[PATCH 4/4] net-next: frags: dynamic timeout under load

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Calculate a dynamic fragment reassembly timeout, taking into
consideration the current fqdir load and the load introduced by
the peer. Reintroduce low_thresh, which now acts as a knob for
adjusting per-peer memory limits.

Signed-off-by: Richard Gobert <richardbgobert@xxxxxxxxx>
---
 Documentation/networking/ip-sysctl.rst |  3 +++
 include/net/inet_frag.h                |  1 +
 net/ipv4/inet_fragment.c               | 30 +++++++++++++++++++++++++-
 net/ipv4/ip_fragment.c                 |  2 +-
 4 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/Documentation/networking/ip-sysctl.rst b/Documentation/networking/ip-sysctl.rst
index 56cd4ea059b2..fb25aa6e22a2 100644
--- a/Documentation/networking/ip-sysctl.rst
+++ b/Documentation/networking/ip-sysctl.rst
@@ -247,6 +247,9 @@ ipfrag_low_thresh - LONG INTEGER
 	begins to remove incomplete fragment queues to free up resources.
 	The kernel still accepts new fragments for defragmentation.
 
+	(Since linux-6.1)
+	Maximum memory used to reassemble IP fragments sent by a single peer.
+
 ipfrag_time - INTEGER
 	Time in seconds to keep an IP fragment in memory.
 
diff --git a/include/net/inet_frag.h b/include/net/inet_frag.h
index 077a0ec78a58..595a6db57a0e 100644
--- a/include/net/inet_frag.h
+++ b/include/net/inet_frag.h
@@ -99,6 +99,7 @@ struct inet_frag_queue {
 	u16			max_size;
 	struct fqdir		*fqdir;
 	struct inet_peer	*peer;
+	u64			timeout;
 	struct rcu_head		rcu;
 };
 
diff --git a/net/ipv4/inet_fragment.c b/net/ipv4/inet_fragment.c
index 8b8d77d548d4..34c5ebba4951 100644
--- a/net/ipv4/inet_fragment.c
+++ b/net/ipv4/inet_fragment.c
@@ -314,6 +314,30 @@ void inet_frag_free(struct inet_frag_queue *q)
 	call_rcu(&q->rcu, inet_frag_destroy_rcu);
 }
 
+static int inet_frag_update_timeout(struct inet_frag_queue *q)
+{
+	u64 peer_timeout, inet_timeout;
+	long peer_mem, inet_mem;
+	long high_thresh = READ_ONCE(q->fqdir->high_thresh);
+	long low_thresh  = READ_ONCE(q->fqdir->low_thresh);
+	u64 base_timeout = READ_ONCE(q->fqdir->timeout);
+
+	peer_mem = low_thresh - peer_mem_limit(q);
+	inet_mem = high_thresh - frag_mem_limit(q->fqdir);
+
+	if (peer_mem <= 0 || inet_mem <= 0)
+		return -ENOMEM;
+
+	/* Timeout changes linearly with respect to the amount of free memory.
+	 * Choose the more permissive of the two timeouts, to avoid limiting
+	 * the system while there is still enough memory.
+	 */
+	peer_timeout = div64_long(base_timeout * peer_mem, low_thresh);
+	inet_timeout = div64_long(base_timeout * inet_mem, high_thresh);
+	q->timeout = max_t(u64, peer_timeout, inet_timeout);
+	return 0;
+}
+
 void inet_frag_destroy(struct inet_frag_queue *q)
 {
 	struct fqdir *fqdir;
@@ -346,6 +370,10 @@ static struct inet_frag_queue *inet_frag_alloc(struct fqdir *fqdir,
 
 	q->fqdir = fqdir;
 	f->constructor(q, arg);
+	if (inet_frag_update_timeout(q)) {
+		inet_frag_free(q);
+		return NULL;
+	}
 	add_frag_mem_limit(q, f->qsize);
 
 	timer_setup(&q->timer, f->frag_expire, 0);
@@ -367,7 +395,7 @@ static struct inet_frag_queue *inet_frag_create(struct fqdir *fqdir,
 		*prev = ERR_PTR(-ENOMEM);
 		return NULL;
 	}
-	mod_timer(&q->timer, jiffies + fqdir->timeout);
+	mod_timer(&q->timer, jiffies + q->timeout);
 
 	*prev = rhashtable_lookup_get_insert_key(&fqdir->rhashtable, &q->key,
 						 &q->node, f->rhash_params);
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index e35061f6aadb..88a99242d721 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -236,7 +236,7 @@ static int ip_frag_reinit(struct ipq *qp)
 {
 	unsigned int sum_truesize = 0;
 
-	if (!mod_timer(&qp->q.timer, jiffies + qp->q.fqdir->timeout)) {
+	if (!mod_timer(&qp->q.timer, jiffies + qp->q.timeout)) {
 		refcount_inc(&qp->q.refcnt);
 		return -ETIMEDOUT;
 	}
-- 
2.36.1




[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux