Your comments on auditing don't make me quite happy as it might lead one to believe this is a result of the audit subsystem. It's not. This is the result of the fact that some LSM reporting code (usually used when the LSM denies an operation) could hit a function that might sleep (the actual function is dput). It's quite rare that SELinux hits this piece of code. A system with SELinux (and even with the audit system) should get all the same benefits now of the lockless lookup as systems without SELinux 99.999% of the time.