[PATCH v2 net-next 3/7] socket: Restore sock_create_kern().

Kuniyuki Iwashima kuni1840 at gmail.com
Wed Jun 4 11:36:43 PDT 2025


From: David Laight <david.laight.linux at gmail.com>
Date: Tue, 3 Jun 2025 22:30:20 +0100
> On Mon, 2 Jun 2025 07:08:17 +0200
> Christoph Hellwig <hch at lst.de> wrote:
> 
> > On Thu, May 29, 2025 at 07:53:41PM -0700, Kuniyuki Iwashima wrote:
> > > In the old days, sock_create_kern() did take a ref to netns,
> > > but an implicit change that avoids taking the ref has caused
> > > a lot of problems for people who used to the old semantics.
> 
> That must have been a long time ago.
> Was it even long after the namespace code was added?
> (I don't have a system with the git tree up at the moment)

2007: 1b8d7ae42d02 ("[NET]: Make socket creation namespace safe.")
2015: 26abe14379f8 ("net: Modify sk_alloc to not reference count the netns of kernel sockets.")

It's been long since the implicit change, but it's only _recently_ that
people started to notice the issue thanks?/due to k8s use cases, e.g.
fs mounted in netns (ef7134c7fc48, 1be52169c348 + b013b817f32f, etc).


> 
> > > 
> > > This series rather rolls back the change, so I think using
> > > the same name here is better than leaving the catchy
> > > sock_create_kern() error-prone.  
> > 
> > Ok.
> 
> Except that you are changing the semantics again.
> So you end up with the same problem the other way around.
> I can imagine code ending up with an extra reference to the ns.

I don't think so because it's rare case where we want to use
the no-refcnt version and it usually happens under net/ or
drivers/net.

Now we have SOCKET entry in MAINTAINERS so I can add sock_create
there so that we are always CCed to prevent such issues.


> 
> The obvious name a a function for general driver use would be
> kernel_socket() - matching the other functions that were added
> when set_fs(KERNEL_DS) was removed.

kernel_socket() doesn't fit here as kernel_XXX() takes struct
socket, not struct sock.


> 
> I definitely aim to end up where the existing code fails to
> compile - just to ensure all the code is found.

You can see the patch 2 renaming sock_create_kern() to __sock_create_kern()
does the job to find all users with the help of compilers.



More information about the Linux-nvme mailing list