Merge branch 'l2tp-sk_user_data'

James Chapman says: ==================== l2tp: don't use the tunnel socket's sk_user_data in datapath This series refactors l2tp to not use the tunnel socket's sk_user_data in the datapath. The main reasons for doing this are * to allow for simplifying internal socket cleanup code (to be done in a later series) * to support multiple L2TPv3 UDP tunnels using the same 5-tuple address When handling received UDP frames, l2tp's current approach is to look up a session in a per-tunnel list. l2tp uses the tunnel socket's sk_user_data to derive the tunnel context from the receiving socket. But this results in the socket and tunnel lifetimes being very tightly coupled and the tunnel/socket cleanup paths being complicated. The latter has historically been a source of l2tp bugs and makes the code more difficult to maintain. Also, if sockets are aliased, we can't trust that the socket's sk_user_data references the right tunnel anyway. Hence the desire to not use sk_user_data in the datapath. The new approach is to lookup sessions in a per-net session list without first deriving the tunnel: * For L2TPv2, the l2tp header has separate tunnel ID and session ID fields which can be trivially combined to make a unique 32-bit key for per-net session lookup. * For L2TPv3, there is no tunnel ID in the packet header, only a session ID, which should be unique over all tunnels so can be used as a key for per-net session lookup. However, this only works when the L2TPv3 session ID really is unique over all tunnels. At least one L2TPv3 application is known to use the same session ID in different L2TPv3 UDP tunnels, relying on UDP address/ports to distinguish them. This worked previously because sessions in UDP tunnels were kept in a per-tunnel list. To retain support for this, L2TPv3 session ID collisions are managed using a separate per-net session hlist, keyed by ID and sk. When looking up a session by ID, if there's more than one match, sk is used to find the right one. L2TPv3 sessions in IP-encap tunnels are already looked up by session ID in a per-net list. This work has UDP sessions also use the per-net session list, while allowing for session ID collisions. The existing per-tunnel hlist becomes a plain list since it is used only in management and cleanup paths to walk a list of sessions in a given tunnel. For better performance, the per-net session lists use IDR. Separate IDRs are used for L2TPv2 and L2TPv3 sessions to avoid potential key collisions. These changes pass l2tp regression tests and improve data forwarding performance by about 10% in some of my test setups. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>

Merge branch 'l2tp-sk_user_data'
James Chapman says: ==================== l2tp: don't use the tunnel socket's sk_user_data in datapath This series refactors l2tp to not use the tunnel socket's sk_user_data in the datapath. The main reasons for doing this are * to allow for simplifying internal socket cleanup code (to be done in a later series) * to support multiple L2TPv3 UDP tunnels using the same 5-tuple address When handling received UDP frames, l2tp's current approach is to look up a session in a per-tunnel list. l2tp uses the tunnel socket's sk_user_data to derive the tunnel context from the receiving socket. But this results in the socket and tunnel lifetimes being very tightly coupled and the tunnel/socket cleanup paths being complicated. The latter has historically been a source of l2tp bugs and makes the code more difficult to maintain. Also, if sockets are aliased, we can't trust that the socket's sk_user_data references the right tunnel anyway. Hence the desire to not use sk_user_data in the datapath. The new approach is to lookup sessions in a per-net session list without first deriving the tunnel: * For L2TPv2, the l2tp header has separate tunnel ID and session ID fields which can be trivially combined to make a unique 32-bit key for per-net session lookup. * For L2TPv3, there is no tunnel ID in the packet header, only a session ID, which should be unique over all tunnels so can be used as a key for per-net session lookup. However, this only works when the L2TPv3 session ID really is unique over all tunnels. At least one L2TPv3 application is known to use the same session ID in different L2TPv3 UDP tunnels, relying on UDP address/ports to distinguish them. This worked previously because sessions in UDP tunnels were kept in a per-tunnel list. To retain support for this, L2TPv3 session ID collisions are managed using a separate per-net session hlist, keyed by ID and sk. When looking up a session by ID, if there's more than one match, sk is used to find the right one. L2TPv3 sessions in IP-encap tunnels are already looked up by session ID in a per-net list. This work has UDP sessions also use the per-net session list, while allowing for session ID collisions. The existing per-tunnel hlist becomes a plain list since it is used only in management and cleanup paths to walk a list of sessions in a given tunnel. For better performance, the per-net session lists use IDR. Separate IDRs are used for L2TPv2 and L2TPv3 sessions to avoid potential key collisions. These changes pass l2tp regression tests and improve data forwarding performance by about 10% in some of my test setups. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
4fce809e · David S. Miller · 39c46918 · d18d3f0a · 4fce809e · 4fce809e
Commit 4fce809e authored Jun 21, 2024 by David S. Miller
7 changed files
--- a/net/l2tp/l2tp_core.c
+++ b/net/l2tp/l2tp_core.c
--- a/net/l2tp/l2tp_core.h
+++ b/net/l2tp/l2tp_core.h
@@ -19,14 +19,6 @@
 #define L2TP_TUNNEL_MAGIC	0x42114DDA
 #define L2TP_SESSION_MAGIC	0x0C04EB7D

