Andrey, please review. -- Best regards,
Konstantin Khorenko, Virtuozzo Linux Kernel Team On 05/28/2015 05:43 PM, Vladimir Davydov wrote: > This patch ports the code accounting netfilter/x_tables to ub > (UB_NUMXTENT) from RH6. > > Related to https://jira.sw.ru/browse/PSBM-20089 > > Signed-off-by: Vladimir Davydov <[email protected]> > --- > include/linux/netfilter/x_tables.h | 4 ++++ > net/netfilter/x_tables.c | 48 > ++++++++++++++++++++++++++++++++++++++ > 2 files changed, 52 insertions(+) > > diff --git a/include/linux/netfilter/x_tables.h > b/include/linux/netfilter/x_tables.h > index 43c5f8d26880..22ee9b961ed9 100644 > --- a/include/linux/netfilter/x_tables.h > +++ b/include/linux/netfilter/x_tables.h > @@ -215,6 +215,10 @@ struct xt_table_info { > unsigned int hook_entry[NF_INET_NUMHOOKS]; > unsigned int underflow[NF_INET_NUMHOOKS]; > > +#ifdef CONFIG_BEANCOUNTERS > + struct user_beancounter *ub; > +#endif > + > /* > * Number of user chains. Since tables cannot have loops, at most > * @stacksize jumps (number of user chains) can possibly be made. > diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c > index 919976f89644..3fa408656f17 100644 > --- a/net/netfilter/x_tables.c > +++ b/net/netfilter/x_tables.c > @@ -67,6 +67,43 @@ static const char *const xt_prefix[NFPROTO_NUMPROTO] = { > [NFPROTO_IPV6] = "ip6", > }; > > +#ifdef CONFIG_BEANCOUNTERS > +static void uncharge_xtables(struct xt_table_info *info, unsigned long size) > +{ > + uncharge_beancounter(info->ub, UB_NUMXTENT, size); > +} > + > +static int recharge_xtables(struct xt_table_info *new, struct xt_table_info > *old) > +{ > + struct user_beancounter *ub, *old_ub; > + long change; > + > + ub = new->ub; > + old_ub = old->number ? old->ub : ub; > + change = (long)new->number - (long)old->number; > + if (old_ub != ub) { > + printk(KERN_WARNING "iptables resources are charged" > + " from different UB (%s -> %s)\n", > + old_ub->ub_name, ub->ub_name); > + change = new->number; > + } > + > + if (change > 0) { > + if (charge_beancounter(ub, UB_NUMXTENT, change, UB_SOFT)) > + return -ENOMEM; > + } else if (change < 0) > + uncharge_beancounter(ub, UB_NUMXTENT, -change); > + > + if (old_ub != ub) > + uncharge_beancounter(old_ub, UB_NUMXTENT, old->number); > + > + return 0; > +} > +#else > +#define recharge_xtables(c, new, old) (0) > +#define uncharge_xtables(info, s) do { } while (0) > +#endif /* CONFIG_BEANCOUNTERS */ > + > /* Allow this many total (re)entries. */ > static const unsigned int xt_jumpstack_multiplier = 2; > > @@ -732,6 +769,8 @@ struct xt_table_info *xt_alloc_table_info(unsigned int > size) > } > } > > + newinfo->ub = get_beancounter(get_exec_ub()); > + > return newinfo; > } > EXPORT_SYMBOL(xt_alloc_table_info); > @@ -764,6 +803,8 @@ void xt_free_table_info(struct xt_table_info *info) > > free_percpu(info->stackptr); > > + put_beancounter(info->ub); > + > kfree(info); > } > EXPORT_SYMBOL(xt_free_table_info); > @@ -874,6 +915,12 @@ xt_replace_table(struct xt_table *table, > return NULL; > } > > + if (recharge_xtables(newinfo, private)) { > + local_bh_enable(); > + *error = -ENOMEM; > + return NULL; > + } > + > newinfo->initial_entries = private->initial_entries; > /* > * Ensure contents of newinfo are visible before assigning to > @@ -971,6 +1018,7 @@ void *xt_unregister_table(struct xt_table *table) > list_del(&table->list); > mutex_unlock(&xt[table->af].mutex); > kfree(table); > + uncharge_xtables(private, private->number); > > return private; > } > _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
