Comment 0 for bug 1226726

Whenever one enters a network namespace via "ip netns exec foobar somecommand" there is a mount done of the appropriate device on /sys since "somecommand" needs to see namespace specific versions of /sys directories. When the ip process exits these mounts need to be torn down, and that requires a global write lock for vfsmount_lock (this is a single writer multiple reader lock). This has serious performance implications when the number of name spaces increase.

The commit 84d17192 addresses this issue, and it is clear by running the attached testcase that it fixes performance issues when dealing with large numbers of namespaces. I've included a graph with the differences in performance between this fix and its parent commit to show the the improve in performance. The x-axis represents the number of namespaces and the y-axis is execution time in ms. After applying the patch the performance delays are not exponentially increasing.

This affects 3.2/3.5/3.8 series kernels, as it was fixed in 3.10.