-/* Per tunnel session hash table size */
-#define L2TP_HASH_BITS	4
-#define L2TP_HASH_SIZE	BIT(L2TP_HASH_BITS)
-
-/* System-wide session hash table size */
-#define L2TP_HASH_BITS_2	8
-#define L2TP_HASH_SIZE_2	BIT(L2TP_HASH_BITS_2)
-
 struct sk_buff;

 struct l2tp_stats {
@@ -61,10 +53,15 @@ struct l2tp_session_cfg {
 	char			*ifname;
 };

+struct l2tp_session_coll_list {
+	spinlock_t lock;	/* for access to list */
+	struct list_head list;
+	refcount_t ref_count;
+};
+
 /* Represents a session (pseudowire) instance.
 * Tracks runtime state including cookies, dataplane packet sequencing, and IO statistics.
- * Is linked into a per-tunnel session hashlist; and in the case of an L2TPv3 session into
- * an additional per-net ("global") hashlist.
+ * Is linked into a per-tunnel session list and a per-net ("global") IDR tree.
 */
 #define L2TP_SESSION_NAME_MAX 32
 struct l2tp_session {
@@ -88,8 +85,12 @@ struct l2tp_session {
 	u32			nr_oos;		/* NR of last OOS packet */
 	int			nr_oos_count;	/* for OOS recovery */
 	int			nr_oos_count_max;
-	struct hlist_node	hlist;		/* hash list node */
+	struct list_head	list;		/* per-tunnel list node */
 	refcount_t		ref_count;
+	struct hlist_node	hlist;		/* per-net session hlist */
+	unsigned long		hlist_key;	/* key for session hlist */
+	struct l2tp_session_coll_list *coll_list; /* session collision list */
+	struct list_head	clist;		/* for coll_list */

 	char			name[L2TP_SESSION_NAME_MAX]; /* for logging */
 	char			ifname[IFNAMSIZ];
@@ -102,7 +103,6 @@ struct l2tp_session {
 	int			reorder_skip;	/* set if skip to next nr */
 	enum l2tp_pwtype	pwtype;
 	struct l2tp_stats	stats;
-	struct hlist_node	global_hlist;	/* global hash list node */

 	/* Session receive handler for data packets.
 	 * Each pseudowire implementation should implement this callback in order to
@@ -114,7 +114,7 @@ struct l2tp_session {
 	/* Session close handler.
 	 * Each pseudowire implementation may implement this callback in order to carry
 	 * out pseudowire-specific shutdown actions.
-	 * The callback is called by core after unhashing the session and purging its
+	 * The callback is called by core after unlisting the session and purging its
 	 * reorder queue.
 	 */
 	void (*session_close)(struct l2tp_session *session);
@@ -150,7 +150,7 @@ struct l2tp_tunnel_cfg {
 /* Represents a tunnel instance.
 * Tracks runtime state including IO statistics.
 * Holds the tunnel socket (either passed from userspace or directly created by the kernel).
- * Maintains a hashlist of sessions belonging to the tunnel instance.
+ * Maintains a list of sessions belonging to the tunnel instance.
 * Is linked into a per-net list of tunnels.
 */
 #define L2TP_TUNNEL_NAME_MAX 20
@@ -160,12 +160,11 @@ struct l2tp_tunnel {
 	unsigned long		dead;

 	struct rcu_head rcu;
-	spinlock_t		hlist_lock;	/* write-protection for session_hlist */
+	spinlock_t		list_lock;	/* write-protection for session_list */
 	bool			acpt_newsess;	/* indicates whether this tunnel accepts
-						 * new sessions. Protected by hlist_lock.
+						 * new sessions. Protected by list_lock.
 						 */
-	struct hlist_head	session_hlist[L2TP_HASH_SIZE];
-						/* hashed list of sessions, hashed by id */
+	struct list_head	session_list;	/* list of sessions */
 	u32			tunnel_id;
 	u32			peer_tunnel_id;
 	int			version;	/* 2=>L2TPv2, 3=>L2TPv3 */
@@ -174,7 +173,6 @@ struct l2tp_tunnel {
 	enum l2tp_encap_type	encap;
 	struct l2tp_stats	stats;

-	struct list_head	list;		/* list node on per-namespace list of tunnels */
 	struct net		*l2tp_net;	/* the net we belong to */

 	refcount_t		ref_count;
@@ -224,10 +222,11 @@ void l2tp_session_dec_refcount(struct l2tp_session *session);
 */
 struct l2tp_tunnel *l2tp_tunnel_get(const struct net *net, u32 tunnel_id);
 struct l2tp_tunnel *l2tp_tunnel_get_nth(const struct net *net, int nth);
-struct l2tp_session *l2tp_tunnel_get_session(struct l2tp_tunnel *tunnel,
-					     u32 session_id);

