The AppArmor Performance Impact In 70+ Benchmarks On Linux 5.5 Git

With bisecting one of the big regressions in Linux 5.5 and finding the culprit to be an AppArmor change while using Hackbench as one of the most affected tests, I was curious to see what other workloads are impacted big by AppArmor on the current Linux 5.5 Git code. Here are 72 tests with the Threadripper 3970X on Linux 5.5 Git when toggling AppArmor.

These New Year's Eve benchmarks are looking at the performance of Linux 5.5 Git as of two days ago when running out-of-the-box on Ubuntu 19.10 and then booting with apparmor=0 to force AppArmor to be disabled. Thus looking at the overall cost of AppArmor on Linux 5.5 right now as opposed to just the change from the recent regression.

With the AMD Ryzen Threadripper 3970X system, the tests that benefited the most from disabling AppArmor included:

Those are the tests with a measurable difference between toggling AppArmor. The listing of all 72 results including the tests with minimal to no changes can be found via this OpenBenchmarking.org result file.

Of all 72 results overall, AppArmor as enabled by default on the likes of Ubuntu and Debian showed about 5% slower performance on Linux 5.5. When the AppArmor regression is addressed, we'll certainly take this kernel security feature for another spin in 2020.