Re: net: cleanup_net is slow

2017-04-24 Thread Florian Westphal
Andrey Konovalov wrote: > On Fri, Apr 21, 2017 at 9:45 PM, Florian Westphal wrote: > > Florian Westphal wrote: > >> Indeed. Setting net.netfilter.nf_conntrack_default_on=0 cuts time > >> cleanup time by 2/3 ... > >> > >> nf unregister is

Re: net: cleanup_net is slow

2017-04-24 Thread Andrey Konovalov
On Fri, Apr 21, 2017 at 9:45 PM, Florian Westphal wrote: > Florian Westphal wrote: >> Indeed. Setting net.netfilter.nf_conntrack_default_on=0 cuts time >> cleanup time by 2/3 ... >> >> nf unregister is way too happy to issue synchronize_net(), I'll work on >> a

Re: net: cleanup_net is slow

2017-04-21 Thread Florian Westphal
Florian Westphal wrote: > Indeed. Setting net.netfilter.nf_conntrack_default_on=0 cuts time > cleanup time by 2/3 ... > > nf unregister is way too happy to issue synchronize_net(), I'll work on > a fix. I'll test this patch as a start. Maybe we can also leverage exit_batch

Re: net: cleanup_net is slow

2017-04-21 Thread Dmitry Vyukov
On Fri, Apr 21, 2017 at 7:57 PM, Eric Dumazet wrote: > On Fri, Apr 21, 2017 at 10:50 AM, Andrey Konovalov > wrote: >> Hi! >> >> We're investigating some approaches to improve isolation of syzkaller >> programs. One of the ideas is run each program in

Re: net: cleanup_net is slow

2017-04-21 Thread Florian Westphal
Eric Dumazet wrote: > On Fri, Apr 21, 2017 at 10:50 AM, Andrey Konovalov > wrote: > > Hi! > > > > We're investigating some approaches to improve isolation of syzkaller > > programs. One of the ideas is run each program in it's own user/net > >

Re: net: cleanup_net is slow

2017-04-21 Thread Eric Dumazet
On Fri, Apr 21, 2017 at 10:50 AM, Andrey Konovalov wrote: > Hi! > > We're investigating some approaches to improve isolation of syzkaller > programs. One of the ideas is run each program in it's own user/net > namespace. However, while I was experimenting with this, I