From: Dust Li <dust.li@linux.alibaba.com>
To: "D. Wythe" <alibuda@linux.alibaba.com>,
kgraul@linux.ibm.com, wenjia@linux.ibm.com, jaka@linux.ibm.com,
wintera@linux.ibm.com, guwen@linux.alibaba.com
Cc: kuba@kernel.org, davem@davemloft.net, netdev@vger.kernel.org,
linux-s390@vger.kernel.org, linux-rdma@vger.kernel.org,
tonylu@linux.alibaba.com, pabeni@redhat.com, edumazet@google.com
Subject: Re: [PATCH net-next 0/3] Reduce locks scope of-smc_xxx_lgr_pending
Date: Thu, 14 Nov 2024 09:27:41 +0800 [thread overview]
Message-ID: <20241114012741.GD89669@linux.alibaba.com> (raw)
In-Reply-To: <20241113071405.67421-1-alibuda@linux.alibaba.com>
On 2024-11-13 15:14:02, D. Wythe wrote:
>This patch set attempts to optimize the parallelism of SMC-R connections by reducing
>locks scope of-smc_xxx_lgr_pending. This is a balance between large-scale refactoring
>and performance optimization, where this patch attempts to achieve performance optimization
>with as few changes as possible to minimize unexpected impacts.
I think one of the main benefits you missed here is isolating the lock across
different network namespaces when the RDMA device is exclusive. This
isolation is crucial when managing multiple containers, each with its
own RDMA device.
With the global smc_server_lgr_pending lock, if one container holds this
lock, all other containers must wait.
Worse still, a malicious client could exploit this by forcing the server
to create new link groups according to the SMC-R protocol. In other
words, an attacker could easily compel the server to continuously create
new link groups and hold the smc_server_lgr_pending lock, causing all
SMC connections targeting other containers on the same server to wait.
This scenario effectively constitutes a denial-of-service (DoS) attack.
>
>Although there are still many bottlenecks that affect the connection performance of SMC,
>This also has a certain performance improvement after this patches.
>
>Short-lived conenction wrk/nginx benchmark test:
>
>+--------------+--------+--------+--------+-------+-------+-------+-------+
>|conns/qps | c8 | c16 | c32 | c64 | c512 | c1024 | c2048 |
>+--------------+--------+--------+--------+-------+-------+-------+-------+
>|SMC-R before |10481.84|10761.04|10283.01|9006.88|9140.88|9255.41|7296.20|
^^^ after ?
>+--------------+--------+--------+--------+-------+-------+-------+-------+
>|SMC-R origin |7328.86 |7256.99 |7288.53 |7239.55|5787.56|5371.17|3065.74|
>+--------------+--------+--------+--------+-------+-------+-------+-------+
>
>D. Wythe (3):
> net/smc: refactoring lgr pending lock
> net/smc: reduce locks scope of smc_xxx_lgr_pending
> net/smc: Isolate the smc_xxx_lgr_pending with ib_device
>
> net/smc/af_smc.c | 36 +++++++++++++++++++-----------------
> net/smc/smc_core.c | 17 +++++++++++++++--
> net/smc/smc_core.h | 29 +++++++++++++++++++++++++++++
> net/smc/smc_ib.c | 2 ++
> net/smc/smc_ib.h | 2 ++
> 5 files changed, 67 insertions(+), 19 deletions(-)
>
>--
>2.45.0
>
prev parent reply other threads:[~2024-11-14 1:27 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-13 7:14 [PATCH net-next 0/3] Reduce locks scope of-smc_xxx_lgr_pending D. Wythe
2024-11-13 7:14 ` [PATCH net-next 1/3] net/smc: refactoring lgr pending lock D. Wythe
2024-11-14 1:40 ` Dust Li
2024-11-13 7:14 ` [PATCH net-next 2/3] net/smc: reduce locks scope of smc_xxx_lgr_pending D. Wythe
2024-11-13 7:14 ` [PATCH net-next 3/3] net/smc: Isolate the smc_xxx_lgr_pending with ib_device D. Wythe
2024-11-14 1:51 ` Dust Li
2024-11-14 1:27 ` Dust Li [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241114012741.GD89669@linux.alibaba.com \
--to=dust.li@linux.alibaba.com \
--cc=alibuda@linux.alibaba.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=guwen@linux.alibaba.com \
--cc=jaka@linux.ibm.com \
--cc=kgraul@linux.ibm.com \
--cc=kuba@kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=tonylu@linux.alibaba.com \
--cc=wenjia@linux.ibm.com \
--cc=wintera@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).