| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 26 Jun 2018 11:48:31 +0200 From: Paolo Abeni <pabeni@...hat.com> To: crecklin@...hat.com, Kees Cook <keescook@...omium.org> Cc: LKML <linux-kernel@...r.kernel.org>, linux-mm@...r.kernel.org Subject: Re: [PATCH] add param that allows bootline control of hardened usercopy Hi, On Mon, 25 Jun 2018 11:21:38 -0700 Kees Cook <keescook@...omium.org> wrote: > On Mon, Jun 25, 2018 at 8:08 AM, Chris von Recklinghausen > <crecklin@...hat.com> wrote: > > Enabling HARDENED_USER_COPY causes measurable regressions in the > > networking performances, up to 8% under UDP flood. > > Which function is "hot"? i.e. which copy*user() is taking up the time? > Do you have a workload that at can be used to reproduce the problem? I'm running an a small packet UDP flood using pktgen vs. an host b2b connected. On the receiver side the UDP packets are processed by a simple user space process that just read and drop them: https://github.com/netoptimizer/network-testing/blob/master/src/udp_sink.c Not very useful from a functional PoV, it helps mostly pin-pointing bottle-neck in the networking stack. When running a kernel with CONFIG_HARDENED_USERCOPY=y, I see a 5-8% regression in the receive tput, compared to the same kernel without such option. With CONFIG_HARDENED_USERCOPY=y, perf shows ~6% of CPU time spent cumulatively in __check_object_size (~4%) and __virt_addr_valid (~2%). Cheers, Paolo
Powered by blists - more mailing lists