Re: [PATCH 1/3] ipc: convert ipc_namespace.count from atomic_t to refcount_t

[Kees Cook]

On Wed, Jul 19, 2017 at 4:11 PM, Davidlohr Bueso <dave@xxxxxxxxxxxx> wrote:
> On Wed, 19 Jul 2017, Andrew Morton wrote:
>
>> On Wed, 19 Jul 2017 15:54:27 -0700 Davidlohr Bueso <dave@xxxxxxxxxxxx>
>> wrote:
>>
>>> On Wed, 19 Jul 2017, Andrew Morton wrote:
>>>
>>> >I do rather dislike these conversions from the point of view of
>>> >performance overhead and general code bloat.  But I seem to have lost
>>> >that struggle and I don't think any of these are fastpath(?).
>>>
>>> Well, since we now have fd25d19 (locking/refcount: Create unchecked
>>> atomic_t
>>> implementation), performance is supposed to be ok.
>>
>>
>> Sure, things are OK for people who disable the feature.

FWIW, it's off by default.

>>
>> But for people who want to enable the feature we really should minimize
>> the cost by avoiding blindly converting sites which simply don't need
>> it: simple, safe, old, well-tested code.  Why go and slow down such
>> code?  Need to apply some common sense here...

These are the very code paths we'd want to make sure are well
protected since people may never expect them to misbehave when some
"small change" goes in.

> Fair points.
>
>>> It would be lovely to have
>>> some actual numbers nonetheless.
>>
>> Very much so.
>
> May I suggest using mmtests with the following config file:
>
> https://github.com/gormanm/mmtests/blob/7e070a810bc0af92e592e5121d0ea75fada51aeb/configs/config-global-dhp__workload-ipc-scale-short
>
> It will run two of Manfred's ipcscale sem benchmarks.

I'll see if I can figure out how to use this for testing the fast
refcount protection:
https://lkml.org/lkml/2017/7/18/1223

Then we could see:

before conversion
after conversion
with CONFIG_REFCOUNT_FULL
with fast refcount protection

-Kees

-- 
Kees Cook
Pixel Security