diff options
| author | Fan Du <fan.du@windriver.com> | 2013-11-07 09:47:50 (GMT) |
|---|---|---|
| committer | Steffen Klassert <steffen.klassert@secunet.com> | 2013-12-06 05:45:06 (GMT) |
| commit | 283bc9f35bbbcb0e9ab4e6d2427da7f9f710d52d (patch) | |
| tree | 8b580340bdc0d1f25f4a76dfc39c48760f3f307a /include/net/netns | |
| parent | 8d549c4f5d92d80fc6f888fd314e10972ae0ec37 (diff) | |
| download | linux-283bc9f35bbbcb0e9ab4e6d2427da7f9f710d52d.tar.xz | |
xfrm: Namespacify xfrm state/policy locks
By semantics, xfrm layer is fully name space aware,
so will the locks, e.g. xfrm_state/pocliy_lock.
Ensure exclusive access into state/policy link list
for different name space with one global lock is not
right in terms of semantics aspect at first place,
as they are indeed mutually independent with each
other, but also more seriously causes scalability
problem.
One practical scenario is on a Open Network Stack,
more than hundreds of lxc tenants acts as routers
within one host, a global xfrm_state/policy_lock
becomes the bottleneck. But onces those locks are
decoupled in a per-namespace fashion, locks contend
is just with in specific name space scope, without
causing additional SPD/SAD access delay for other
name space.
Also this patch improve scalability while as without
changing original xfrm behavior.
Signed-off-by: Fan Du <fan.du@windriver.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'include/net/netns')
| -rw-r--r-- | include/net/netns/xfrm.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/include/net/netns/xfrm.h b/include/net/netns/xfrm.h index 5299e69..ea28404 100644 --- a/include/net/netns/xfrm.h +++ b/include/net/netns/xfrm.h @@ -59,6 +59,10 @@ struct netns_xfrm { #if IS_ENABLED(CONFIG_IPV6) struct dst_ops xfrm6_dst_ops; #endif + spinlock_t xfrm_state_lock; + spinlock_t xfrm_policy_sk_bundle_lock; + rwlock_t xfrm_policy_lock; + struct mutex xfrm_cfg_mutex; }; #endif |