This changes the algorithm used by apparmor to compress profile data
from zlib to zstd, using the new zstd API introduced in 5.16.
Zstd provides a larger range of compression levels than zlib and
significantly better performance at the default level (for a relatively
small increase in compressed size).
At the default compression levels, zstd's execution time was 16% that
of zlib with a size of 111%. At maximum compression levels, zstd's
execution time was 187% that of zlib with a size of 88%. This gives
users options for either improving performance or decreasing memory
usage over zlib.
Performance testing was done in the kernel against the default set of
profiles loaded by a fresh install of Ubuntu 22.04 desktop.
v2: Patch review changes
- Reallocate output buffer to the compressed size
- Add sysfs files to expose min/max values for
raw_data_compression_level
Jon Tourville (2):
apparmor: use zstd compression for profile data
apparmor: expose compression level limits in sysfs
security/apparmor/Kconfig | 4 +-
security/apparmor/apparmorfs.c | 89 ++++++++++++++----------
security/apparmor/lsm.c | 10 +--
security/apparmor/policy_unpack.c | 109 ++++++++++++++----------------
4 files changed, 109 insertions(+), 103 deletions(-)
--
2.34.1
