On Fri, 2018-01-26 at 15:32 +0100, peter.enderborg@xxxxxxxx wrote: > Holding the preempt_disable is very bad for low latency tasks > as audio and therefore we need to break out the rule-set dependent > part from this disable. By using a RCU instead of rwlock we > have an efficient locking and less preemption interference. NB: rcu_read_lock() may disable preemption as well if CONFIG_PREEMPT_COUNT=y. I assume you aren't concerned with that configuration? > > Selinux uses a lot of read_locks. This patch replaces the rwlock > with RCY that does not hold preempt_disable. > > Intel Xeon W3520 2.67 Ghz running FC27 with 4.15.0-rc9git > (+measurement) > I get preempt_disable in worst case for 1.2ms in > security_compute_av(). > With the patch I get 960us as the longest security_compute_av() > without preempt disabeld. It very much noise in the measurement > but it is not likely a degrade. > > And the preempt_disable times is also very dependent on the selinux > rule-set. > > In security_get_user_sids() we have two nested for-loops and the > inner part calls sittab_context_to_sid() that calls > sidtab_search_context() that has a for loop() over a while() where > the loops is dependent on the rules. > > On the test system the average lookup time is 60us and does > not change with the RCU usage. > > To use RCU the structure of policydb has to be accesses through a > pointer. > We need 4 patches to get there. > > [PATCH v2 1/5] selinux:Remove direct references to policydb. > We remove direct references and pass it through function arguments. > > [PATCH v2 2/5] selinux: Move policydb to pointer structure > Move the policydb to dynamic allocated structure. > > [PATCH v2 3/5] selinux: Move sidtab to pointer structure > Same as for policydb but for sidtab. They are closly related > and should be switched at the same time. > > [PATCH v2 4/5] selinux: Use pointer to switch policydb and sidtab > Now we can switch rules by switching pointers. > > [PATCH v2 5/5] selinux: Switch locking to RCU. > We are now ready to use RCU. > > History: V1 rwsem >
