lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 7 Aug 2023 11:23:36 +0900
From:   Masahiro Yamada <masahiroy@...nel.org>
To:     Greg KH <gregkh@...uxfoundation.org>
Cc:     Shreenidhi Shedi <yesshedi@...il.com>, dhowells@...hat.com,
        dwmw2@...radead.org, linux-kernel@...r.kernel.org,
        sshedi@...are.com
Subject: Re: [PATCH v6 0/7] refactor file signing program

On Thu, Jun 1, 2023 at 6:08 PM Greg KH <gregkh@...uxfoundation.org> wrote:
>
> On Thu, Jun 01, 2023 at 02:33:23PM +0530, Shreenidhi Shedi wrote:
> > On Wed, 31-May-2023 22:20, Greg KH wrote:
> > > On Wed, May 31, 2023 at 09:01:24PM +0530, Shreenidhi Shedi wrote:
> > > > On Wed, 31-May-2023 20:08, Greg KH wrote:
> > > > > On Tue, Apr 25, 2023 at 04:14:49PM +0530, Shreenidhi Shedi wrote:
> > > > > > On Wed, 22-Mar-2023 01:03, Shreenidhi Shedi wrote:
> > > > > > Can you please review the latest patch series? I think I have addressed your
> > > > > > concerns. Thanks.
> > > > >
> > > > > The big question is, "who is going to use these new features"?  This
> > > > > tool is only used by the in-kernel build scripts, and if they do not
> > > > > take advantage of these new options you have added, why are they needed?
> > > > >
> > > > > thanks,
> > > > >
> > > > > greg k-h
> > > >
> > > > Hi Greg,
> > > >
> > > > Thanks for the response.
> > > >
> > > > We use it in VMware Photon OS. Following is the link for the same.
> > > > https://github.com/vmware/photon/blob/master/SPECS/linux/spec_install_post.inc#L4
> > > >
> > > > If this change goes in, it will give a slight push to our build performance.
> > >
> > > What exactly do you mean by "slight push"?
> >
> > Instead of invoking the signing tool binary for each module, we can pass
> > modules in bulk and it will reduce the build time by couple of seconds.
>
> Then why not modify the in-kernel build system to also do this, allowing
> everyone to save time and money (i.e. energy)?
>
> Why keep the build savings to yourself?
>
> thanks,
>
> greg k-h


If I understand correctly,
"sign-file: add support to sign modules in bulk"
is the only benefit in the patchset.

I tested the bulk option, but I did not see build savings.



My evaluation:
1.  'make allmodconfig all', then 'make modules_install'.
        (9476 modules installed)

2.  I ran 'perf stat' for single signing vs bulk signing
      (5 runs for each).
      I changed the -n option in scripts/signfile.sh




A.  single sign

Sign one module per scripts/sign-file invocation.

find "${MODULES_PATH}" -name *.ko -type f -print0 | \
        xargs -r -0 -P$(nproc) -x -n1 sh -c "..."



 Performance counter stats for './signfile-single.sh' (5 runs):

             22.33 +- 2.26 seconds time elapsed  ( +- 10.12% )




B. bulk sign

Sign 32 modules per scripts/sign-file invocation

find "${MODULES_PATH}" -name *.ko -type f -print0 | \
        xargs -r -0 -P$(nproc) -x -n32 sh -c "..."


 Performance counter stats for './signfile-bulk.sh' (5 runs):

             24.78 +- 3.01 seconds time elapsed  ( +- 12.14% )




The bulk option decreases the process forks of scripts/sign-file
but I did not get even "slight push".



-- 
Best Regards
Masahiro Yamada

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