[PATCH 0/1] Cover letter
Anil Altinay
aaltinay at google.com
Thu Feb 16 21:46:50 UTC 2023
We were informed that "git status" takes longer sys time(9s vs 1s) with kernel 5.10 when we run "time git status" on a container with apparmor enabled on a machine with 96vCPU and 384GB memory. This test was performed on a large project like chromium. We think that the commit: df323337e507a0009d3db1ea25948d4c7f320d62 which landed on 5.5 started this regression. We tested the attached patch we found at https://lore.kernel.org/lkml/cfd5cc6f-5943-2e06-1dbe-f4b4ad5c1fa1@canonical.com/ on 5.10 and 5.15 and confirmed that it fixes the regression.
We did not have a chance to perform the same test on the 6.2 but confirmed that the kernel builds using the arch/x86/configs/x86_64_defconfig with the following configs enabled:
CONFIG_SECURITY_APPARMOR=y
CONFIG_SECURITY_APPARMOR_HASH=y
CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_LSM="apparmor"
Anil Altinay (1):
apparmor: cache buffers on percpu list if there is lock contention
security/apparmor/lsm.c | 73 ++++++++++++++++++++++++++++++++++++++---
1 file changed, 68 insertions(+), 5 deletions(-)
--
2.39.2.637.g21b0678d19-goog
More information about the Linux-security-module-archive
mailing list