lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 08 May 2020 09:02:00 -0700
From:   John Fastabend <john.fastabend@...il.com>
To:     Andrii Nakryiko <andriin@...com>, bpf@...r.kernel.org,
        netdev@...r.kernel.org, ast@...com, daniel@...earbox.net
Cc:     andrii.nakryiko@...il.com, kernel-team@...com,
        Andrii Nakryiko <andriin@...com>
Subject: RE: [PATCH bpf-next 3/3] selftest/bpf: add BPF triggring benchmark

Andrii Nakryiko wrote:
> It is sometimes desirable to be able to trigger BPF program from user-space
> with minimal overhead. sys_enter would seem to be a good candidate, yet in
> a lot of cases there will be a lot of noise from syscalls triggered by other
> processes on the system. So while searching for low-overhead alternative, I've
> stumbled upon getpgid() syscall, which seems to be specific enough to not
> suffer from accidental syscall by other apps.
> 
> This set of benchmarks compares tp, raw_tp w/ filtering by syscall ID, kprobe,
> fentry and fmod_ret with returning error (so that syscall would not be
> executed), to determine the lowest-overhead way. Here are results on my
> machine:
> 
> $ for i in base tp rawtp kprobe fentry fmodret; \
> do \
>     summary=$(sudo ./bench -w2 -d5 -a trig-$i | \
>               tail -n1 | cut -d'(' -f1 | cut -d' ' -f3- ) && \
>     printf "%-10s: %s\n" $i "$summary"; \
> done
> 
> base      :    9.200 ± 0.319M/s
> tp        :    6.690 ± 0.125M/s
> rawtp     :    8.571 ± 0.214M/s
> kprobe    :    6.431 ± 0.048M/s
> fentry    :    8.955 ± 0.241M/s
> fmodret   :    8.903 ± 0.135M/s
> 
> So it seems like fmodret doesn't give much benefit for such lightweight
> syscall. Raw tracepoint is pretty decent despite additional filtering logic,
> but it will be called for any other syscall in the system, which rules it out.
> Fentry, though, seems to be adding the least amoung of overhead and achieves
> 97.3% of performance of baseline no-BPF-attached syscall.
> 
> Using getpgid() seems to be preferable to set_task_comm() approach from
> test_overhead, as it's about 2.35x faster in a baseline performance.
> 
> Signed-off-by: Andrii Nakryiko <andriin@...com>
> ---

Nice.

Acked-by: John Fastabend <john.fastabend@...il.com>

Powered by blists - more mailing lists