LU-549 llite: Improve statfs performance if selinux is disabled

Even if selinux is disabled, client still tries to get selinux
attributes from MDS. As xattrs are not yet cached, this significantly
slows down xattr heavy operations like ls -l. This patch forces
to return -EOPNOTSUPP on the client side if selinux is disabled.
It speeds up ls -l 25% for cold-cache case and 50% for hot-cache
case.

Signed-off-by: Yevheniy Demchenko <zheka@uvt.cz>
Signed-off-by: Keith Mannthey <keith@whamcloud.com>
Change-Id: I0c24bd8559818b0fae29a082790b392095f91ab5
:# Please enter the commit message for your changes. Lines starting
Reviewed-on: http://review.whamcloud.com/2904
Tested-by: Hudson
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Tested-by: Maloo <whamcloud.maloo@gmail.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>

diff --git a/lustre/autoconf/lustre-core.m4 b/lustre/autoconf/lustre-core.m4
index 65e80c7..81ced7a 100644 (file)
--- a/lustre/autoconf/lustre-core.m4
+++ b/lustre/autoconf/lustre-core.m4
@@ -2198,6 +2198,22 @@ AC_DEFUN([LC_SET_CPUS_ALLOWED],
                            [set_cpus_allowed is exported by the kernel])],
                 [AC_MSG_RESULT([no])] )])
 
+# 2.6.32 introduces selinux_is_enabled()
+AC_DEFUN([LC_SELINUX_IS_ENABLED],
+[AC_MSG_CHECKING([if selinux_is_enabled is available])
+LB_LINUX_TRY_COMPILE([
+        #include <linux/selinux.h>
+],[
+        selinux_is_enabled();
+],[
+        AC_MSG_RESULT([yes])
+        AC_DEFINE(HAVE_SELINUX_IS_ENABLED, 1,
+                [selinux_is_enabled is defined])
+],[
+        AC_MSG_RESULT([no])
+])
+])
+
 #
 # LC_D_OBTAIN_ALIAS
 # starting from 2.6.28 kernel replaces d_alloc_anon() with
@@ -2378,6 +2394,7 @@ AC_DEFUN([LC_PROG_LINUX],
          LC_SET_CPUS_ALLOWED
          LC_EXT4_SINGLEDATA_TRANS_BLOCKS_SB
          LC_WALK_SPACE_HAS_DATA_SEM
+         LC_SELINUX_IS_ENABLED
 
          #
          if test x$enable_server = xyes ; then

diff --git a/lustre/include/linux/lustre_compat25.h b/lustre/include/linux/lustre_compat25.h
index 3e8bb01..b9513c5 100644 (file)
--- a/lustre/include/linux/lustre_compat25.h
+++ b/lustre/include/linux/lustre_compat25.h
@@ -866,5 +866,12 @@ static inline int ll_quota_off(struct super_block *sb, int off, int remount)
 #define HAVE_NODE_TO_CPUMASK
 #endif
 
+#ifndef HAVE_SELINUX_IS_ENABLED
+static inline bool selinux_is_enabled(void)
+{
+        return 0;
+}
+#endif
+
 #endif /* __KERNEL__ */
 #endif /* _COMPAT25_H */

diff --git a/lustre/llite/xattr.c b/lustre/llite/xattr.c
index 90076db..9662eeb 100644 (file)
--- a/lustre/llite/xattr.c
+++ b/lustre/llite/xattr.c
@@ -38,6 +38,9 @@
 #include <linux/sched.h>
 #include <linux/mm.h>
 #include <linux/smp_lock.h>
+#ifdef HAVE_SELINUX_IS_ENABLED
+#include <linux/selinux.h>
+#endif
 
 #define DEBUG_SUBSYSTEM S_LLITE
 
@@ -134,6 +137,11 @@ int ll_setxattr_common(struct inode *inode, const char *name,
             strcmp(name, "security.capability") == 0))
                 RETURN(0);
 
+        /* LU-549:  Disable security.selinux when selinux is disabled */
+        if (xattr_type == XATTR_SECURITY_T && !selinux_is_enabled() &&
+            strcmp(name, "security.selinux") == 0)
+                RETURN(-EOPNOTSUPP);
+
 #ifdef CONFIG_FS_POSIX_ACL
         if (sbi->ll_flags & LL_SBI_RMT_CLIENT &&
             (xattr_type == XATTR_ACL_ACCESS_T ||