From owner-svn-src-all@FreeBSD.ORG Thu Jan 8 00:50:26 2015 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 57835602; Thu, 8 Jan 2015 00:50:26 +0000 (UTC) Received: from mx1.sbone.de (mx1.sbone.de [IPv6:2a01:4f8:130:3ffc::401:25]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mx1.sbone.de", Issuer "SBone.DE" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id DBC21A49; Thu, 8 Jan 2015 00:50:25 +0000 (UTC) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id 6812B25D37C7; Thu, 8 Jan 2015 00:50:21 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id 8E070C76FD9; Thu, 8 Jan 2015 00:50:20 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id hQCGhKv7oDMk; Thu, 8 Jan 2015 00:50:18 +0000 (UTC) Received: from [IPv6:fde9:577b:c1a9:4410:49fb:45e3:fe1f:48d4] (unknown [IPv6:fde9:577b:c1a9:4410:49fb:45e3:fe1f:48d4]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id B68A3C76FD6; Thu, 8 Jan 2015 00:50:17 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\)) Subject: Re: svn commit: r276747 - head/sys/netpfil/pf From: "Bjoern A. Zeeb" In-Reply-To: <20150108003146.GL15484@FreeBSD.org> Date: Thu, 8 Jan 2015 00:49:45 +0000 Content-Transfer-Encoding: quoted-printable Message-Id: <63857483-2879-4620-87EF-FE76197AB99B@lists.zabbadoz.net> References: <201501060903.t06934qp081875@svn.freebsd.org> <20150107204631.GG15484@FreeBSD.org> <20150108003146.GL15484@FreeBSD.org> To: Gleb Smirnoff X-Mailer: Apple Mail (2.1993) Cc: Craig Rodrigues , svn-src-head@freebsd.org, svn-src-all@freebsd.org, Nikos Vassiliadis , src-committers@freebsd.org X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Jan 2015 00:50:26 -0000 > On 08 Jan 2015, at 00:31 , Gleb Smirnoff wrote: >=20 > On Thu, Jan 08, 2015 at 12:21:57AM +0000, Bjoern A. Zeeb wrote: > B>=20 > B> > On 07 Jan 2015, at 20:46 , Gleb Smirnoff = wrote: > B> >=20 > B> > On Tue, Jan 06, 2015 at 09:03:04AM +0000, Craig Rodrigues wrote: > B> > C> Author: rodrigc > B> > C> Date: Tue Jan 6 09:03:03 2015 > B> > C> New Revision: 276747 > B> > C> URL: https://svnweb.freebsd.org/changeset/base/276747 > B> > C>=20 > B> > C> Log: > B> > C> Instead of creating a purge thread for every vnet, create > B> > C> a single purge thread and clean up all vnets from this = thread. > B> > C> =20 > B> > C> PR: 194515 > B> > C> Differential Revision: D1315 > B> > C> Submitted by: Nikos Vassiliadis > B> >=20 > B> > I am not sure that this is a good idea. The core idea of VNETs > B> > is that they are isolated from each other. If we serialize = purging, > B> > then vnets are strongly affecting each other. > B> >=20 > B> > AFAIU, from the PR there is some panic fixed. What is the actual = bug > B> > and why couldn't it be fixed with having per-vnet thread? > B>=20 > B> You don=E2=80=99t 30000 whatever pf purging threads on a system all = running, possibly competing for some resources, e.g., locks? >=20 > Isn't a vnet, which is a jail, already a set of a dozen of processes? = So, > if you are speaking of "30000 whatever pf purging threads", then you > already mean =E2=80=9C1 mln whatever processes". jail/VNETs can exist without a single process attached. But I guess the point is that there is only so much work we can do at = the same time and we should be very careful in what we try to = parallellellellize as with 5 vnets it might be fine, with a couple of = thousand you may keep a system busy with itself. > Speaking of pf purging threads competing for resources. If someone = wants > really independent pfs in vnets, then locks should be virtualized as = well. No please don=E2=80=99t. The only places where we =E2=80=9Cvirtualise=E2=80= =9D locks for VNETs is part of data structures which are vnet specific = (virtualised). =E2=80=94=20 Bjoern A. Zeeb Charles Haddon Spurgeon: "Friendship is one of the sweetest joys of life. Many might have failed beneath the bitterness of their trial had they not found a friend."