Re: [PATCH v5 0/4] apparmor: cache buffers on percpu list if there is lock, contention

From: Sergey Senozhatsky
Date: Thu Oct 26 2023 - 01:13:22 EST

Next message: Amir Goldstein: "Re: linux-next: manual merge of the vfs-brauner tree with the bcachefs tree"
Previous message: Oleksij Rempel: "[PATCH net-next v8 5/5] net: dsa: microchip: Ensure Stable PME Pin State for Wake-on-LAN"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On (23/10/17 02:21), John Johansen wrote:
> > > yeah, testing help is always much appreciated. I have a v4, and I am
> > > working on 3 alternate version to compare against, to help give a better
> > > sense if we can get away with simplifying or tweak the scaling.
> > >
> > > I should be able to post them out some time tonight.
> >
> > Hi John,
> >
> > Did you get a chance to post v4? I may be able to give it some testing
> > on our real-life case.
>
> sorry yes, how about a v5. That is simplified with 3 follow on patches
> that aren't strictly necessary, but some combination of them might be
> better than just the base patch, but splitting them out makes the
> individual changes easier to review.

Sorry for late reply. So I gave it a try but, apparently, our build
environment has changed quite significantly since the last time I
looked into it.

I don't see that many aa_get/put_buffer() anymore. apparmor buffer
functions are mostly called form the exec path:

security_bprm_creds_for_exec()
apparmor_bprm_creds_for_exec()
make_vfsuid()
aa_get_buffer()

As for vfs_statx()->...->apparmor_inode_getattr()->aa_path_perm(),
that path is bpf_lsm_inode_getsecid() now.

Next message: Amir Goldstein: "Re: linux-next: manual merge of the vfs-brauner tree with the bcachefs tree"
Previous message: Oleksij Rempel: "[PATCH net-next v8 5/5] net: dsa: microchip: Ensure Stable PME Pin State for Wake-on-LAN"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]