On Tue, Feb 23, 2021 at 10:05:56AM +1100, Dave Chinner wrote: > From: Dave Chinner <dchinner@xxxxxxxxxx> > > When we allocate a new inode, we often need to add an attribute to > the inode as part of the create. This can happen as a result of > needing to add default ACLs or security labels before the inode is > made visible to userspace. > > This is highly inefficient right now. We do the create transaction > to allocate the inode, then we do an "add attr fork" transaction to > modify the just created empty inode to set the inode fork offset to > allow attributes to be stored, then we go and do the attribute > creation. > > This means 3 transactions instead of 1 to allocate an inode, and > this greatly increases the load on the CIL commit code, resulting in > excessive contention on the CIL spin locks and performance > degradation: > > 18.99% [kernel] [k] __pv_queued_spin_lock_slowpath > 3.57% [kernel] [k] do_raw_spin_lock > 2.51% [kernel] [k] __raw_callee_save___pv_queued_spin_unlock > 2.48% [kernel] [k] memcpy > 2.34% [kernel] [k] xfs_log_commit_cil > > The typical profile resulting from running fsmark on a selinux enabled > filesytem is adds this overhead to the create path: > > - 15.30% xfs_init_security > - 15.23% security_inode_init_security > - 13.05% xfs_initxattrs > - 12.94% xfs_attr_set > - 6.75% xfs_bmap_add_attrfork > - 5.51% xfs_trans_commit > - 5.48% __xfs_trans_commit > - 5.35% xfs_log_commit_cil > - 3.86% _raw_spin_lock > - do_raw_spin_lock > __pv_queued_spin_lock_slowpath > - 0.70% xfs_trans_alloc > 0.52% xfs_trans_reserve > - 5.41% xfs_attr_set_args > - 5.39% xfs_attr_set_shortform.constprop.0 > - 4.46% xfs_trans_commit > - 4.46% __xfs_trans_commit > - 4.33% xfs_log_commit_cil > - 2.74% _raw_spin_lock > - do_raw_spin_lock > __pv_queued_spin_lock_slowpath > 0.60% xfs_inode_item_format > 0.90% xfs_attr_try_sf_addname > - 1.99% selinux_inode_init_security > - 1.02% security_sid_to_context_force > - 1.00% security_sid_to_context_core > - 0.92% sidtab_entry_to_string > - 0.90% sidtab_sid2str_get > 0.59% sidtab_sid2str_put.part.0 > - 0.82% selinux_determine_inode_label > - 0.77% security_transition_sid > 0.70% security_compute_sid.part.0 > > And fsmark creation rate performance drops by ~25%. The key point to > note here is that half the additional overhead comes from adding the > attribute fork to the newly created inode. That's crazy, considering > we can do this same thing at inode create time with a couple of > lines of code and no extra overhead. > > So, if we know we are going to add an attribute immediately after > creating the inode, let's just initialise the attribute fork inside > the create transaction and chop that whole chunk of code out of > the create fast path. This completely removes the performance > drop caused by enabling SELinux, and the profile looks like: > > - 8.99% xfs_init_security > - 9.00% security_inode_init_security > - 6.43% xfs_initxattrs > - 6.37% xfs_attr_set > - 5.45% xfs_attr_set_args > - 5.42% xfs_attr_set_shortform.constprop.0 > - 4.51% xfs_trans_commit > - 4.54% __xfs_trans_commit > - 4.59% xfs_log_commit_cil > - 2.67% _raw_spin_lock > - 3.28% do_raw_spin_lock > 3.08% __pv_queued_spin_lock_slowpath > 0.66% xfs_inode_item_format > - 0.90% xfs_attr_try_sf_addname > - 0.60% xfs_trans_alloc > - 2.35% selinux_inode_init_security > - 1.25% security_sid_to_context_force > - 1.21% security_sid_to_context_core > - 1.19% sidtab_entry_to_string > - 1.20% sidtab_sid2str_get > - 0.86% sidtab_sid2str_put.part.0 > - 0.62% _raw_spin_lock_irqsave > - 0.77% do_raw_spin_lock > __pv_queued_spin_lock_slowpath > - 0.84% selinux_determine_inode_label > - 0.83% security_transition_sid > 0.86% security_compute_sid.part.0 > > Which indicates the XFS overhead of creating the selinux xattr has > been halved. This doesn't fix the CIL lock contention problem, just > means it's not a limiting factor for this workload. Lock contention > in the security subsystems is going to be an issue soon, though... > > Signed-off-by: Dave Chinner <dchinner@xxxxxxxxxx> > --- > Version 2: > - extend use of xfs_ifork_alloc() helper > - formalise "size == 0" behaviour of xfs_bmap_set_attrforkoff() to > mean "use default offset" > - use xfs_bmap_set_attrforkoff() from xfs_init_new_inode() > - add xfs_create_need_xattr() helper function to decide if we should > init the attr fork during create and document why we are peaking > at superblock security gubbins to make that decision. > > fs/xfs/libxfs/xfs_bmap.c | 19 ++++++++++++++----- > fs/xfs/libxfs/xfs_inode_fork.c | 20 +++++++++++++++----- > fs/xfs/libxfs/xfs_inode_fork.h | 2 ++ > fs/xfs/xfs_inode.c | 23 ++++++++++++++++++++--- > fs/xfs/xfs_inode.h | 5 +++-- > fs/xfs/xfs_iops.c | 35 ++++++++++++++++++++++++++++++++++- > fs/xfs/xfs_qm.c | 2 +- > fs/xfs/xfs_symlink.c | 2 +- > 8 files changed, 90 insertions(+), 18 deletions(-) > > diff --git a/fs/xfs/libxfs/xfs_bmap.c b/fs/xfs/libxfs/xfs_bmap.c > index e0905ad171f0..f7bcb0dfa15f 100644 > --- a/fs/xfs/libxfs/xfs_bmap.c > +++ b/fs/xfs/libxfs/xfs_bmap.c > @@ -1027,7 +1027,14 @@ xfs_bmap_add_attrfork_local( > return -EFSCORRUPTED; > } > > -/* Set an inode attr fork off based on the format */ > +/* > + * Set an inode attr fork offset based on the format of the data fork. > + * > + * If a size of zero is passed in, then caller does not know the size of > + * the attribute that might be added (i.e. pre-emptive attr fork creation). > + * Hence in this case just set the fork offset to the default so that we don't > + * need to modify the supported attr format in the superblock. Urk. Echoing what I said in my other reply... this function is for callers that already know what size they want for an xattr. Having a parameter with a magic value for the one caller that doesn't know makes this function harder to figure out. > + */ > int > xfs_bmap_set_attrforkoff( > struct xfs_inode *ip, > @@ -1041,6 +1048,11 @@ xfs_bmap_set_attrforkoff( > case XFS_DINODE_FMT_LOCAL: > case XFS_DINODE_FMT_EXTENTS: > case XFS_DINODE_FMT_BTREE: > + if (size == 0) { > + ASSERT(!version); > + ip->i_d.di_forkoff = xfs_default_attroffset(ip) >> 3; > + break; > + } > ip->i_d.di_forkoff = xfs_attr_shortform_bytesfit(ip, size); > if (!ip->i_d.di_forkoff) > ip->i_d.di_forkoff = xfs_default_attroffset(ip) >> 3; > @@ -1092,10 +1104,7 @@ xfs_bmap_add_attrfork( > goto trans_cancel; > ASSERT(ip->i_afp == NULL); > > - ip->i_afp = kmem_cache_zalloc(xfs_ifork_zone, > - GFP_KERNEL | __GFP_NOFAIL); > - > - ip->i_afp->if_format = XFS_DINODE_FMT_EXTENTS; > + ip->i_afp = xfs_ifork_alloc(XFS_DINODE_FMT_EXTENTS, 0); > ip->i_afp->if_flags = XFS_IFEXTENTS; > logflags = 0; > switch (ip->i_df.if_format) { > diff --git a/fs/xfs/libxfs/xfs_inode_fork.c b/fs/xfs/libxfs/xfs_inode_fork.c > index e080d7e07643..c606c1a77e5a 100644 > --- a/fs/xfs/libxfs/xfs_inode_fork.c > +++ b/fs/xfs/libxfs/xfs_inode_fork.c > @@ -282,6 +282,19 @@ xfs_dfork_attr_shortform_size( > return be16_to_cpu(atp->hdr.totsize); > } > > +struct xfs_ifork * > +xfs_ifork_alloc( > + enum xfs_dinode_fmt format, > + xfs_extnum_t nextents) > +{ > + struct xfs_ifork *ifp; > + > + ifp = kmem_cache_zalloc(xfs_ifork_zone, GFP_NOFS | __GFP_NOFAIL); > + ifp->if_format = format; > + ifp->if_nextents = nextents; > + return ifp; > +} > + > int > xfs_iformat_attr_fork( > struct xfs_inode *ip, > @@ -293,11 +306,8 @@ xfs_iformat_attr_fork( > * Initialize the extent count early, as the per-format routines may > * depend on it. > */ > - ip->i_afp = kmem_cache_zalloc(xfs_ifork_zone, GFP_NOFS | __GFP_NOFAIL); > - ip->i_afp->if_format = dip->di_aformat; > - if (unlikely(ip->i_afp->if_format == 0)) /* pre IRIX 6.2 file system */ > - ip->i_afp->if_format = XFS_DINODE_FMT_EXTENTS; > - ip->i_afp->if_nextents = be16_to_cpu(dip->di_anextents); > + ip->i_afp = xfs_ifork_alloc(dip->di_aformat, > + be16_to_cpu(dip->di_anextents)); > > switch (ip->i_afp->if_format) { > case XFS_DINODE_FMT_LOCAL: > diff --git a/fs/xfs/libxfs/xfs_inode_fork.h b/fs/xfs/libxfs/xfs_inode_fork.h > index 9e2137cd7372..a0717ab0e5c5 100644 > --- a/fs/xfs/libxfs/xfs_inode_fork.h > +++ b/fs/xfs/libxfs/xfs_inode_fork.h > @@ -141,6 +141,8 @@ static inline int8_t xfs_ifork_format(struct xfs_ifork *ifp) > return ifp->if_format; > } > > +struct xfs_ifork *xfs_ifork_alloc(enum xfs_dinode_fmt format, > + xfs_extnum_t nextents); > struct xfs_ifork *xfs_iext_state_to_fork(struct xfs_inode *ip, int state); > > int xfs_iformat_data_fork(struct xfs_inode *, struct xfs_dinode *); > diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c > index 636ac13b1df2..95e3a5e6e5e2 100644 > --- a/fs/xfs/xfs_inode.c > +++ b/fs/xfs/xfs_inode.c > @@ -773,6 +773,7 @@ xfs_init_new_inode( > xfs_nlink_t nlink, > dev_t rdev, > prid_t prid, > + bool init_xattrs, > struct xfs_inode **ipp) > { > struct inode *dir = pip ? VFS_I(pip) : NULL; > @@ -875,6 +876,18 @@ xfs_init_new_inode( > ASSERT(0); > } > > + /* > + * If we need to create attributes immediately after allocating the > + * inode, initialise an empty attribute fork right now. We use the > + * default fork offset for attributes here as we don't know exactly what > + * size or how many attributes we might be adding. We can do this safely > + * here because we know the data fork is completely empty right now. Might be worth mentioning that we're doing this to save a transaction. > + */ > + if (init_xattrs) { > + xfs_bmap_set_attrforkoff(ip, 0, NULL); > + ip->i_afp = xfs_ifork_alloc(XFS_DINODE_FMT_EXTENTS, 0); > + } > + > /* > * Log the new values stuffed into the inode. > */ > @@ -907,6 +920,7 @@ xfs_dir_ialloc( > xfs_nlink_t nlink, > dev_t rdev, > prid_t prid, > + bool init_xattrs, > struct xfs_inode **ipp) > { > struct xfs_buf *agibp; > @@ -933,7 +947,8 @@ xfs_dir_ialloc( > return error; > ASSERT(ino != NULLFSINO); > > - return xfs_init_new_inode(*tpp, dp, ino, mode, nlink, rdev, prid, ipp); > + return xfs_init_new_inode(*tpp, dp, ino, mode, nlink, rdev, prid, > + init_xattrs, ipp); > } > > /* > @@ -977,6 +992,7 @@ xfs_create( > struct xfs_name *name, > umode_t mode, > dev_t rdev, > + bool init_xattrs, > xfs_inode_t **ipp) > { > int is_dir = S_ISDIR(mode); > @@ -1046,7 +1062,8 @@ xfs_create( > * entry pointing to them, but a directory also the "." entry > * pointing to itself. > */ > - error = xfs_dir_ialloc(&tp, dp, mode, is_dir ? 2 : 1, rdev, prid, &ip); > + error = xfs_dir_ialloc(&tp, dp, mode, is_dir ? 