Re: [PATCH net v6] ipv6: flowlabel: enforce per-netns limit for unprivileged callers

Next message: Mauro Carvalho Chehab: "Re: [PATCH 2/9] docs: escape ** glob pattern in MAINTAINERS descriptions"
Previous message: Anirudh Rayabharam (Microsoft): "[PATCH v2] mshv: support 1G hugepages by passing them as 2M-aligned chunks"
In reply to: Willem de Bruijn: "Re: [PATCH net v6] ipv6: flowlabel: enforce per-netns limit for unprivileged callers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Maoyi Xie

Date: Tue May 05 2026 - 01:59:31 EST

Thanks for the review.

I will take the prep patch. The series becomes 2 patches.

1/2 ipv6: flowlabel: take ip6_fl_lock across mem_check and
fl_intern, convert fl_size to int
2/2 ipv6: flowlabel: enforce per-netns limit for unprivileged
callers (this v6, rebased on 1/2)

For 1/2 I plan to:

- Move spin_lock_bh(&ip6_fl_lock) and the matching unlock from
fl_intern() into its only caller ipv6_flowlabel_get(), so the
mem_check() call runs under the same lock.
- Convert fl_size from atomic_t to int. The remaining readers
are ip6_flowlabel_seq_show() and ip6_flowlabel_proc_init().
Both already run under ip6_fl_lock or read only at init.
- The atomic_inc and atomic_dec on fl_size in fl_intern,
ip6_fl_gc and ip6_fl_purge become plain ++ and --. All three
sites already run under ip6_fl_lock.

For 2/2 I will also:

- Move fl_free() in ip6_fl_gc() back below the fl_size and
flowlabel_count decrements. You noted only the ip6_fl_purge()
reorder was unnecessary. With 1/2 in place, both decrements
become plain --, so the concern goes away.
- Fix the spaces around the / operator that checkpatch flagged.

I will send v7 shortly.

Maoyi
Nanyang Technological University
https://maoyixie.com/