Hi Mateusz, Mateusz Guzik <mjgu...@gmail.com> writes:
> I'm sanity-checking perf in various microbenchmarks and I found > apparmor to be the main bottleneck in some of them. > > For example: will-it-scale open1_processes -t 16, top of the profile: > 20.17% [kernel] [k] apparmor_file_alloc_security > 20.08% [kernel] [k] apparmor_file_open > 20.05% [kernel] [k] apparmor_file_free_security > 18.39% [kernel] [k] apparmor_current_getsecid_subj > [snip] > > This serializes on refing/unrefing apparmor objs, sounds like a great > candidate for per-cpu refcounting instead (I'm assuming they are > expected to be long-lived). > > I would hack it up myself, but I failed to find a clear spot to switch > back from per-cpu to centalized operation and don't want to put > serious effort into it. > > Can you sort this out? I was looking at this same workload, and proposed a patch[1] some time ago, see if it helps: https://lists.ubuntu.com/archives/apparmor/2023-August/012914.html But my idea was different, in many cases, we are looking at the label associated with the current task, and there's no need to take the refcount. > > Thanks, > -- > Mateusz Guzik <mjguzik gmail.com> > Cheers, -- Vinicius