[systemd-devel] [PATCH] loopback setup in unprivileged containers

[Tom Gundersen]

Hi Martin,

On Sat, Dec 27, 2014 at 7:27 PM, Martin Pitt <martin.pitt at ubuntu.com> wrote:
> I'm forwarding a patch for the loopback setup from Stéphane. I already
> pushed one part of it as http://cgit.freedesktop.org/systemd/systemd/commit/?id=58a489c
> which is trivial and obvious, but the other part isn't.

Thanks for that fix!

I had a look at this code again, and it turns out that the whole
address checking is not really needed any longer, and can be
simplified quite a bit. I'd like to push the attached patch if no one
objects.

> Stéphane Graber <stgraber at ubuntu.com> wrote:
>> Attached is a pretty simple patch/workaround to fix the massive CPU
>> usage of systemd in unprivileged containers.
>>
>> LXC provides each containers with an already-UP loopback device. systemd
>> will attempt to bring it up regardless of its current state and doing so
>> gets it into a broken codepath somewhere deep in the netlink handling
>> code of systemd.

Hi Stéphane,

I was not able to reproduce this. Is it reproducable for you using
nspawn? If not, could you point me to how to reproduce it with LXC, or
even better give some more details about the failure you see "deep in
the netlink handling"? Is it 100% reproducible, and are you able to
get a backtrace? This really sounds like something we need to fix at
its root.

> The fix is to always check whether the loopback is ready to use before
> doing anything.

The workaround looks fine (i.e., it will give the correct behaviour),
but I'd really prefer that we don't do this upstream, but rather fix
the underlying problem.

Cheers,

Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-core-loopback-simplify-check_loopback.patch
Type: text/x-diff
Size: 2528 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20141228/6aceacf4/attachment.patch>