Re: [PATCHv3] locks: Filter /proc/locks output on proc pid ns

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, 2016-08-03 at 11:23 -0500, Eric W. Biederman wrote:
> Nikolay Borisov <kernel@xxxxxxxx> writes:
> 
> > 
> > On busy container servers reading /proc/locks shows all the locks
> > created by all clients. This can cause large latency spikes. In my
> > case I observed lsof taking up to 5-10 seconds while processing
> > around
> > 50k locks. Fix this by limiting the locks shown only to those
> > created
> > in the same pidns as the one the proc fs was mounted in. When
> > reading
> > /proc/locks from the init_pid_ns proc instance then perform no
> > filtering
> 
> If we are going to do this, this should be a recrusive belonging test
> (because pid namespaces are recursive).
> 
> Right now the test looks like it will filter out child pid
> namespaces.
> 
> Special casing the init_pid_ns should be an optimization not
> something
> that is necessary for correctness. (as it appears here).
> 
> Eric
> 
> 

Ok, thanks. I'm still not that namespace savvy -- so there's a
hierarchy of pid_namespaces?

If so, then yeah does sound better. Is there an interface that allows
you to tell whether a pid is a descendant of a particular
pid_namespace?

> > 
> > Signed-off-by: Nikolay Borisov <kernel@xxxxxxxx>
> > ---
> >  fs/locks.c | 5 +++++
> >  1 file changed, 5 insertions(+)
> > 
> > diff --git a/fs/locks.c b/fs/locks.c
> > index ee1b15f6fc13..65e75810a836 100644
> > --- a/fs/locks.c
> > +++ b/fs/locks.c
> > @@ -2648,9 +2648,14 @@ static int locks_show(struct seq_file *f,
> > void *v)
> >  {
> >  	struct locks_iterator *iter = f->private;
> >  	struct file_lock *fl, *bfl;
> > +	struct pid_namespace *proc_pidns = file_inode(f->file)-
> > >i_sb->s_fs_info;
> >  
> >  	fl = hlist_entry(v, struct file_lock, fl_link);
> >  
> > +	if ((proc_pidns != &init_pid_ns) && fl->fl_nspid
> > +	    && (proc_pidns != ns_of_pid(fl->fl_nspid)))
> > +		return 0;
> > +
> >  	lock_get_status(f, fl, iter->li_pos, "");
> >  
> >  	list_for_each_entry(bfl, &fl->fl_block, fl_block)

-- 
Jeff Layton <jlayton@xxxxxxxxxxxxxxx>
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/containers
[Index of Archives]     [Cgroups]     [Netdev]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux