Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20110718184632.GB3748@albatros>
Date: Mon, 18 Jul 2011 22:46:32 +0400
From: Vasiliy Kulikov <segoon@...nwall.com>
To: kernel-hardening@...ts.openwall.com
Subject: Re: PAX_USERCOPY testing

Hi,

On Thu, Jul 14, 2011 at 20:13 +0400, Vasiliy Kulikov wrote:
> This is a version of PAX_USERCOPY I want to send to LKML.  However, the
> patch without performance testing would be incomplete.  I have some
> syscalls measurements, the worst case is gethostname() with 6-7% penalty
> on x86-64 (Intel Core 2 Duo 2Ghz).

The previous benchmarks are totally wrong.  I didn't disable background
daemons, which created significant error, and used on-demand CPU
governor, which finally smashed results.

Measurements with maximum governor and with minimum processes showed
great "boost":

The worst case of tiny syscalls, gethostname(), has 0,9% slowdown.

Real workflows - find /usr, git log -Sredirect, make in kernel tree,
files copying - are not affected by the feature at all (the slowdown is
so low that I cannot effectively measure it, so it is less than 0,1%).

So, I've sent RFCv2 to LKML as-is :-)

I suppose no sysctl to control the behaviour is needed - the permormance
is acceptable for real workflows IMO.

Thanks,

-- 
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.