| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20260206201918.1988344-3-longman@redhat.com>
Date: Fri, 6 Feb 2026 15:19:17 -0500
From: Waiman Long <longman@...hat.com>
To: Paul Moore <paul@...l-moore.com>,
Eric Paris <eparis@...hat.com>,
Christian Brauner <brauner@...nel.org>,
Al Viro <viro@...iv.linux.org.uk>
Cc: linux-kernel@...r.kernel.org,
audit@...r.kernel.org,
Richard Guy Briggs <rgb@...hat.com>,
Ricardo Robaina <rrobaina@...hat.com>,
Waiman Long <longman@...hat.com>
Subject: [PATCH v3 2/2] audit: Use the new {get,put}_fs_pwd_pool() APIs to get/put pwd references
When the audit subsystem is enabled, it can do a lot of get_fs_pwd()
calls to get references to fs->pwd and then releasing those references
back with path_put() later. That may cause a lot of spinlock contention
on a single pwd's dentry lock because of the constant changes to the
reference count when there are many processes on the same working
directory actively doing open/close system calls. This can cause
noticeable performance regresssion when compared with the case where
the audit subsystem is turned off especially on systems with a lot of
CPUs which is becoming more common these days.
To avoid this kind of performance regression, use the new
get_fs_pwd_pool() and put_fs_pwd_pool() APIs to acquire and release a
fs->pwd reference. This should greatly reduce the number of path_get()
and path_put() calls that are needed.
After installing a test kernel with auditing enabled and counters
added to track the get_fs_pwd_pool() and put_fs_pwd_pool() calls on
a 2-socket 96-core test system and running a parallel kernel build,
the counter values for this particular test run were shown below.
fs_get_path=307,903
fs_get_pool=56,583,192
fs_put_path=6,209
fs_put_pool=56,885,147
Of the about 57M calls to get_fs_pwd_pool() and put_fs_pwd_pool(), the
majority of them are just updating the pwd_refs counters. Only less than
1% of those calls require an actual path_get() and path_put() calls. The
difference between fs_get_path and fs_put_path represents the extra pwd
references that were still stored in various active task->fs's when the
counter values were retrieved.
It can be seen that the number of path_get() and path_put() calls are
reduced by quite a lot.
Signed-off-by: Waiman Long <longman@...hat.com>
---
kernel/auditsc.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index dd0563a8e0be..af22f8be4d70 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -931,6 +931,9 @@ static inline void audit_free_names(struct audit_context *context)
{
struct audit_names *n, *next;
+ if (!context->name_count)
+ return; /* audit_alloc_name() has not been called */
+
list_for_each_entry_safe(n, next, &context->names_list, list) {
list_del(&n->list);
if (n->name)
@@ -939,7 +942,7 @@ static inline void audit_free_names(struct audit_context *context)
kfree(n);
}
context->name_count = 0;
- path_put(&context->pwd);
+ put_fs_pwd_pool(current->fs, &context->pwd);
context->pwd.dentry = NULL;
context->pwd.mnt = NULL;
}
@@ -2165,7 +2168,7 @@ static struct audit_names *audit_alloc_name(struct audit_context *context,
context->name_count++;
if (!context->pwd.dentry)
- get_fs_pwd(current->fs, &context->pwd);
+ get_fs_pwd_pool(current->fs, &context->pwd);
return aname;
}
--
2.52.0
Powered by blists - more mailing lists