diff options
| author | Fan Du <fan.du@windriver.com> | 2013-11-07 04:47:50 -0500 |
|---|---|---|
| committer | Steffen Klassert <steffen.klassert@secunet.com> | 2013-12-06 00:45:06 -0500 |
| commit | 283bc9f35bbbcb0e9ab4e6d2427da7f9f710d52d (patch) | |
| tree | 8b580340bdc0d1f25f4a76dfc39c48760f3f307a /include | |
| parent | 8d549c4f5d92d80fc6f888fd314e10972ae0ec37 (diff) | |
xfrm: Namespacify xfrm state/policy locks
By semantics, xfrm layer is fully name space aware,
so will the locks, e.g. xfrm_state/pocliy_lock.
Ensure exclusive access into state/policy link list
for different name space with one global lock is not
right in terms of semantics aspect at first place,
as they are indeed mutually independent with each
other, but also more seriously causes scalability
problem.
One practical scenario is on a Open Network Stack,
more than hundreds of lxc tenants acts as routers
within one host, a global xfrm_state/policy_lock
becomes the bottleneck. But onces those locks are
decoupled in a per-namespace fashion, locks contend
is just with in specific name space scope, without
causing additional SPD/SAD access delay for other
name space.
Also this patch improve scalability while as without
changing original xfrm behavior.
Signed-off-by: Fan Du <fan.du@windriver.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'include')
| -rw-r--r-- | include/net/netns/xfrm.h | 4 | ||||
| -rw-r--r-- | include/net/xfrm.h | 11 |
2 files changed, 9 insertions, 6 deletions
diff --git a/include/net/netns/xfrm.h b/include/net/netns/xfrm.h index 5299e69a32af..ea28404e9d79 100644 --- a/include/net/netns/xfrm.h +++ b/include/net/netns/xfrm.h | |||
| @@ -59,6 +59,10 @@ struct netns_xfrm { | |||
| 59 | #if IS_ENABLED(CONFIG_IPV6) | 59 | #if IS_ENABLED(CONFIG_IPV6) |
| 60 | struct dst_ops xfrm6_dst_ops; | 60 | struct dst_ops xfrm6_dst_ops; |
| 61 | #endif | 61 | #endif |
| 62 | spinlock_t xfrm_state_lock; | ||
| 63 | spinlock_t xfrm_policy_sk_bundle_lock; | ||
| 64 | rwlock_t xfrm_policy_lock; | ||
| 65 | struct mutex xfrm_cfg_mutex; | ||
| 62 | }; | 66 | }; |
| 63 | 67 | ||
| 64 | #endif | 68 | #endif |
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 5b522c5f0188..59f5d0a6c7f8 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
| @@ -53,7 +53,6 @@ | |||
| 53 | #define XFRM_INC_STATS_USER(net, field) ((void)(net)) | 53 | #define XFRM_INC_STATS_USER(net, field) ((void)(net)) |
| 54 | #endif | 54 | #endif |
| 55 | 55 | ||
| 56 | extern struct mutex xfrm_cfg_mutex; | ||
| 57 | 56 | ||
| 58 | /* Organization of SPD aka "XFRM rules" | 57 | /* Organization of SPD aka "XFRM rules" |
| 59 | ------------------------------------ | 58 | ------------------------------------ |
| @@ -1409,7 +1408,7 @@ static inline void xfrm_sysctl_fini(struct net *net) | |||
| 1409 | void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto); | 1408 | void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto); |
| 1410 | int xfrm_state_walk(struct net *net, struct xfrm_state_walk *walk, | 1409 | int xfrm_state_walk(struct net *net, struct xfrm_state_walk *walk, |
| 1411 | int (*func)(struct xfrm_state *, int, void*), void *); | 1410 | int (*func)(struct xfrm_state *, int, void*), void *); |
| 1412 | void xfrm_state_walk_done(struct xfrm_state_walk *walk); | 1411 | void xfrm_state_walk_done(struct xfrm_state_walk *walk, struct net *net); |
| 1413 | struct xfrm_state *xfrm_state_alloc(struct net *net); | 1412 | struct xfrm_state *xfrm_state_alloc(struct net *net); |
| 1414 | struct xfrm_state *xfrm_state_find(const xfrm_address_t *daddr, | 1413 | struct xfrm_state *xfrm_state_find(const xfrm_address_t *daddr, |
| 1415 | const xfrm_address_t *saddr, | 1414 | const xfrm_address_t *saddr, |
| @@ -1436,12 +1435,12 @@ struct xfrm_state *xfrm_state_lookup_byaddr(struct net *net, u32 mark, | |||
| 1436 | unsigned short family); | 1435 | unsigned short family); |
| 1437 | #ifdef CONFIG_XFRM_SUB_POLICY | 1436 | #ifdef CONFIG_XFRM_SUB_POLICY |
| 1438 | int xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n, | 1437 | int xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n, |
| 1439 | unsigned short family); | 1438 | unsigned short family, struct net *net); |
| 1440 | int xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n, | 1439 | int xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n, |
| 1441 | unsigned short family); | 1440 | unsigned short family); |
| 1442 | #else | 1441 | #else |
| 1443 | static inline int xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, | 1442 | static inline int xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, |
| 1444 | int n, unsigned short family) | 1443 | int n, unsigned short family, struct net *net) |
| 1445 | { | 1444 | { |
| 1446 | return -ENOSYS; | 1445 | return -ENOSYS; |
| 1447 | } | 1446 | } |
| @@ -1553,7 +1552,7 @@ void xfrm_policy_walk_init(struct xfrm_policy_walk *walk, u8 type); | |||
| 1553 | int xfrm_policy_walk(struct net *net, struct xfrm_policy_walk *walk, | 1552 | int xfrm_policy_walk(struct net *net, struct xfrm_policy_walk *walk, |
| 1554 | int (*func)(struct xfrm_policy *, int, int, void*), | 1553 | int (*func)(struct xfrm_policy *, int, int, void*), |
| 1555 | void *); | 1554 | void *); |
| 1556 | void xfrm_policy_walk_done(struct xfrm_policy_walk *walk); | 1555 | void xfrm_policy_walk_done(struct xfrm_policy_walk *walk, struct net *net); |
| 1557 | int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl); | 1556 | int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl); |
| 1558 | struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u32 mark, | 1557 | struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u32 mark, |
| 1559 | u8 type, int dir, | 1558 | u8 type, int dir, |
| @@ -1576,7 +1575,7 @@ int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol); | |||
| 1576 | int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, | 1575 | int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, |
| 1577 | const struct xfrm_migrate *m, int num_bundles, | 1576 | const struct xfrm_migrate *m, int num_bundles, |
| 1578 | const struct xfrm_kmaddress *k); | 1577 | const struct xfrm_kmaddress *k); |
| 1579 | struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m); | 1578 | struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *net); |
| 1580 | struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x, | 1579 | struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x, |
| 1581 | struct xfrm_migrate *m); | 1580 | struct xfrm_migrate *m); |
| 1582 | int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, | 1581 | int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, |