Re: [PATCH 05/11] selinux: use dlist for isec inode list

[PATCH 0/11] vfs: inode cache scalability improvements · Dave Chinner <david@fromorbit.com> · 2023-12-06
[PATCH 07/11] hlist-bl: add hlist_bl_fake() · Dave Chinner <david@fromorbit.com> · 2023-12-06
Re: [PATCH 07/11] hlist-bl: add hlist_bl_fake() · Al Viro <viro@zeniv.linux.org.uk> · 2023-12-07
[PATCH 06/11] vfs: factor out inode hash head calculation · Dave Chinner <david@fromorbit.com> · 2023-12-06
Re: [PATCH 06/11] vfs: factor out inode hash head calculation · Al Viro <viro@zeniv.linux.org.uk> · 2023-12-07
[PATCH 05/11] selinux: use dlist for isec inode list · Dave Chinner <david@fromorbit.com> · 2023-12-06
Re: [PATCH 05/11] selinux: use dlist for isec inode list · Paul Moore <paul@paul-moore.com> · 2023-12-06
Re: [PATCH 05/11] selinux: use dlist for isec inode list · Dave Chinner <david@fromorbit.com> · 2023-12-06
Re: [PATCH 05/11] selinux: use dlist for isec inode list · Paul Moore <paul@paul-moore.com> · 2023-12-07
[PATCH 02/11] vfs: Remove unnecessary list_for_each_entry_safe() variants · Dave Chinner <david@fromorbit.com> · 2023-12-06
Re: [PATCH 02/11] vfs: Remove unnecessary list_for_each_entry_safe() variants · Al Viro <viro@zeniv.linux.org.uk> · 2023-12-07
Re: [PATCH 02/11] vfs: Remove unnecessary list_for_each_entry_safe() variants · Kent Overstreet <kent.overstreet@linux.dev> · 2023-12-07
[PATCH 11/11] hlist-bl: introduced nested locking for dm-snap · Dave Chinner <david@fromorbit.com> · 2023-12-06
[PATCH 01/11] lib/dlock-list: Distributed and lock-protected lists · Dave Chinner <david@fromorbit.com> · 2023-12-06
Re: [PATCH 01/11] lib/dlock-list: Distributed and lock-protected lists · Al Viro <viro@zeniv.linux.org.uk> · 2023-12-07
[PATCH 04/11] lib/dlock-list: Make sibling CPUs share the same linked list · Dave Chinner <david@fromorbit.com> · 2023-12-06
Re: [PATCH 04/11] lib/dlock-list: Make sibling CPUs share the same linked list · Kent Overstreet <kent.overstreet@linux.dev> · 2023-12-07
Re: [PATCH 04/11] lib/dlock-list: Make sibling CPUs share the same linked list · Kent Overstreet <kent.overstreet@linux.dev> · 2023-12-07
Re: [PATCH 04/11] lib/dlock-list: Make sibling CPUs share the same linked list · Dave Chinner <david@fromorbit.com> · 2023-12-07
Re: [PATCH 04/11] lib/dlock-list: Make sibling CPUs share the same linked list · Al Viro <viro@zeniv.linux.org.uk> · 2023-12-07
[PATCH 09/11] hash-bl: explicitly initialise hash-bl heads · Dave Chinner <david@fromorbit.com> · 2023-12-06
Re: [PATCH 09/11] hash-bl: explicitly initialise hash-bl heads · Al Viro <viro@zeniv.linux.org.uk> · 2023-12-07
[PATCH 08/11] vfs: inode cache conversion to hash-bl · Dave Chinner <david@fromorbit.com> · 2023-12-06
Re: [PATCH 08/11] vfs: inode cache conversion to hash-bl · Kent Overstreet <kent.overstreet@linux.dev> · 2023-12-07
Re: [PATCH 08/11] vfs: inode cache conversion to hash-bl · Dave Chinner <david@fromorbit.com> · 2023-12-07
Re: [PATCH 08/11] vfs: inode cache conversion to hash-bl · Al Viro <viro@zeniv.linux.org.uk> · 2023-12-07
[PATCH 03/11] vfs: Use dlock list for superblock's inode list · Dave Chinner <david@fromorbit.com> · 2023-12-06
Re: [PATCH 03/11] vfs: Use dlock list for superblock's inode list · Al Viro <viro@zeniv.linux.org.uk> · 2023-12-07
Re: [PATCH 03/11] vfs: Use dlock list for superblock's inode list · Dave Chinner <david@fromorbit.com> · 2023-12-07
Re: [PATCH 03/11] vfs: Use dlock list for superblock's inode list · Kent Overstreet <kent.overstreet@linux.dev> · 2023-12-07
[PATCH 10/11] list_bl: don't use bit locks for PREEMPT_RT or lockdep · Dave Chinner <david@fromorbit.com> · 2023-12-06
Re: [PATCH 10/11] list_bl: don't use bit locks for PREEMPT_RT or lockdep · Kent Overstreet <kent.overstreet@linux.dev> · 2023-12-07
Re: [PATCH 10/11] list_bl: don't use bit locks for PREEMPT_RT or lockdep · Dave Chinner <david@fromorbit.com> · 2023-12-07
Re: [PATCH 0/11] vfs: inode cache scalability improvements · Kent Overstreet <kent.overstreet@linux.dev> · 2023-12-07

