Pandora Sourcecodes - pandora-kernel.git/commit

author	Fan Du <fan.du@windriver.com>
	Thu, 7 Nov 2013 09:47:50 +0000 (17:47 +0800)
committer	Steffen Klassert <steffen.klassert@secunet.com>
	Fri, 6 Dec 2013 05:45:06 +0000 (06:45 +0100)
commit	283bc9f35bbbcb0e9ab4e6d2427da7f9f710d52d
tree	8b580340bdc0d1f25f4a76dfc39c48760f3f307a	tree \| snapshot
parent	8d549c4f5d92d80fc6f888fd314e10972ae0ec37	commit \| diff

xfrm: Namespacify xfrm state/policy locks

By semantics, xfrm layer is fully name space aware,
so will the locks, e.g. xfrm_state/pocliy_lock.
Ensure exclusive access into state/policy link list
for different name space with one global lock is not
right in terms of semantics aspect at first place,
as they are indeed mutually independent with each
other, but also more seriously causes scalability
problem.

One practical scenario is on a Open Network Stack,
more than hundreds of lxc tenants acts as routers
within one host, a global xfrm_state/policy_lock
becomes the bottleneck. But onces those locks are
decoupled in a per-namespace fashion, locks contend
is just with in specific name space scope, without
causing additional SPD/SAD access delay for other
name space.

Also this patch improve scalability while as without
changing original xfrm behavior.

Signed-off-by: Fan Du <fan.du@windriver.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

include/net/netns/xfrm.h		diff \| blob \| history
include/net/xfrm.h		diff \| blob \| history
net/key/af_key.c		diff \| blob \| history
net/xfrm/xfrm_policy.c		diff \| blob \| history
net/xfrm/xfrm_state.c		diff \| blob \| history
net/xfrm/xfrm_user.c		diff \| blob \| history