Re: [PATCH v3 2/2] audit: Use the new {get,put}_fs_pwd_pool() APIs to get/put pwd references

[Richard Guy Briggs]

On 2026-02-06 15:19, Waiman Long wrote:
> When the audit subsystem is enabled, it can do a lot of get_fs_pwd()
> calls to get references to fs->pwd and then releasing those references
> back with path_put() later. That may cause a lot of spinlock contention
> on a single pwd's dentry lock because of the constant changes to the
> reference count when there are many processes on the same working
> directory actively doing open/close system calls. This can cause
> noticeable performance regresssion when compared with the case where
> the audit subsystem is turned off especially on systems with a lot of
> CPUs which is becoming more common these days.
> 
> To avoid this kind of performance regression, use the new
> get_fs_pwd_pool() and put_fs_pwd_pool() APIs to acquire and release a
> fs->pwd reference. This should greatly reduce the number of path_get()
> and path_put() calls that are needed.
> 
> After installing a test kernel with auditing enabled and counters
> added to track the get_fs_pwd_pool() and put_fs_pwd_pool() calls on
> a 2-socket 96-core test system and running a parallel kernel build,
> the counter values for this particular test run were shown below.
> 
>   fs_get_path=307,903
>   fs_get_pool=56,583,192
>   fs_put_path=6,209
>   fs_put_pool=56,885,147
> 
> Of the about 57M calls to get_fs_pwd_pool() and put_fs_pwd_pool(), the
> majority of them are just updating the pwd_refs counters. Only less than
> 1% of those calls require an actual path_get() and path_put() calls. The
> difference between fs_get_path and fs_put_path represents the extra pwd
> references that were still stored in various active task->fs's when the
> counter values were retrieved.
> 
> It can be seen that the number of path_get() and path_put() calls are
> reduced by quite a lot.
> 
> Signed-off-by: Waiman Long <longman@xxxxxxxxxx>

Reviewed-by: Richard Guy Briggs <rgb@xxxxxxxxxx>

> ---
>  kernel/auditsc.c | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)
> 
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index dd0563a8e0be..af22f8be4d70 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -931,6 +931,9 @@ static inline void audit_free_names(struct audit_context *context)
>  {
>  	struct audit_names *n, *next;
>  
> +	if (!context->name_count)
> +		return;	/* audit_alloc_name() has not been called */
> +
>  	list_for_each_entry_safe(n, next, &context->names_list, list) {
>  		list_del(&n->list);
>  		if (n->name)
> @@ -939,7 +942,7 @@ static inline void audit_free_names(struct audit_context *context)
>  			kfree(n);
>  	}
>  	context->name_count = 0;
> -	path_put(&context->pwd);
> +	put_fs_pwd_pool(current->fs, &context->pwd);
>  	context->pwd.dentry = NULL;
>  	context->pwd.mnt = NULL;
>  }
> @@ -2165,7 +2168,7 @@ static struct audit_names *audit_alloc_name(struct audit_context *context,
>  
>  	context->name_count++;
>  	if (!context->pwd.dentry)
> -		get_fs_pwd(current->fs, &context->pwd);
> +		get_fs_pwd_pool(current->fs, &context->pwd);
>  	return aname;
>  }
>  
> -- 
> 2.52.0
> 

- RGB

--
Richard Guy Briggs <rgb@xxxxxxxxxx>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
Upstream IRC: SunRaycer
Voice: +1.613.860 2354 SMS: +1.613.518.6570