Completely separate from [1]the big performance regression I noted earlier this week for the Linux 6.15 Git kernel and [2]fixed yesterday in the upstream codebase , another significant performance issue was also uncovered and fixed this week in Linux 6.15 Git.

Cloudflare engineer Frederick Lawler took care of a performance problem in the kernel pertaining to "extremely heavy read-only workloads." The specific work wasn't mentioned but presumably a lot of read-only services running within Cloudflare but also benefiting others. Fortunately, this particular performance issue only manifests when making use of the Integrity Measurement Architecture (IMA) functionality.

Frederick Lawler explained in [3]the commit merged to Linux 6.15 Git:

"ima: process_measurement() needlessly takes inode_lock() on MAY_READ

On IMA policy update, if a measure rule exists in the policy, IMA_MEASURE is set for ima_policy_flags which makes the violation_check

variable always true. Coupled with a no-action on MAY_READ for a FILE_CHECK call, we're always taking the inode_lock().

This becomes a performance problem for extremely heavy read-only workloads. Therefore, prevent this only in the case there's no action to be taken."

This performance fix is merged in time for Linux 6.15-rc4 due out on Sunday along with the unrelated performance regression fix I noted yesterday. Linux 6.15 stable should be out around the end of May.



[1] https://www.phoronix.com/review/linux-615-nginx-regression

[2] https://www.phoronix.com/review/linux-615-regression-fix

[3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=30d68cb0c37ebe2dc63aa1d46a28b9163e61caa2