On Wed, Oct 22, 2025 at 8:36 AM Ricardo Robaina <[email protected]> wrote: > > Whenever there's audit context, __audit_inode_child() gets called > numerous times, which can lead to high latency in scenarios that > create too many sysfs/debugfs entries at once, for instance, upon > device_add_disk() invocation. > > # uname -r > 6.17.0-rc3+ > > # auditctl -a always,exit -F path=/tmp -k foo > # time insmod loop max_loop=1000 > real 0m42.753s > user 0m0.000s > sys 0m42.494s > > # perf record -a insmod loop max_loop=1000 > # perf report --stdio |grep __audit_inode_child > 37.95% insmod [kernel.kallsyms] [k] __audit_inode_child > > __audit_inode_child() searches for both the parent and the child > in two different loops that iterate over the same list. This > process can be optimized by merging these into a single loop, > without changing the function behavior or affecting the code's > readability. > > This patch merges the two loops that walk through the list > context->names_list into a single loop. This optimization resulted > in around 54% performance enhancement for the benchmark. > > # uname -r > 6.17.0-rc3+-enhanced > > # auditctl -a always,exit -F path=/tmp -k foo > # time insmod loop max_loop=1000 > real 0m19.388s > user 0m0.000s > sys 0m19.149s
I couldn't help but notice that these numbers look *exactly* the same as the v1 patch numbers ... ;) Assuming the rest of the patch looks okay (I suspect it will), there is no need to re-spin the patch, but if there are different numbers you want me to use I can update the commit description when I merge the patch. > Signed-off-by: Ricardo Robaina <[email protected]> > --- > kernel/auditsc.c | 39 +++++++++++++++++---------------------- > 1 file changed, 17 insertions(+), 22 deletions(-) -- paul-moore.com
