diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2021-05-19 13:45:49 +0200 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2021-05-19 18:37:54 +0200 |
| commit | 63d287c90c41ec269f132657ce75a16dece46a74 (patch) | |
| tree | 97a52a8fb24f0236c93178e3f9158dfac588373d /drivers/net/wireguard/peer.c | |
| parent | wireguard: do not use -O3 (diff) | |
| download | wireguard-linux-jd/deferred-aip-removal.tar.xz wireguard-linux-jd/deferred-aip-removal.zip | |
wireguard: allowedips: batch process peer removalsjd/deferred-aip-removal
Deleting peers requires traversing the entire trie in order to rebalance
nodes and safely free them so that we can use RCU in the critical path
and never block. But for a structure filled with half million nodes,
removing a few thousand of them can take an extremely long time, during
which we're holding the rtnl lock. Large-scale users were reporting
200ms latencies added to the networking stack as a whole every time
their userspace software would queue up significant removals.
This commit works around the problem by marking nodes as dead, and then
scheduling a deferred cleanup routine a second later to do one sweep of
the entire structure, in order to amortize removals to just a single
traversal. Not only should this remove the added latencies to the stack,
but it should also make update operations that include peer removal or
allowedips changes much faster.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'drivers/net/wireguard/peer.c')
| -rw-r--r-- | drivers/net/wireguard/peer.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/drivers/net/wireguard/peer.c b/drivers/net/wireguard/peer.c index 3a042d28eb2e..3a14a377f295 100644 --- a/drivers/net/wireguard/peer.c +++ b/drivers/net/wireguard/peer.c @@ -81,8 +81,7 @@ static void peer_make_dead(struct wg_peer *peer) { /* Remove from configuration-time lookup structures. */ list_del_init(&peer->peer_list); - wg_allowedips_remove_by_peer(&peer->device->peer_allowedips, peer, - &peer->device->device_update_lock); + wg_allowedips_remove_by_peer(&peer->device->peer_allowedips, peer); wg_pubkey_hashtable_remove(peer->device->peer_hashtable, peer); /* Mark as dead, so that we don't allow jumping contexts after. */ @@ -172,7 +171,7 @@ void wg_peer_remove_all(struct wg_device *wg) lockdep_assert_held(&wg->device_update_lock); /* Avoid having to traverse individually for each one. */ - wg_allowedips_free(&wg->peer_allowedips, &wg->device_update_lock); + wg_allowedips_free(&wg->peer_allowedips); list_for_each_entry_safe(peer, temp, &wg->peer_list, peer_list) { peer_make_dead(peer); |