Hi Mateusz,
Mateusz Guzik <mjguzik@xxxxxxxxx> writes:
I'm sanity-checking perf in various microbenchmarks and I found
apparmor to be the main bottleneck in some of them.
For example: will-it-scale open1_processes -t 16, top of the profile:
20.17% [kernel] [k] apparmor_file_alloc_security
20.08% [kernel] [k] apparmor_file_open
20.05% [kernel] [k] apparmor_file_free_security
18.39% [kernel] [k] apparmor_current_getsecid_subj
[snip]
This serializes on refing/unrefing apparmor objs, sounds like a great
candidate for per-cpu refcounting instead (I'm assuming they are
expected to be long-lived).
I would hack it up myself, but I failed to find a clear spot to switch
back from per-cpu to centalized operation and don't want to put
serious effort into it.
Can you sort this out?
I was looking at this same workload, and proposed a patch[1] some time
ago, see if it helps:
https://lists.ubuntu.com/archives/apparmor/2023-August/012914.html
But my idea was different, in many cases, we are looking at the label
associated with the current task, and there's no need to take the
refcount.
Thanks,
--
Mateusz Guzik <mjguzik gmail.com>
Cheers,