From: Dave Chinner <david@fromorbit.com>
Date: 2023-12-06 23:04:59
Also in: dm-devel, gfs2, linux-block, linux-fsdevel, lkml, selinux

On Wed, Dec 06, 2023 at 04:52:42PM -0500, Paul Moore wrote:

On Wed, Dec 6, 2023 at 1:07 AM Dave Chinner [off-list ref] wrote:

quoted

From: Dave Chinner <redacted>

Because it's a horrible point of lock contention under heavily
concurrent directory traversals...

  - 12.14% d_instantiate
     - 12.06% security_d_instantiate
        - 12.13% selinux_d_instantiate
           - 12.16% inode_doinit_with_dentry
              - 15.45% _raw_spin_lock
                 - do_raw_spin_lock
                      14.68% __pv_queued_spin_lock_slowpath


Signed-off-by: Dave Chinner <redacted>
---
 include/linux/dlock-list.h        |  9 ++++
 security/selinux/hooks.c          | 72 +++++++++++++++----------------
 security/selinux/include/objsec.h |  6 +--
 3 files changed, 47 insertions(+), 40 deletions(-)

In the cover letter you talk about testing, but I didn't see any
mention of testing with SELinux enabled.  Given the lock contention
stats in the description above I'm going to assume you did test this
and pass along my ACK, but if you haven't tested the changes below
please do before sending this anywhere important.

AFAIA, I've been testing with selinux enabled - I'm trying to run
these tests in an environment as close to typical production systems
as possible and that means selinux needs to be enabled.

As such, all the fstests and perf testing has been done with selinux
in permissive mode using "-o context=system_u:object_r:root_t:s0" as
the default context for the mount.

I see this sort of thing in the profiles:

- 87.13% path_lookupat
   - 86.46% walk_component
      - 84.20% lookup_slow
	 - 84.05% __lookup_slow
	    - 80.81% xfs_vn_lookup
	       - 77.84% xfs_lookup
....
	       - 2.91% d_splice_alias
		  - 1.52% security_d_instantiate
		     - 1.50% selinux_d_instantiate
			- 1.47% inode_doinit_with_dentry
			   - 0.83% inode_doinit_use_xattr
				0.52% __vfs_getxattr

Which tells me that selinux is definitely doing -something- on every
inode being instantiated, so I'm pretty sure the security and
selinux paths are getting exercised...

Acked-by: Paul Moore <paul@paul-moore.com>

Thanks!

-Dave.
-- 
Dave Chinner
david@fromorbit.com

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help