[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20230922072614.aT8vDgAy@linutronix.de>
Date: Fri, 22 Sep 2023 09:26:14 +0200
From: Sebastian Andrzej Siewior <bigeasy@...utronix.de>
To: Ferenc Fejes <primalgamer@...il.com>
Cc: Paolo Abeni <pabeni@...hat.com>, linux-kernel@...r.kernel.org,
netdev@...r.kernel.org, "David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
Thomas Gleixner <tglx@...utronix.de>,
Wander Lairson Costa <wander@...hat.com>
Subject: Re: [RFC PATCH net-next 1/2] net: Use SMP threads for backlog NAPI.
On 2023-09-21 12:41:33 [+0200], Ferenc Fejes wrote:
> Hi!
Hi,
> > If we could somehow define a DoS condition once we are overwhelmed
> > with
> > packets, then we could act on it and throttle it. This in turn would
> > allow a SCHED_FIFO priority without the fear of a lockup if the
> > system
> > is flooded with packets.
>
> Can this be avoided if we reuse gro_flush_timeout as the maximum time
> the NAPI thread can be scheduled?
First your run time needs to be accounted somehow. I observed that some
cards/ systems tend pull often a few packets on each interrupt and
others pull more packets at a time.
So probably packets in a time frame would make sense. Maybe even plus
packet size assuming larger packets require more processing time.
If you run at SCHED_OTHER you don't care, you can keep it running. With
SCHED_FIFO you would need to decide:
- how much is too much
- what to do once you reach too much
Once you reach too much you could:
- change the scheduling policy to SCHED_OTHER and keep going until it is
no longer "too much in a given period" so you can flip it back.
- stop processing for a period of time and risk packet loss which is
defined as better than to continue.
- pulling packets and dropping them instead of injecting into the stack.
Using xdp/ebpf might be easy since there is an API for that. One could
even peek at packets to decide if some can be kept.
This would rely on the fact that the system can do this quick enough
under a DoS condition.
>
> Ferenc
Sebastian
Powered by blists - more mailing lists