wireguard: device: reset peer src endpoint when netns exits
Each peer's endpoint contains a dst_cache entry that takes a reference to another netdev. When the containing namespace exits, we take down the socket and prevent future sockets from being created (by setting creating_net to NULL), which removes that potential reference on the netns. However, it doesn't release references to the netns that a netdev cached in dst_cache might be taking, so the netns still might fail to exit. Since the socket is gimped anyway, we can simply clear all the dst_caches (by way of clearing the endpoint src), which will release all references. However, the current dst_cache_reset function only releases those references lazily. But it turns out that all of our usages of wg_socket_clear_peer_endpoint_src are called from contexts that are not exactly high-speed or bottle-necked. For example, when there's connection difficulty, or when userspace is reconfiguring the interface. And in particular for this patch, when the netns...
Showing
- drivers/net/wireguard/device.c 3 additions, 0 deletionsdrivers/net/wireguard/device.c
- drivers/net/wireguard/socket.c 1 addition, 1 deletiondrivers/net/wireguard/socket.c
- include/net/dst_cache.h 11 additions, 0 deletionsinclude/net/dst_cache.h
- net/core/dst_cache.c 19 additions, 0 deletionsnet/core/dst_cache.c
- tools/testing/selftests/wireguard/netns.sh 23 additions, 1 deletiontools/testing/selftests/wireguard/netns.sh
Please register or sign in to comment