From: Mateusz Guzik <mjguzik@gmail.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Christian Brauner <brauner@kernel.org>,
Al Viro <viro@zeniv.linux.org.uk>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
Jan Kara <jack@suse.cz>,
Ext4 Developers List <linux-ext4@vger.kernel.org>
Subject: Re: generic_permission() optimization
Date: Sat, 12 Apr 2025 18:26:09 +0200 [thread overview]
Message-ID: <CAGudoHGxr5gYb0JqPqF_J0MoSAb_qqoF4gaJMEdOhp51yobbLw@mail.gmail.com> (raw)
In-Reply-To: <CAHk-=wgEvF3_+sa5BOuYG2J_hXv72iOiQ8kpmSzCpegUhqg4Zg@mail.gmail.com>
On Thu, Nov 7, 2024 at 11:49 PM Linus Torvalds
<torvalds@linux-foundation.org> wrote:
>
> On Thu, 7 Nov 2024 at 12:22, Mateusz Guzik <mjguzik@gmail.com> wrote:
> >
> > How about filesystems maintaing a flag: IOP_EVERYONECANTRAREVERSE?
>
> It's actually just easier if a filesystem just does
>
> cache_no_acl(inode);
>
> in its read-inode function if it knows it has no ACL's.
>
> Some filesystems already do that, eg btrfs has
>
> /*
> * try to precache a NULL acl entry for files that don't have
> * any xattrs or acls
> */
> ....
> if (!maybe_acls)
> cache_no_acl(inode);
>
> in btrfs_read_locked_inode(). If that 'maybe' is just reliable enough,
> that's all it takes.
>
> I tried to do the same thing for ext4, and failed miserably, but
> that's probably because my logic for "maybe_acls" was broken since I'm
> not familiar enough with ext4 at that level, and I made it do just
>
> /* Initialize the "no ACL's" state for the simple cases */
> if (!ext4_test_inode_state(inode, EXT4_STATE_XATTR) && !ei->i_file_acl)
> cache_no_acl(inode);
>
> which doesn't seem to be a strong enough text.
>
[ roping in ext4 people ]
I plopped your snippet towards the end of __ext4_iget:
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 4008551bbb2d..34189d85e363 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -5071,7 +5071,12 @@ struct inode *__ext4_iget(struct super_block
*sb, unsigned long ino,
goto bad_inode;
}
+ /* Initialize the "no ACL's" state for the simple cases */
+ if (!ext4_test_inode_state(inode, EXT4_STATE_XATTR) && !ei->i_file_acl)
+ cache_no_acl(inode);
+
brelse(iloc.bh);
bpftrace over a kernel build shows almost everything is sorted out:
bpftrace -e 'kprobe:security_inode_permission { @[((struct inode
*)arg0)->i_acl] = count(); }'
@[0xffffffffffffffff]: 23810
@[0x0]: 65984202
That's just shy of 66 mln calls where the acls were explicitly set to
empty, compared to less than 24k where it was the default "uncached"
state.
So indeed *something* is missed, but the patch does cover almost everything.
Perhaps the ext4 guys would chime in and see it through? :)
The context is speeding path lookup by avoiding some of the branches
during permission checking.
--
Mateusz Guzik <mjguzik gmail.com>
next prev parent reply other threads:[~2025-04-12 16:26 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-31 4:16 generic_permission() optimization Linus Torvalds
2024-10-31 6:05 ` Al Viro
2024-10-31 6:42 ` Linus Torvalds
2024-10-31 18:14 ` Linus Torvalds
2024-10-31 22:28 ` Al Viro
2024-10-31 22:34 ` Linus Torvalds
2024-11-01 1:17 ` Linus Torvalds
2024-11-01 1:27 ` Al Viro
2024-11-01 13:15 ` Christian Brauner
2024-10-31 13:02 ` Christian Brauner
2024-10-31 19:04 ` Linus Torvalds
2024-10-31 22:02 ` Linus Torvalds
2024-10-31 22:31 ` Linus Torvalds
2024-11-07 19:54 ` Linus Torvalds
2024-11-07 22:22 ` Mateusz Guzik
2024-11-07 22:49 ` Linus Torvalds
2025-04-12 16:26 ` Mateusz Guzik [this message]
2025-04-12 20:22 ` Linus Torvalds
2025-04-14 10:21 ` Christian Brauner
2025-04-16 13:17 ` [PATCH RFC 0/3] mnt_idmapping: avoid pointer chase & inline low-level helpers Christian Brauner
2025-04-16 13:17 ` [PATCH RFC 1/3] inode: add fastpath for filesystem user namespace retrieval Christian Brauner
2025-04-16 13:49 ` Mateusz Guzik
2025-04-16 14:14 ` Christian Brauner
2025-04-22 10:37 ` Jan Kara
2025-04-22 13:33 ` Mateusz Guzik
2025-04-22 14:05 ` Christian Brauner
2025-04-16 13:17 ` [PATCH RFC 2/3] mnt_idmapping: add struct mnt_idmap to header Christian Brauner
2025-04-16 13:17 ` [PATCH RFC 3/3] mnt_idmapping: inline all low-level helpers Christian Brauner
2025-04-16 15:04 ` Linus Torvalds
2025-04-22 9:28 ` Christian Brauner
2025-04-12 21:52 ` generic_permission() optimization Theodore Ts'o
2025-04-12 22:36 ` Linus Torvalds
2025-04-12 23:12 ` Linus Torvalds
2025-04-12 23:55 ` Theodore Ts'o
2025-04-13 9:41 ` Mateusz Guzik
2025-04-13 12:40 ` Theodore Ts'o
2025-04-13 12:52 ` Mateusz Guzik
2025-04-13 17:29 ` Theodore Ts'o
2025-11-05 11:50 ` Mateusz Guzik
2025-11-05 11:51 ` Mateusz Guzik
2025-11-05 13:37 ` Jan Kara
2025-11-17 11:42 ` Mateusz Guzik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAGudoHGxr5gYb0JqPqF_J0MoSAb_qqoF4gaJMEdOhp51yobbLw@mail.gmail.com \
--to=mjguzik@gmail.com \
--cc=brauner@kernel.org \
--cc=jack@suse.cz \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).