From mboxrd@z Thu Jan  1 00:00:00 1970
From: davem@davemloft.net (David Miller)
Date: Thu, 08 Mar 2018 13:11:15 -0500 (EST)
Subject: [PATCH] net: don't unnecessarily load kernel modules in
	dev_ioctl()
In-Reply-To: <c2d378b6-80b3-d9e1-7087-95f143875067@gmail.com>
References: <20180306155920.7b6379ac@xeon-e3>
	<20180308.123440.2224695014753871221.davem@davemloft.net>
	<c2d378b6-80b3-d9e1-7087-95f143875067@gmail.com>
Message-ID: <20180308.131115.611191617522587758.davem@davemloft.net>
To: linux-security-module@vger.kernel.org
List-Id: linux-security-module.vger.kernel.org

From: Eric Dumazet <eric.dumazet@gmail.com>
Date: Thu, 8 Mar 2018 10:05:12 -0800

> Another problematic legacy behavior is the automatic creation of
> fallback tunnels, which hurts netns creation/deletion.
> 
> Some environments want to create a netns for every job/task, and they
> do not care if the init netns has these tunnels or not.
> 
> We have a local patch adding yet another knob to control this, since
> it saves a lot of cpu cycles (about 10ms per netns create/delete pair
> here)

Yeah, understood.  At small scale the current behavior maybe made
sense, but these days it really doesn't.

No objections to the knob if you want to submit it.
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html