Eric Dumazet <eric.dumazet@xxxxxxxxx> wrote: > From: Eric Dumazet <edumazet@xxxxxxxxxx> > > Syzbot was able to trigger the following warning [1] > > No repro found by syzbot yet but I was able to trigger similar issue > by having 2 scripts running in parallel, changing conntrack hash sizes, > and: > > for j in `seq 1 1000` ; do unshare -n /bin/true >/dev/null ; done > > It would take more than 5 minutes for net_namespace structures > to be cleaned up. > > This is because nf_ct_iterate_cleanup() has to restart everytime > a resize happened. > > By adding a mutex, we can serialize hash resizes and cleanups > and also make get_next_corpse() faster by skipping over empty > buckets. > > Even without resizes in the picture, this patch considerably > speeds up network namespace dismantles. LGTM, thanks Eric. I have been working on patches to make hash table pernet again, but they will take a bit more time to finish and are not suited for -net.