Hi, I want to enable SB_NOSEC in fuse in some form so that performance of small random writes can be improved. As of now, we call file_remove_privs(), which results in fuse always sending getxattr(security.capability) to server to figure out if security.capability has been set on file or not. If it has been set, it needs to be cleared. This slows down small random writes tremendously. I posted couple of proposals in the past here. Proposal 1: https://lore.kernel.org/linux-fsdevel/20200716144032.GC422759@xxxxxxxxxx/ Proposal 2: https://lore.kernel.org/linux-fsdevel/20200724183812.19573-1-vgoyal@xxxxxxxxxx/ This is 3rd proposal now. One of the roadblocks in enabling SB_NOSEC is shared filesystem. It is possible that another client modified the file data and this client does not know about it. So we might regress if we don't fetch security.capability always. So looks like this needs to be handled different for shared filesystems and non-shared filesystems. non-shared filesystems will be more like local filesystems where fuse does not expect file data/metadata to change outside the fuse. And we should be able to enable SB_NOSEC optimization. This is what this proposal does. It does not handle the case of shared filesystems. I believe solution to that will depend on filesystem based on what's the cache coherency guarantees filesystem provides and what's the cache invalidation mechanism it uses. For now, all filesystems which are not shared can benefit from this optimization. I am interested in virtiofs which is not shared in many of the cases. In fact we don't even support shared mode yet. Any comments or feedback is welcome. Thanks Vivek Vivek Goyal (2): fuse: Add a flag FUSE_NONSHARED_FS fuse: Enable SB_NOSEC if filesystem is not shared fs/fuse/fuse_i.h | 3 +++ fs/fuse/inode.c | 12 +++++++++++- include/uapi/linux/fuse.h | 4 ++++ 3 files changed, 18 insertions(+), 1 deletion(-) -- 2.25.4
