diff options
author | Jeffle Xu <jefflexu@linux.alibaba.com> | 2020-04-23 19:06:55 +0800 |
---|---|---|
committer | Miklos Szeredi <mszeredi@redhat.com> | 2020-05-13 11:11:24 +0200 |
commit | 654255fa205cb2b010e9abb34b0c8afcca9c78c7 (patch) | |
tree | 5a4b19c3b27e1a9885fcaf51536b5564345daf98 /fs/overlayfs | |
parent | 32b1924b210a70dcacdf65abd687c5ef86a67541 (diff) | |
download | lwn-654255fa205cb2b010e9abb34b0c8afcca9c78c7.tar.gz lwn-654255fa205cb2b010e9abb34b0c8afcca9c78c7.zip |
ovl: inherit SB_NOSEC flag from upperdir
Since the stacking of regular file operations [1], the overlayfs edition of
write_iter() is called when writing regular files.
Since then, xattr lookup is needed on every write since file_remove_privs()
is called from ovl_write_iter(), which would become the performance
bottleneck when writing small chunks of data. In my test case,
file_remove_privs() would consume ~15% CPU when running fstime of unixbench
(the workload is repeadly writing 1 KB to the same file) [2].
Inherit the SB_NOSEC flag from upperdir. Since then xattr lookup would be
done only once on the first write. Unixbench fstime gets a ~20% performance
gain with this patch.
[1] https://lore.kernel.org/lkml/20180606150905.GC9426@magnolia/T/
[2] https://www.spinics.net/lists/linux-unionfs/msg07153.html
Signed-off-by: Jeffle Xu <jefflexu@linux.alibaba.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Diffstat (limited to 'fs/overlayfs')
-rw-r--r-- | fs/overlayfs/super.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c index f57aa348dcd6..af69f41f564d 100644 --- a/fs/overlayfs/super.c +++ b/fs/overlayfs/super.c @@ -1100,6 +1100,18 @@ static int ovl_get_upper(struct super_block *sb, struct ovl_fs *ofs, upper_mnt->mnt_flags &= ~(MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME); ofs->upper_mnt = upper_mnt; + /* + * Inherit SB_NOSEC flag from upperdir. + * + * This optimization changes behavior when a security related attribute + * (suid/sgid/security.*) is changed on an underlying layer. This is + * okay because we don't yet have guarantees in that case, but it will + * need careful treatment once we want to honour changes to underlying + * filesystems. + */ + if (upper_mnt->mnt_sb->s_flags & SB_NOSEC) + sb->s_flags |= SB_NOSEC; + if (ovl_inuse_trylock(ofs->upper_mnt->mnt_root)) { ofs->upperdir_locked = true; } else { |