Ubuntu
sudo package

extremely slow sudo with many network interfaces due to slow getifaddrs() syscall perf

Bug #1272414 reported by Bryan Quigley
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
sudo (Ubuntu)
Fix Released
Medium
Chris J Arges
Precise
Won't Fix
Undecided
Unassigned

Bug Description

Sudo performance degrades when many network interfaces exist. This is due to a slow getifaddrs() syscall performance on linux. Upsteam has added the ability to disable the checking the network interfaces with a runtime option in version 1.8.10 with commit http://www.sudo.ws/repos/sudo/rev/e9dc28c7db60.
Upstream discussion: http://www.sudo.ws/pipermail/sudo-workers/2014-January/000826.html

This is on Ubuntu 12.04 w/ Sudo 1.8.3p1-1ubuntu3.4. The fix does need to land on trusty before it can be SRUed.

[Impact]
Test case results:
w/ sudo: At the end of the test per the real time per sudo command is as high as .16 and takes almost 13 minutes.
w/ root: At the end of the test the real time per command is .02/.03 and takes about 7 minutes total.

[Test Case]
#!/bin/bash
SUDO=sudo
for i in `seq 1 $1`
do
j=`printf %.4d $i`
$SUDO ip netns add bar${j}
$SUDO ip netns exec bar${j} ip link set lo up
$SUDO ip netns exec bar${j} sysctl -w net.ipv4.ip_forward=1 > /dev/null
$SUDO ip link add qroutside${j} type veth peer name qrinside${j} netns bar${j}
/usr/bin/time -f "%e" $SUDO ip link add qgoutside${j} type veth peer name qginside${j} netns bar${j}
done
echo Created $j

1. Run with argument 2000.
2. Reboot
3. Change line to SUDO= and then run as root still with argument 2000.

[Regression Potential]
This is adding one runtime variable, that was previously only a compile time variable.

Chris J Arges (arges)
Changed in sudo (Ubuntu):
assignee: nobody → Chris J Arges (arges)
importance: Undecided → Medium
status: New → In Progress
Chris J Arges (arges)
summary: - Slow sudo; Backport ability to disable network interface probing
+ extremely slow sudo with many network interfaces due to slow
+ getifaddrs() syscall perf
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sudo - 1.8.9p4-1ubuntu2

---------------
sudo (1.8.9p4-1ubuntu2) trusty; urgency=medium

  * Enable and refresh: actually-use-buildflags: Pass LDFLAGS everywhere
  * Add the ability to disable network interface probing. This fixes
    performance issues with large number of network interfaces (LP: #1272414)
 -- Chris J Arges <email address hidden> Tue, 28 Jan 2014 05:07:02 -0600

Changed in sudo (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
Scott Moser (smoser) wrote :

For anyone else hit by this, the fix still requires you to turn it on.

   echo "Set probe_interfaces false" | sudo tee -a /etc/sudo.conf

Revision history for this message
Steve Langasek (vorlon) wrote :

The Precise Pangolin has reached end of life, so this bug will not be fixed for that release

Changed in sudo (Ubuntu Precise):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.