From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Miller Subject: Re: [PATCH] net: don't unnecessarily load kernel modules in dev_ioctl() Date: Thu, 08 Mar 2018 13:11:15 -0500 (EST) Message-ID: <20180308.131115.611191617522587758.davem@davemloft.net> References: <20180306155920.7b6379ac@xeon-e3> <20180308.123440.2224695014753871221.davem@davemloft.net> Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, stephen-OTpzqLSitTUnbdJkjeBofR2eb7JE58TQ@public.gmane.org, linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org, selinux-+05T5uksL2qpZYMLLGbcSA@public.gmane.org To: eric.dumazet-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org Return-path: In-Reply-To: List-Post: List-Help: Errors-To: selinux-bounces-+05T5uksL2qpZYMLLGbcSA@public.gmane.org Sender: "Selinux" List-Id: netdev.vger.kernel.org From: Eric Dumazet Date: Thu, 8 Mar 2018 10:05:12 -0800 > Another problematic legacy behavior is the automatic creation of > fallback tunnels, which hurts netns creation/deletion. > > Some environments want to create a netns for every job/task, and they > do not care if the init netns has these tunnels or not. > > We have a local patch adding yet another knob to control this, since > it saves a lot of cpu cycles (about 10ms per netns create/delete pair > here) Yeah, understood. At small scale the current behavior maybe made sense, but these days it really doesn't. No objections to the knob if you want to submit it.