From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.3 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8BE94C3A5A1 for ; Thu, 22 Aug 2019 13:09:46 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 5CB8F21726 for ; Thu, 22 Aug 2019 13:09:46 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=kroah.com header.i=@kroah.com header.b="ptOi7tqr"; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="uCZsMSY5" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730919AbfHVNJp (ORCPT ); Thu, 22 Aug 2019 09:09:45 -0400 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:56159 "EHLO out2-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731205AbfHVNJp (ORCPT ); Thu, 22 Aug 2019 09:09:45 -0400 Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 0403C2012F; Thu, 22 Aug 2019 09:09:44 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute6.internal (MEProxy); Thu, 22 Aug 2019 09:09:44 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kroah.com; h= date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=fm1; bh=ABWs19ACjqr2jGSfb/bYO8WtT2S Manh6xOhvmZdjegU=; b=ptOi7tqrIhbpnMUub/rTLLdvN7m/hDuusG42sXsNDNN YjUEBzEtJNDPlVSgPh6hp+/g3c8pEefFz6ZpGfN3g08NWWZxEWCqunKjMbVA6hbp 1hb9MpDwzJMnwX3+h5jAVRWXK5ZmO5pBFpblORlzDKYFtSSYrorYU5RKYC64bVTG DEiX6NnWfsnbCxMqq99atrjqDh5fHxffd/ureZcKYQoNfNeuogiwKZuT+jE2L8T6 dhnCv/ZEJJQH+YD/WsUxywBcsnAtxjYDewewJ2fOxqPPwOCgq+eDjHmVE++0f8dv igKY/J9pmeZcWObJjc9GxEHZ2/m3g/Jcvj0XhdF6Jtg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=ABWs19 ACjqr2jGSfb/bYO8WtT2SManh6xOhvmZdjegU=; b=uCZsMSY58FlVWLwG0gFVgV 9Rdjr+6Q5NQFWfTmpvlF8PD/GNo/Oejb5b0gBRUsGNYyzJLOdL01GdEBiE0KHvE3 QOsEI150vo91yYqOo2Tv+eWm6xL+HUkDPTvd3QVjBhL/ICKEMW9ELXkn8BLwNM/T 5lBPW+WiW0E32bYTeP+fCSq8oqznf1yOqjAYvHlaH6M+BgzghEV38hXDusCD7qa0 OiPLLjvppZ1A1Z/oDxMTz29EtfX4A5IKURIqdETZaDuAm8mMZdZcKD0cE37tBs9D 8MtHu0H1QKSxkS6OHXBRDp1adMyvNP2BwvQGAvNeVxNebeD0VflsjH/eYAv+e95A == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduvddrudegiedgudekucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvffukfhfgggtuggjfgesthdtredttdervdenucfhrhhomhepifhrvghg ucfmjfcuoehgrhgvgheskhhrohgrhhdrtghomheqnecukfhppeduvddrudeiiedrudejge drheenucfrrghrrghmpehmrghilhhfrhhomhepghhrvghgsehkrhhorghhrdgtohhmnecu vehluhhsthgvrhfuihiivgeptd X-ME-Proxy: Received: from localhost (unknown [12.166.174.5]) by mail.messagingengine.com (Postfix) with ESMTPA id 076058006F; Thu, 22 Aug 2019 09:09:42 -0400 (EDT) Date: Thu, 22 Aug 2019 06:09:41 -0700 From: Greg KH To: Florian Westphal Cc: stable@vger.kernel.org, vakul.garg@nxp.com, netdev@vger.kernel.org, Kristian Evensen , Steffen Klassert Subject: Re: [PATCH 4.14.y stable] xfrm: policy: remove pcpu policy cache Message-ID: <20190822130941.GA15754@kroah.com> References: <20190822112109.13269-1-fw@strlen.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190822112109.13269-1-fw@strlen.de> User-Agent: Mutt/1.12.1 (2019-06-15) Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org On Thu, Aug 22, 2019 at 01:21:09PM +0200, Florian Westphal wrote: > commit e4db5b61c572475bbbcf63e3c8a2606bfccf2c9d upstream. > > Kristian Evensen says: > In a project I am involved in, we are running ipsec (Strongswan) on > different mt7621-based routers. Each router is configured as an > initiator and has around ~30 tunnels to different responders (running > on misc. devices). Before the flow cache was removed (kernel 4.9), we > got a combined throughput of around 70Mbit/s for all tunnels on one > router. However, we recently switched to kernel 4.14 (4.14.48), and > the total throughput is somewhere around 57Mbit/s (best-case). I.e., a > drop of around 20%. Reverting the flow cache removal restores, as > expected, performance levels to that of kernel 4.9. > > When pcpu xdst exists, it has to be validated first before it can be > used. > > A negative hit thus increases cost vs. no-cache. > > As number of tunnels increases, hit rate decreases so this pcpu caching > isn't a viable strategy. > > Furthermore, the xdst cache also needs to run with BH off, so when > removing this the bh disable/enable pairs can be removed too. > > Kristian tested a 4.14.y backport of this change and reported > increased performance: > > In our tests, the throughput reduction has been reduced from around -20% > to -5%. We also see that the overall throughput is independent of the > number of tunnels, while before the throughput was reduced as the number > of tunnels increased. > > Reported-by: Kristian Evensen > Signed-off-by: Florian Westphal > Signed-off-by: Steffen Klassert > --- > Vakul Garg reports traffic going via ipsec tunnels will cause the kernel > to spin in an infinite loop due to xfrm policy reference count > overflowing and becoming 0. > The refcount leak is in the pcpu cache. Instead of fixing this, just > remove the pcpu cache -- its not present in any other stable release. > Vakul reported that this patch fixes the problem. > > There are no major deviations from the upstream revert; conflicts > were only due to context. Now queued up, does 4.9.y also need this? thanks, greg k-h