I'm sanity-checking perf in various microbenchmarks and I found apparmor to be the main bottleneck in some of them.
For example: will-it-scale open1_processes -t 16, top of the profile: 20.17% [kernel] [k] apparmor_file_alloc_security 20.08% [kernel] [k] apparmor_file_open 20.05% [kernel] [k] apparmor_file_free_security 18.39% [kernel] [k] apparmor_current_getsecid_subj [snip] This serializes on refing/unrefing apparmor objs, sounds like a great candidate for per-cpu refcounting instead (I'm assuming they are expected to be long-lived). I would hack it up myself, but I failed to find a clear spot to switch back from per-cpu to centalized operation and don't want to put serious effort into it. Can you sort this out? Thanks, -- Mateusz Guzik <mjguzik gmail.com>
