Details
-
Bug
-
Resolution: Fixed
-
Major
-
None
-
3
-
9223372036854775807
Description
On Centos7, selinux_is_enabled() was used to prevent this but on RHEL8 this interface disappears (on 5.1 kernel):
static int ll_xattr_get_common() ... /* LU-549: Disable security.selinux when selinux is disabled */ if (handler->flags == XATTR_SECURITY_T && !selinux_is_enabled() && !strcmp(name, "selinux")) RETURN(-EOPNOTSUPP);
The patch https://review.whamcloud.com/38480 "LU-12355 llite: include file linux/selinux.h removed" was submitted to add the compatibility to 5.1 kernel. But it considers selinux enabled if "selinux_is_enabled" is not found.
So on RHEL8 with selinux disabled, we send unneeded RPCs on the MDS to retrieved security.selinux xattr. This has performance issues.
Here the behavior with "ls":
Centos 7 :
getenforce 0
Disabled
strace -e getxattr,lgetxattr ls -lda “directory”
lgetxattr("directory", "security.selinux", 0x1096100, 255) = -1 EOPNOTSUPP (Operation not supported)
getxattr("directory", "system.posix_acl_access", NULL, 0) = -1 ENODATA (No data available)
getxattr("directory", "system.posix_acl_default", NULL, 0) = -1 ENODATA (No data available)
Centos 8 :
getenforce 0
Disabled
lgetxattr("directory", "security.selinux", 0x1096100, 255) = -1 ENODATA (No data available)
getxattr("directory", "system.posix_acl_access", NULL, 0) = -1 ENODATA (No data available)
getxattr("directory", "system.posix_acl_default", NULL, 0) = -1 ENODATA (No data available)
Here the "perf report" diff on getfattr:
Centos 7 : + 10.59% 0.00% getfattr libc-2.17.so [.] __GI___lxstat64 (inlined) + 10.59% 0.00% getfattr [kernel.vmlinux] [k] system_call + 10.59% 0.00% getfattr [kernel.vmlinux] [k] sys_newlstat + 10.59% 0.00% getfattr [kernel.vmlinux] [k] SYSC_newlstat + 10.59% 0.00% getfattr [kernel.vmlinux] [k] vfs_fstatat + 10.59% 0.00% getfattr [kernel.vmlinux] [k] user_path_at + 10.59% 0.00% getfattr [kernel.vmlinux] [k] user_path_at_empty + 10.59% 0.00% getfattr [kernel.vmlinux] [k] filename_lookup + 10.59% 0.00% getfattr [kernel.vmlinux] [k] path_lookupat + 10.59% 0.00% getfattr [kernel.vmlinux] [k] link_path_walk + 10.59% 0.00% getfattr [kernel.vmlinux] [k] inode_permission + 10.59% 0.00% getfattr [kernel.vmlinux] [k] __inode_permission + 10.59% 0.00% getfattr [lustre] [k] ll_inode_permission + 10.59% 0.00% getfattr [lustre] [k] ll_inode_revalidate + 10.59% 0.00% getfattr [lmv] [k] lmv_intent_lock Centos 8 : + 15.74% 0.00% getfattr libc-2.28.so [.] __GI_getxattr (inlined) + 15.74% 0.00% getfattr [kernel.kallsyms] [k] path_getxattr + 15.74% 0.00% getfattr [kernel.kallsyms] [k] getxattr + 15.74% 0.00% getfattr [kernel.kallsyms] [k] vfs_getxattr + 15.74% 0.00% getfattr [kernel.kallsyms] [k] __vfs_getxattr + 15.74% 0.00% getfattr [kernel.kallsyms] [k] ll_xattr_get_common + 15.74% 0.00% getfattr [kernel.kallsyms] [k] ll_xattr_list + 15.74% 0.00% getfattr [kernel.kallsyms] [k] lmv_getxattr + 15.74% 0.00% getfattr [kernel.kallsyms] [k] mdc_getxattr + 15.74% 0.00% getfattr [kernel.kallsyms] [k] mdc_xattr_common <---------- + 15.74% 0.00% getfattr [kernel.kallsyms] [k] ptlrpc_queue_wait + 15.74% 0.00% getfattr [kernel.kallsyms] [k] ptlrpc_set_wait + 15.74% 0.00% getfattr [kernel.kallsyms] [k] ptlrpc_check_set.part