extremely slow sudo with many network interfaces due to slow getifaddrs() syscall perf

Bug #1272414 reported by Bryan Quigley on 2014-01-24
This bug affects 1 person
Affects Status Importance Assigned to Milestone
sudo (Ubuntu)
Chris J Arges

Bug Description

Sudo performance degrades when many network interfaces exist. This is due to a slow getifaddrs() syscall performance on linux. Upsteam has added the ability to disable the checking the network interfaces with a runtime option in version 1.8.10 with commit http://www.sudo.ws/repos/sudo/rev/e9dc28c7db60.
Upstream discussion: http://www.sudo.ws/pipermail/sudo-workers/2014-January/000826.html

This is on Ubuntu 12.04 w/ Sudo 1.8.3p1-1ubuntu3.4. The fix does need to land on trusty before it can be SRUed.

Test case results:
w/ sudo: At the end of the test per the real time per sudo command is as high as .16 and takes almost 13 minutes.
w/ root: At the end of the test the real time per command is .02/.03 and takes about 7 minutes total.

[Test Case]
for i in `seq 1 $1`
j=`printf %.4d $i`
$SUDO ip netns add bar${j}
$SUDO ip netns exec bar${j} ip link set lo up
$SUDO ip netns exec bar${j} sysctl -w net.ipv4.ip_forward=1 > /dev/null
$SUDO ip link add qroutside${j} type veth peer name qrinside${j} netns bar${j}
/usr/bin/time -f "%e" $SUDO ip link add qgoutside${j} type veth peer name qginside${j} netns bar${j}
echo Created $j

1. Run with argument 2000.
2. Reboot
3. Change line to SUDO= and then run as root still with argument 2000.

[Regression Potential]
This is adding one runtime variable, that was previously only a compile time variable.

Chris J Arges (arges) on 2014-01-24
Changed in sudo (Ubuntu):
assignee: nobody → Chris J Arges (arges)
importance: Undecided → Medium
status: New → In Progress
Chris J Arges (arges) on 2014-01-29
summary: - Slow sudo; Backport ability to disable network interface probing
+ extremely slow sudo with many network interfaces due to slow
+ getifaddrs() syscall perf
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sudo - 1.8.9p4-1ubuntu2

sudo (1.8.9p4-1ubuntu2) trusty; urgency=medium

  * Enable and refresh: actually-use-buildflags: Pass LDFLAGS everywhere
  * Add the ability to disable network interface probing. This fixes
    performance issues with large number of network interfaces (LP: #1272414)
 -- Chris J Arges <email address hidden> Tue, 28 Jan 2014 05:07:02 -0600

Changed in sudo (Ubuntu):
status: In Progress → Fix Released
Scott Moser (smoser) wrote :

For anyone else hit by this, the fix still requires you to turn it on.

   echo "Set probe_interfaces false" | sudo tee -a /etc/sudo.conf

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers