On Sun, 2015-12-13 at 12:43 -0800, Eric Dumazet wrote: > On Sun, 2015-12-13 at 20:20 +0000, Ben Hutchings wrote: > > On Sun, 2015-12-13 at 18:54 +0000, Luis Henriques wrote: > > > On Sat, Dec 12, 2015 at 04:18:26AM +0000, Ben Hutchings wrote: > > > > On Wed, 2015-12-09 at 09:36 +0000, Luis Henriques wrote: > > > > > 3.16.7-ckt21 -stable review patch.  If anyone has any objections, > > > > > please let me know. > > > > > > > > > > ------------------ > > > > > > > > > > From: Eric Dumazet > > > > > > > > > > commit 4ece9009774596ee3df0acba65a324b7ea79387c upstream. > > > > > > > > > > sit0 device allocates its percpu storage twice : > > > > > - One time in ipip6_tunnel_init() > > > > > - One time in ipip6_fb_tunnel_init() > > > > > > > > > > Thus we leak 48 bytes per possible cpu per network namespace > > > > > dismantle. > > > > > > > > > > ipip6_fb_tunnel_init() can be much simpler and does not > > > > > return an error, and should be called after register_netdev() > > > > [...] > > > > > > > > Doesn't this introduce a race condition when sit is a module?  There > > > > seems to be nothing to prevent access to the partially initialised > > > > device after calling register_netdev(), if sit_init_net() is called > > > > during module loading rather than during namespace creation. > > > > > > > > > > This seems to be an upstream issue, not specific to the 3.16.y-ckt > > > stable kernel.  If that is the case, I guess I'll just keep this patch > > > and later apply the fix.  Or do you think this race is really likely > > > to be a worst problem than then issue the patch is trying to fix? > > > > It seems worse than the problem being fixed. > > 1) Sorry Ben, I do not understand the problem you mention. >    What is a partially initialized device exactly ? A tunnel device which is registered but hasn't had its private structure fully initialised yet. > 2) I have no idea why this patch is even backported to 3.16, >  since it is fixing a problem added in 3.18 : > > # git describe --contains ebe084aafb7e > v3.18-rc5~22^2~42^2~1 > > If your 3.16 kernel survives this loop without consuming memory like > crazy, then the backport is not needed. > > modprobe sit > while : > do >  ip netns add ns1 >  ip netns delete ns1 > done I can't detect a memory leak when doing this. Ben. -- Ben Hutchings Life would be so much easier if we could look at the source code.