lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <d36b56ca-6405-d7dc-a531-fcbe0acc425d@bytedance.com>
Date:   Fri, 28 May 2021 10:10:23 +0800
From:   zhoufeng <zhoufeng.zf@...edance.com>
To:     Andrew Morton <akpm@...ux-foundation.org>, adobriyan@...il.com,
        rppt@...nel.org
Cc:     linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
        songmuchun@...edance.com, zhouchengming@...edance.com,
        chenying.kernel@...edance.com, zhengqi.arch@...edance.com
Subject: Re: [External] Re: [PATCH] fs/proc/kcore.c: add mmap interface



在 2021/5/28 上午6:30, Andrew Morton 写道:
> On Thu, 27 May 2021 14:13:09 +0800 zhoufeng <zhoufeng.zf@...edance.com> wrote:
> 
>>> I'm surprised that it makes this much difference.  Has DRGN been fully
>>> optimised to minimise the amount of pread()ing which it does?  Why does
>>> it do so much reading?
>> DRGN is a tool similar to Crash, but much lighter. It allows users to
>> obtain kernel data structures from Python scripts. Based on this, we
>> intend to use DRGN for kernel monitoring. So we used some pressure test
>> scripts to test the loss of monitoring.
>> Monitoring is all about getting current real-time data, so every time
>> DRGN tries to get kernel data, it needs to read /proc/kcore. In my
>> script, I tried to loop 1000 times to obtain the information of all the
>> processes in the machine, in order to construct a scene where kernel
>> data is frequently read. So, the frequency in the default version of
>> kcore, pread is very high. In view of this situation, our optimization
>> idea is to reduce the number of context switches as much as possible
>> under the scenario of frequent kernel data acquisition, to reduce the
>> performance loss to a minimum, and then move the monitoring system to
>> the production environment.
> 
> Why would a pread() cause a context switch?
> 

Sorry, my English is poor. I mean trigger the system call.

>> After running for a long time in a
>> production environment, the number of kernel data reads was added as
>> time went on, and the pread number also increased. If users use mmap,
>> it's once for all.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