Eric W. Biederman wrote: > Pavel Emelyanov <xemul@xxxxxxxxxx> writes: > >> I remember that I promised to prepare the wait-extending patch. But I >> haven't manage to find time for this, sorry :( In a month or two I will >> finish one time-hungry task and hopefully be able to do it. >> >> As far as this particular patch is concerned. >> >> All the virtual devices we have now in namespaces (vlan and tunnels) >> kill themselves *before* this code is called. But even if we try to >> move this destruction from modules to here, we'll be in a tricky >> situation, when the e.g. ipip module has already kfree-d the net_ipip >> structure, while none of ipip devices are released yet. >> >> If we try to look in the future - if we ever have a virtual device >> driver, that will be able to create its devices in namespace, we'll >> have to destroy all these devices *before* (or inside) this driver's >> net->exit callback is called, but this patch dies the ->dellink call >> at the very end, i.e. *after* any potential ->exit callback. >> >> Eric - did you see any device, that was ->dellink-ed by this patch? > > macvlan, veth, and dummy interfaces. Basically > everything I use this deletes the virtual interfaces, instead > of sending them back to the initial network namespace. OK, then. Acked-by: Pavel Emelyanov <xemul@xxxxxxxxxx> >>From the looks of the code vlans are also be handled. > > Things like tun/tap and ipip are handled in the exit methods and I > have no problem with that, although I do wonder if we are handling > moving or refusing to move them between namespaces properly. > > For devices that don't need a dedicated virtual interface in > every network namespace this certainly looks like the easiest > way to handle them, as the driver doesn't need to a thing > about network namespaces and the right thing just happens. > > Eric > _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers