Hi Martin, On Sat, Dec 27, 2014 at 7:27 PM, Martin Pitt <[email protected]> wrote: > I'm forwarding a patch for the loopback setup from Stéphane. I already > pushed one part of it as > http://cgit.freedesktop.org/systemd/systemd/commit/?id=58a489c > which is trivial and obvious, but the other part isn't.
Thanks for that fix! I had a look at this code again, and it turns out that the whole address checking is not really needed any longer, and can be simplified quite a bit. I'd like to push the attached patch if no one objects. > Stéphane Graber <[email protected]> wrote: >> Attached is a pretty simple patch/workaround to fix the massive CPU >> usage of systemd in unprivileged containers. >> >> LXC provides each containers with an already-UP loopback device. systemd >> will attempt to bring it up regardless of its current state and doing so >> gets it into a broken codepath somewhere deep in the netlink handling >> code of systemd. Hi Stéphane, I was not able to reproduce this. Is it reproducable for you using nspawn? If not, could you point me to how to reproduce it with LXC, or even better give some more details about the failure you see "deep in the netlink handling"? Is it 100% reproducible, and are you able to get a backtrace? This really sounds like something we need to fix at its root. > The fix is to always check whether the loopback is ready to use before > doing anything. The workaround looks fine (i.e., it will give the correct behaviour), but I'd really prefer that we don't do this upstream, but rather fix the underlying problem. Cheers, Tom
From 13139185a50c286769810e3e7979cfcf51c48ee9 Mon Sep 17 00:00:00 2001 From: Tom Gundersen <[email protected]> Date: Sun, 28 Dec 2014 13:38:23 +0100 Subject: [PATCH] core: loopback - simplify check_loopback() We no longer configure the addresses on the loopback interface, but simply bring it up and let the kernel do the rest. Also change the check to only check if the interface is up, rather than checking for the IPv4 loopback address. --- src/core/loopback-setup.c | 42 ++++++++++++++++++------------------------ 1 file changed, 18 insertions(+), 24 deletions(-) diff --git a/src/core/loopback-setup.c b/src/core/loopback-setup.c index ab6335c..0d7d00c 100644 --- a/src/core/loopback-setup.c +++ b/src/core/loopback-setup.c @@ -56,30 +56,24 @@ static int start_loopback(sd_rtnl *rtnl) { return 0; } -static int check_loopback(void) { +static bool check_loopback(sd_rtnl *rtnl) { + _cleanup_rtnl_message_unref_ sd_rtnl_message *req = NULL, *reply = NULL; + unsigned flags; int r; - _cleanup_close_ int fd = -1; - union { - struct sockaddr sa; - struct sockaddr_in in; - } sa = { - .in.sin_family = AF_INET, - .in.sin_addr.s_addr = htonl(INADDR_LOOPBACK), - }; - - /* If we failed to set up the loop back device, check whether - * it might already be set up */ - - fd = socket(AF_INET, SOCK_DGRAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0); - if (fd < 0) - return -errno; - - if (bind(fd, &sa.sa, sizeof(sa.in)) >= 0) - r = 1; - else - r = errno == EADDRNOTAVAIL ? 0 : -errno; - - return r; + + r = sd_rtnl_message_new_link(rtnl, &req, RTM_GETLINK, LOOPBACK_IFINDEX); + if (r < 0) + return r; + + r = sd_rtnl_call(rtnl, req, 0, &reply); + if (r < 0) + return r; + + r = sd_rtnl_message_link_get_flags(reply, &flags); + if (r < 0) + return r; + + return flags & IFF_UP; } int loopback_setup(void) { @@ -92,7 +86,7 @@ int loopback_setup(void) { r = start_loopback(rtnl); if (r == -EPERM) { - if (check_loopback() < 0) + if (!check_loopback(rtnl)) return log_warning_errno(EPERM, "Failed to configure loopback device: %m"); } else if (r < 0) return log_warning_errno(r, "Failed to configure loopback device: %m"); -- 2.2.0
_______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
