Re: [INFO] ratio of const vs dynamic usercopy

From: Kees Cook
Date: Tue Sep 20 2016 - 20:31:36 EST

Next message: H. Peter Anvin: "Re: [RFC 0/3] Put vdso in ramfs-like filesystem (vdsofs)"
Previous message: Michael Ellerman: "Re: linux-next: build failure after merge of the akpm-current tree"
In reply to: Josh Poimboeuf: "Re: [INFO] ratio of const vs dynamic usercopy"
Next in thread: Linus Torvalds: "Re: [INFO] ratio of const vs dynamic usercopy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Sep 20, 2016 at 7:19 AM, Josh Poimboeuf <jpoimboe@xxxxxxxxxx> wrote:
> On Mon, Sep 19, 2016 at 09:58:39PM -0700, Kees Cook wrote:
>> Hi,
>>
>> Al had asked me a couple weeks back what the ratio of const vs dynamic
>> usercopying was. With Josh's cleanup and my fix-up to only call the
>> hardened usercopy when non-const, I can actually gather these statistics
>> on a build. It's a bit of a hack (see attached patch that should not go
>> into the tree), but with my not-very-defconfig, it's rougly 2 to 1 const
>> vs dynamic. However, this doesn't take into account the frequency at
>> _runtime_, which maybe could be discovered via perf comparing copy*user()
>> calls to __check_object_size() calls, but I didn't try that. Does someone
>> have perf setup to check this?
>
> Maybe do something like this with your patch?
>
> trace-cmd record -p function -l __check_object_size -l __skip_check_object_size [command you want to benchmark]
> trace-cmd report

trace-cmd seemed to break for me (lost one of the CPU buffers?), so I
just did this manually:

# echo __skip_check_object_size > set_ftrace_filter
# echo __check_object_size >> set_ftrace_filter
# echo 1 > function_profile_enabled
... build the kernel 5 times ...

Out of trace_stat/function* I get:

Function Hit Time Avg
s^2
-------- --- ---- ---
---
__check_object_size 7692563 593308.5 us 0.077
us 1104414 us
__skip_check_object_size 3832439 254356.3 us 0.066
us 205958.2 us
Function Hit Time Avg
s^2
-------- --- ---- ---
---
__check_object_size 7474288 564353.9 us 0.075
us 1282606 us
__skip_check_object_size 3809103 261658.7 us 0.068
us 192132.0 us
Function Hit Time Avg
s^2
-------- --- ---- ---
---
__check_object_size 7472437 573517.2 us 0.076
us 4566908 us
__skip_check_object_size 3883037 251919.3 us 0.064
us 3780134 us
Function Hit Time Avg
s^2
-------- --- ---- ---
---
__check_object_size 7882525 581605.9 us 0.073
us 51814941 us
__skip_check_object_size 4061014 277332.0 us 0.068
us 5237258 us

So, together:

30521813 dynamic calls and 15585593 const calls, or almost exactly 2
to 1 dynamic to const. (And the dynamic calls seem to add 0.00875us
average overhead vs const.)

-Kees

--
Kees Cook
Nexus Security

Next message: H. Peter Anvin: "Re: [RFC 0/3] Put vdso in ramfs-like filesystem (vdsofs)"
Previous message: Michael Ellerman: "Re: linux-next: build failure after merge of the akpm-current tree"
In reply to: Josh Poimboeuf: "Re: [INFO] ratio of const vs dynamic usercopy"
Next in thread: Linus Torvalds: "Re: [INFO] ratio of const vs dynamic usercopy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]