It seems that MS_NOSEC flag would be problematic for network filesystems.
@Amir, would you please give some suggestions on if this would break the
permission control down when 'NFS export' feature enabled ?
On 4/23/20 2:57 PM, Jeffle Xu wrote:
Since the stacking of regular file operations [1], the overlayfs
edition of write_iter() is called when writing regular files.
Since then, xattr lookup is needed on every write since file_remove_privs()
is called from ovl_write_iter(), which would become the performance
bottleneck when writing small chunks of data. In my test case,
file_remove_privs() would consume ~15% CPU when running fstime of
unixbench (the workload is repeadly writing 1 KB to the same file) [2].
Set the MS_NOSEC flag for overlayfs superblock. Since then xattr lookup
would be done only once on the first write. Unixbench fstime gets a ~20%
performance gain with this patch.
[1] https://lore.kernel.org/lkml/20180606150905.GC9426@magnolia/T/
[2] https://www.spinics.net/lists/linux-unionfs/msg07153.html
Signed-off-by: Jeffle Xu <jefflexu@xxxxxxxxxxxxxxxxx>
---
fs/overlayfs/super.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index 732ad54..0b047ce 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -1817,7 +1817,7 @@ static int ovl_fill_super(struct super_block *sb, void *data, int silent)
sb->s_magic = OVERLAYFS_SUPER_MAGIC;
sb->s_xattr = ovl_xattr_handlers;
sb->s_fs_info = ofs;
- sb->s_flags |= SB_POSIXACL;
+ sb->s_flags |= (SB_POSIXACL | SB_NOSEC);
err = -ENOMEM;
root_dentry = ovl_get_root(sb, upperpath.dentry, oe);