2 : 1, rdev, prid, > + init_xattrs, &ip); > if (error) > goto out_trans_cancel; > > @@ -1164,7 +1181,7 @@ xfs_create_tmpfile( > if (error) > goto out_release_dquots; > > - error = xfs_dir_ialloc(&tp, dp, mode, 0, 0, prid, &ip); > + error = xfs_dir_ialloc(&tp, dp, mode, 0, 0, prid, false, &ip); > if (error) > goto out_trans_cancel; > > diff --git a/fs/xfs/xfs_inode.h b/fs/xfs/xfs_inode.h > index eca333f5f715..4d3caff2a24a 100644 > --- a/fs/xfs/xfs_inode.h > +++ b/fs/xfs/xfs_inode.h > @@ -370,7 +370,8 @@ void xfs_inactive(struct xfs_inode *ip); > int xfs_lookup(struct xfs_inode *dp, struct xfs_name *name, > struct xfs_inode **ipp, struct xfs_name *ci_name); > int xfs_create(struct xfs_inode *dp, struct xfs_name *name, > - umode_t mode, dev_t rdev, struct xfs_inode **ipp); > + umode_t mode, dev_t rdev, bool need_xattr, > + struct xfs_inode **ipp); > int xfs_create_tmpfile(struct xfs_inode *dp, umode_t mode, > struct xfs_inode **ipp); > int xfs_remove(struct xfs_inode *dp, struct xfs_name *name, > @@ -408,7 +409,7 @@ xfs_extlen_t xfs_get_extsz_hint(struct xfs_inode *ip); > xfs_extlen_t xfs_get_cowextsz_hint(struct xfs_inode *ip); > > int xfs_dir_ialloc(struct xfs_trans **tpp, struct xfs_inode *dp, umode_t mode, > - xfs_nlink_t nlink, dev_t dev, prid_t prid, > + xfs_nlink_t nlink, dev_t dev, prid_t prid, bool need_xattr, > struct xfs_inode **ipp); > > static inline int > diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c > index 00369502fe25..5984760e8a64 100644 > --- a/fs/xfs/xfs_iops.c > +++ b/fs/xfs/xfs_iops.c > @@ -126,6 +126,37 @@ xfs_cleanup_inode( > xfs_remove(XFS_I(dir), &teardown, XFS_I(inode)); > } > > +/* > + * Check to see if we are likely to need an extended attribute to be added to > + * the inode we are about to allocate. This allows the attribute fork to be > + * created during the inode allocation, reducing the number of transactions we > + * need to do in this fast path. > + * > + * The security checks are optimistic, but not guaranteed. The two LSMs that > + * require xattrs to be added here (selinux and smack) are also the only two > + * LSMs that add a sb->s_security structure to the superblock. Hence if security > + * is enabled and sb->s_security is set, we have a pretty good idea that we are > + * going to be asked to add a security xattr immediately after allocating the > + * xfs inode and instantiating the VFS inode. > + */ > +static inline bool > +xfs_create_need_xattr( > + struct inode *dir, > + struct posix_acl *default_acl, > + struct posix_acl *acl) > +{ > + if (acl) > + return true; > + if (default_acl) > + return true; > + if (!IS_ENABLED(CONFIG_SECURITY)) > + return false; > + if (dir->i_sb->s_security) > + return true; > + return false; > +} > + > + > STATIC int > xfs_generic_create( > struct inode *dir, > @@ -161,7 +192,9 @@ xfs_generic_create( > goto out_free_acl; > > if (!tmpfile) { > - error = xfs_create(XFS_I(dir), &name, mode, rdev, &ip); > + error = xfs_create(XFS_I(dir), &name, mode, rdev, > + xfs_create_need_xattr(dir, default_acl, acl), > + &ip); > } else { > error = xfs_create_tmpfile(XFS_I(dir), mode, &ip); Same question as last time: Do selinux or smack want to set xattr-based security labels on tempfiles too? --D > } > diff --git a/fs/xfs/xfs_qm.c b/fs/xfs/xfs_qm.c > index 742d1413e2d0..262ea047cb4f 100644 > --- a/fs/xfs/xfs_qm.c > +++ b/fs/xfs/xfs_qm.c > @@ -787,7 +787,7 @@ xfs_qm_qino_alloc( > return error; > > if (need_alloc) { > - error = xfs_dir_ialloc(&tp, NULL, S_IFREG, 1, 0, 0, ipp); > + error = xfs_dir_ialloc(&tp, NULL, S_IFREG, 1, 0, 0, false, ipp); > if (error) { > xfs_trans_cancel(tp); > return error; > diff --git a/fs/xfs/xfs_symlink.c b/fs/xfs/xfs_symlink.c > index 8565663b16cd..ab42f6e0d26e 100644 > --- a/fs/xfs/xfs_symlink.c > +++ b/fs/xfs/xfs_symlink.c > @@ -222,7 +222,7 @@ xfs_symlink( > * Allocate an inode for the symlink. > */ > error = xfs_dir_ialloc(&tp, dp, S_IFLNK | (mode & ~S_IFMT), 1, 0, > - prid, &ip); > + prid, false, &ip); > if (error) > goto out_trans_cancel; >