• F
    xfrm: Namespacify xfrm state/policy locks · 283bc9f3
    Fan Du 提交于
    By semantics, xfrm layer is fully name space aware,
    so will the locks, e.g. xfrm_state/pocliy_lock.
    Ensure exclusive access into state/policy link list
    for different name space with one global lock is not
    right in terms of semantics aspect at first place,
    as they are indeed mutually independent with each
    other, but also more seriously causes scalability
    problem.
    
    One practical scenario is on a Open Network Stack,
    more than hundreds of lxc tenants acts as routers
    within one host, a global xfrm_state/policy_lock
    becomes the bottleneck. But onces those locks are
    decoupled in a per-namespace fashion, locks contend
    is just with in specific name space scope, without
    causing additional SPD/SAD access delay for other
    name space.
    
    Also this patch improve scalability while as without
    changing original xfrm behavior.
    Signed-off-by: NFan Du <fan.du@windriver.com>
    Signed-off-by: NSteffen Klassert <steffen.klassert@secunet.com>
    283bc9f3
af_key.c 101.0 KB