From patchwork Wed Aug 31 06:36:03 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ashish Sangwan <ashishsangwan2@gmail.com>
X-Patchwork-Id: 9306393
Return-Path: <linux-fsdevel-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	24E1760487 for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Wed, 31 Aug 2016 06:36:40 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1592128DE4
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Wed, 31 Aug 2016 06:36:40 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 09BDC28DF9; Wed, 31 Aug 2016 06:36:40 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-5.8 required=2.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM,
	T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9251928DE4
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Wed, 31 Aug 2016 06:36:39 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1756532AbcHaGgc (ORCPT
	<rfc822;patchwork-linux-fsdevel@patchwork.kernel.org>);
	Wed, 31 Aug 2016 02:36:32 -0400
Received: from mail-pf0-f195.google.com ([209.85.192.195]:36251 "EHLO
	mail-pf0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751264AbcHaGga (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Wed, 31 Aug 2016 02:36:30 -0400
Received: by mail-pf0-f195.google.com with SMTP id y134so2229377pfg.3
	for <linux-fsdevel@vger.kernel.org>;
	Tue, 30 Aug 2016 23:36:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=from:to:cc:subject:date:message-id;
	bh=eX2paAHPsQNstNDhr+qWEg5aHxvNbdVuNP7npnbEWeI=;
	b=ZKXgfwq9Yx3JgOAe2GX9OvDbdJ0ORAEzaLGh1Hn4rMlU2S7BvukLEVjlj9hDvB+fbd
	3wahMN7diRw+vL8THXt4FJa0JcL9AY15BU+URT24++m0j0SP9b2Mzv9o6aOfhWIaGLIM
	ynnqeCDt0WheV99djciAnyNAouHVJoDAvenfqqj1jf1xpOXoTMefBzI09xGYmyyzJwai
	aov0NumtbZBscFcF2PwM8rwWihJTg84ORPRaNN5FkKw+Bnu7++5Hr1RBT7mvQBCJzF43
	kCYSbxNqe4q9jyD8YL5nZD03bKuy6IlC0tKemwlPPzRbg847t0LaAXSPE1tcIR4T9e6Y
	8ayg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=eX2paAHPsQNstNDhr+qWEg5aHxvNbdVuNP7npnbEWeI=;
	b=byWb3EO1noY1y4kQ1ZXBp+zcICVmClhmpkLdaYQk530V5JMq5Eot3v6RfkF9eJwAPP
	NO6aMSs6XCe3JVZPzzuoUYQ/zu9xj9BZlm5C4Vb3LjfrqO1SRwpCZMrj5zAguH6hgYzt
	mpJtde74w/8PlaVC0WOm9xLZRlWWRsdZj4FnmkvS3prvJ4+T21YniuGhQMlcTa4GI4AY
	94/D0UgKObugUdvtILBYKEaIo7k5lzBrPE+EV+7/A+wRAxPbOMGGyZWIsCKTS8NzTDgT
	yfrssHA8DT8Zz/n6V70lXZekNPz7Es3zgTSbNo6+kkksSnnzkIEsJZWaMV45SBEOshCL
	pFLQ==
X-Gm-Message-State: 
 AE9vXwMCcRbJDn69Y+WoscHrdIkui+AVh7HqDSUqlqqG4Dn3lxoTdALeT6ZvrmVKgHZANg==
X-Received: by 10.98.31.219 with SMTP id l88mr13852530pfj.155.1472625383974;
	Tue, 30 Aug 2016 23:36:23 -0700 (PDT)
Received: from ashish-pc.corp.maprtech.com ([14.142.27.186])
	by smtp.gmail.com with ESMTPSA id
	n80sm61829497pfi.19.2016.08.30.23.36.21
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Tue, 30 Aug 2016 23:36:22 -0700 (PDT)
From: Ashish Sangwan <ashishsangwan2@gmail.com>
To: Miklos Szeredi <miklos@szeredi.hu>, Nikolaus Rath <Nikolaus@rath.org>
Cc: fuse-devel@lists.sourceforge.net, linux-fsdevel@vger.kernel.org,
	Ashish Sangwan <ashishsangwan2@gmail.com>
Subject: [PATCH] Fuse: Add mount option to cache presence of security
	related xattr
Date: Wed, 31 Aug 2016 12:06:03 +0530
Message-Id: <1472625363-4850-1-git-send-email-ashishsangwan2@gmail.com>
X-Mailer: git-send-email 1.9.1
Sender: linux-fsdevel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-fsdevel.vger.kernel.org>
X-Mailing-List: linux-fsdevel@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

