On 9/19/2024 12:16 PM, Linus Torvalds wrote: > On Thu, 19 Sept 2024 at 00:44, Neeraj Upadhyay <Neeraj.Upadhyay@xxxxxxx> wrote: >> >> While we were working on this problem, this refcount scalability issue got >> resolved recently with conditional ref acquisition [3] (however, there are new >> developments in apparmor code which might bring back the refcount problem [4]). > > Honestly, the various security layers should be a whole lot more > careful about their horrid performance issues, and I think that [4] > you point at needs to just be headed off at the pass. > > No more "the security layer is so bad at performance that we have to > introduce new ref mechanisms", please. Let's push back on bad security > layer code instead. > Ok got it. Thanks for your feedback! I had tried using percpu refcount first (in place of kref) in AppArmor. However, that required managing the last reference drop (implemented in [1] and [2]). Mateusz has shared some ideas in his reply to this thread. Maybe that is a workable solution. Will defer to John on this as I have limited understanding of the cred management code. - Neeraj > Linus
