[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160309170921.GL2207@uranus.lan>
Date: Wed, 9 Mar 2016 20:09:21 +0300
From: Cyrill Gorcunov <gorcunov@...il.com>
To: Alexei Starovoitov <alexei.starovoitov@...il.com>
Cc: Eric Dumazet <eric.dumazet@...il.com>,
David Miller <davem@...emloft.net>, netdev@...r.kernel.org,
solar@...nwall.com, vvs@...tuozzo.com, avagin@...tuozzo.com,
xemul@...tuozzo.com, vdavydov@...tuozzo.com, khorenko@...tuozzo.com
Subject: Re: [RFC] net: ipv4 -- Introduce ifa limit per net
On Wed, Mar 09, 2016 at 08:58:52AM -0800, Alexei Starovoitov wrote:
...
>
> above line is an indication that you have:
> #if defined(CONFIG_DEBUG_PREEMPT) || defined(CONFIG_PREEMPT_TRACER)
> turning it off will speed up things significantly.
Look, this won't change the overall picture. For sure it will
speedup the kernel but it won't prevent the users from allowing
allocating addresses. So timings will drop a bit but the main
issue will remain -- there is no explicit way to limit this
resource. We can create say 1K of netnamespaces and allocate
100K addresses in each, then start destorying the namespaces
and node gonna be unreachable until everything is freed. The
kernel works as it shold simply in case of highload is stops
react due to big number of rtnl-locks taken.
Cyrill
Powered by blists - more mailing lists