In case of a write call on any file, there is a xattr lookup call for
security.capablities type of xattr which is a scaling bottleneck.
In some of our use cases, just enabling the xattr support, we are
experiencing a performance drop of almost 20% even though the file does
not have any security xattr.
Fuse, by default, does not remember the presence of security attributes as
it clears the MS_NOSEC flag at the time of fill super and hence requires a
lookup of security xattr at each write. This makes sense in case of network
filesystems where multiple clients can change the state of xattr.
This patch adds a new mount option cache_security_xattr_presence
to avoid clearing MS_NOSEC flag. This could be use by the filesystem
implementations which supports xattr but are local in nature OR the
implementations which has its own security policies and
do not support security.capablities xattr.

Signed-off-by: Ashish Sangwan <ashishsangwan2@gmail.com>
---
 Documentation/filesystems/fuse.txt | 12 ++++++++++++
 fs/fuse/inode.c                    |  9 +++++++++
 2 files changed, 21 insertions(+)

diff --git a/Documentation/filesystems/fuse.txt b/Documentation/filesystems/fuse.txt
index 13af4a4..7245a40 100644
--- a/Documentation/filesystems/fuse.txt
+++ b/Documentation/filesystems/fuse.txt
@@ -115,6 +115,18 @@ Mount options
   Set the block size for the filesystem.  The default is 512.  This
   option is only valid for 'fuseblk' type mounts.
 
+'cache_security_xattr_presence'
+
+  If xattr support is enabled, in case of every write call on a file
+  fuse perform a xattr lookup call for security.capablities type as it does
+  not remember the presence of this xattr type. This is expected behavior in
+  case of network file system implementations where multiple clients can
+  modify the security related xattr state.
+  But in case of local file system implementations OR in case of network
+  file system implementations which does not support security.capablities
+  this option will prevent the security xattr lookup by caching its presence
+  in kernel.
+
 Control filesystem
 ~~~~~~~~~~~~~~~~~~
 
diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index 4e05b51..bd670c8 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -66,6 +66,7 @@ struct fuse_mount_data {
 	unsigned rootmode_present:1;
 	unsigned user_id_present:1;
 	unsigned group_id_present:1;
+	unsigned cache_security_xattr_presence:1;
 	unsigned flags;
 	unsigned max_read;
 	unsigned blksize;
@@ -454,6 +455,7 @@ enum {
 	OPT_ALLOW_OTHER,
 	OPT_MAX_READ,
 	OPT_BLKSIZE,
+	OPT_CACHE_SECURITY_XATTR_PRESENCE,
 	OPT_ERR
 };
 
@@ -466,6 +468,7 @@ static const match_table_t tokens = {
 	{OPT_ALLOW_OTHER,		"allow_other"},
 	{OPT_MAX_READ,			"max_read=%u"},
 	{OPT_BLKSIZE,			"blksize=%u"},
+	{OPT_CACHE_SECURITY_XATTR_PRESENCE, "cache_security_xattr_presence"},
 	{OPT_ERR,			NULL}
 };
 
@@ -539,6 +542,10 @@ static int parse_fuse_opt(char *opt, struct fuse_mount_data *d, int is_bdev)
 			d->flags |= FUSE_ALLOW_OTHER;
 			break;
 
+		case OPT_CACHE_SECURITY_XATTR_PRESENCE:
+			d->cache_security_xattr_presence = 1;
+			break;
+
 		case OPT_MAX_READ:
 			if (match_int(&args[0], &value))
 				return 0;
@@ -1069,6 +1076,8 @@ static int fuse_fill_super(struct super_block *sb, void *data, int silent)
 		sb->s_blocksize = PAGE_SIZE;
 		sb->s_blocksize_bits = PAGE_SHIFT;
 	}
+	if (d.cache_security_xattr_presence)
+		sb->s_flags |= MS_NOSEC;
 	sb->s_magic = FUSE_SUPER_MAGIC;
 	sb->s_op = &fuse_super_operations;
 	sb->s_maxbytes = MAX_LFS_FILESIZE;