-struct l2tp_session *l2tp_session_get(const struct net *net, u32 session_id);
+struct l2tp_session *l2tp_v3_session_get(const struct net *net, struct sock *sk, u32 session_id);
+struct l2tp_session *l2tp_v2_session_get(const struct net *net, u16 tunnel_id, u16 session_id);
+struct l2tp_session *l2tp_session_get(const struct net *net, struct sock *sk, int pver,
+				      u32 tunnel_id, u32 session_id);
 struct l2tp_session *l2tp_session_get_nth(struct l2tp_tunnel *tunnel, int nth);
 struct l2tp_session *l2tp_session_get_by_ifname(const struct net *net,
 						const char *ifname);

--- a/net/l2tp/l2tp_debugfs.c
+++ b/net/l2tp/l2tp_debugfs.c
@@ -123,17 +123,14 @@ static void l2tp_dfs_seq_tunnel_show(struct seq_file *m, void *v)
 	struct l2tp_tunnel *tunnel = v;
 	struct l2tp_session *session;
 	int session_count = 0;
-	int hash;

 	rcu_read_lock_bh();
-	for (hash = 0; hash < L2TP_HASH_SIZE; hash++) {
-		hlist_for_each_entry_rcu(session, &tunnel->session_hlist[hash], hlist) {
-			/* Session ID of zero is a dummy/reserved value used by pppol2tp */
-			if (session->session_id == 0)
-				continue;
+	list_for_each_entry_rcu(session, &tunnel->session_list, list) {
+		/* Session ID of zero is a dummy/reserved value used by pppol2tp */
+		if (session->session_id == 0)
+			continue;

-			session_count++;
-		}
+		session_count++;
 	}
 	rcu_read_unlock_bh();


--- a/net/l2tp/l2tp_ip.c
+++ b/net/l2tp/l2tp_ip.c
@@ -140,7 +140,7 @@ static int l2tp_ip_recv(struct sk_buff *skb)
 	}

 	/* Ok, this is a data packet. Lookup the session. */
-	session = l2tp_session_get(net, session_id);
+	session = l2tp_v3_session_get(net, NULL, session_id);
 	if (!session)
 		goto discard;


--- a/net/l2tp/l2tp_ip6.c
+++ b/net/l2tp/l2tp_ip6.c
@@ -150,7 +150,7 @@ static int l2tp_ip6_recv(struct sk_buff *skb)
 	}

 	/* Ok, this is a data packet. Lookup the session. */
-	session = l2tp_session_get(net, session_id);
+	session = l2tp_v3_session_get(net, NULL, session_id);
 	if (!session)
 		goto discard;


--- a/net/l2tp/l2tp_netlink.c
+++ b/net/l2tp/l2tp_netlink.c
@@ -61,7 +61,8 @@ static struct l2tp_session *l2tp_nl_session_get(struct genl_info *info)
 		session_id = nla_get_u32(info->attrs[L2TP_ATTR_SESSION_ID]);
 		tunnel = l2tp_tunnel_get(net, tunnel_id);
 		if (tunnel) {
-			session = l2tp_tunnel_get_session(tunnel, session_id);
+			session = l2tp_session_get(net, tunnel->sock, tunnel->version,
+						   tunnel_id, session_id);
 			l2tp_tunnel_dec_refcount(tunnel);
 		}
 	}
@@ -635,7 +636,8 @@ static int l2tp_nl_cmd_session_create(struct sk_buff *skb, struct genl_info *inf
 							   &cfg);

 	if (ret >= 0) {
-		session = l2tp_tunnel_get_session(tunnel, session_id);
+		session = l2tp_session_get(net, tunnel->sock, tunnel->version,
+					   tunnel_id, session_id);
 		if (session) {
 			ret = l2tp_session_notify(&l2tp_nl_family, info, session,
 						  L2TP_CMD_SESSION_CREATE);

--- a/net/l2tp/l2tp_ppp.c
+++ b/net/l2tp/l2tp_ppp.c
@@ -753,7 +753,8 @@ static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr,
 	if (tunnel->peer_tunnel_id == 0)
 		tunnel->peer_tunnel_id = info.peer_tunnel_id;

-	session = l2tp_tunnel_get_session(tunnel, info.session_id);
+	session = l2tp_session_get(sock_net(sk), tunnel->sock, tunnel->version,
+				   info.tunnel_id, info.session_id);
 	if (session) {
 		drop_refcnt = true;

@@ -1045,7 +1046,8 @@ static int pppol2tp_tunnel_copy_stats(struct pppol2tp_ioc_stats *stats,
 	/* If session_id is set, search the corresponding session in the
 	 * context of this tunnel and record the session's statistics.
 	 */
-	session = l2tp_tunnel_get_session(tunnel, stats->session_id);
+	session = l2tp_session_get(tunnel->l2tp_net, tunnel->sock, tunnel->version,
+				   tunnel->tunnel_id, stats->session_id);
 	if (!session)
 		return -EBADR;