE / 2) || + room < FL_MAX_SIZE / 4 || + net->ipv6.flowlabel_count >=3D unpriv_user_limit) && !capable(CAP_NET_ADMIN))) return -ENOBUFS; =20 --=20 2.34.1