apparmor: global buffers spin lock may get contended

Sergey Senozhatsky senozhatsky at chromium.org
Mon Oct 31 04:04:14 UTC 2022


On (22/10/30 20:55), John Johansen wrote:
> On 10/30/22 20:52, Sergey Senozhatsky wrote:
> > On (22/10/28 02:34), John Johansen wrote:
> > >  From d026988196fdbda7234fb87bc3e4aea22edcbaf9 Mon Sep 17 00:00:00 2001
> > > From: John Johansen <john.johansen at canonical.com>
> > > Date: Tue, 25 Oct 2022 01:18:41 -0700
> > > Subject: [PATCH] apparmor: cache buffers on percpu list if there is lock
> > >   contention
> > > 
> > > On a heavily loaded machine there can be lock contention on the
> > > global buffers lock. Add a percpu list to cache buffers on when
> > > lock contention is encountered.
> > > 
> > > When allocating buffers attempt to use cached buffers first,
> > > before taking the global buffers lock. When freeing buffers
> > > try to put them back to the global list but if contention is
> > > encountered, put the buffer on the percpu list.
> > > 
> > > The length of time a buffer is held on the percpu list is dynamically
> > > adjusted based on lock contention.  The amount of hold time is rapidly
> > > increased and slow ramped down.
> > > 
> > > Signed-off-by: John Johansen <john.johansen at canonical.com>
> > 
> > Reported-by: Sergey Senozhatsky <senozhatsky at chromium.org>
> 
> yep, thanks for catching that

Thanks for the patch! Unfortunately it'll be a bit difficult to test
it right now; I'll probably have to wait until corp pushes new kernel
(with the patch) to build boxes.



More information about the Linux-security-module-archive mailing list