| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240816005943.1832694-5-ivanov.mikhail1@huawei-partners.com>
Date: Fri, 16 Aug 2024 08:59:43 +0800
From: Mikhail Ivanov <ivanov.mikhail1@...wei-partners.com>
To: <mic@...ikod.net>
CC: <willemdebruijn.kernel@...il.com>, <gnoack3000@...il.com>,
<linux-security-module@...r.kernel.org>, <netdev@...r.kernel.org>,
<netfilter-devel@...r.kernel.org>, <yusongping@...wei.com>,
<artem.kuzin@...wei.com>, <konstantin.meskhidze@...wei.com>
Subject: [RFC PATCH v1 4/4] selftests/landlock: Add realworld workload based on find tool
Implement script that measures Landlock overhead for workload in which
find tool is executed on Linux source code folder. This workload is tested
with 5, 10 depth values and few number of layers.
This workload is useful to measure Landlock overhead under different
number of layers and different keys of the filesystem ruleset.
Signed-off-by: Mikhail Ivanov <ivanov.mikhail1@...wei-partners.com>
---
.../landlock/bench/bench_find_on_linux.sh | 84 +++++++++++++++++++
1 file changed, 84 insertions(+)
create mode 100755 tools/testing/selftests/landlock/bench/bench_find_on_linux.sh
diff --git a/tools/testing/selftests/landlock/bench/bench_find_on_linux.sh b/tools/testing/selftests/landlock/bench/bench_find_on_linux.sh
new file mode 100755
index 000000000000..ae53c265c444
--- /dev/null
+++ b/tools/testing/selftests/landlock/bench/bench_find_on_linux.sh
@@ -0,0 +1,84 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: GPL-2.0
+#
+# Copyright © 2024 Huawei Tech. Co., Ltd.
+#
+# Measure openat(2) overhead for workload that executes find tool on Linux source
+# code with different depths and numbers of ruleset layers.
+
+# cf. tools/testing/selftests/kselftest.h
+KSFT_PASS=0
+KSFT_FAIL=1
+KSFT_XFAIL=2
+KSFT_XPASS=3
+KSFT_SKIP=4
+
+REL_DIR=$(dirname $(realpath $0))
+FIND=/usr/bin/find
+LINUX_SRC=$(realpath $REL_DIR/../../../../../)
+BENCH_CMD=$REL_DIR/run.sh
+TOPOLOGY=.topology
+TMP=.tmp
+
+# read
+READ_ACCESS=4
+
+# $1 - Linux src files path
+# $2 - Maximum depth of files
+# $3 - If $3 == 0 then only files of depth $2 is used in ruleset.
+# Otherwise, ruleset uses files of depth 1-$2 and ruleset layer
+# of each file matches depth of the file.
+# $4 - Name of the file in which topology would be saved
+gen_linux_src_topology()
+{
+ n_layers=$2
+ if [[ $3 -eq 0 ]]; then
+ n_layers=1
+ find $1 -mindepth $2 -maxdepth $2 -fprintf $4 '1 %p\n'
+ else
+ find $1 -mindepth 1 -maxdepth $2 -fprintf $4 '%d %p\n'
+ fi
+
+ # Allow access to FIND
+ for depth in $(seq 1 $n_layers);
+ do
+ echo $depth /usr/bin/find >> $4
+ echo $depth /usr/bin/file >> $4
+ echo $depth /lib >> $4
+ echo $depth /etc >> $4
+ done
+}
+
+if [ ! -f "$BENCH_CMD" ]; then
+ echo $BENCH_CMD does not exist
+ exit $KSFT_SKIP
+fi
+
+if [ ! -f "$FIND" ]; then
+ echo $FIND does not exist
+ exit $KSFT_SKIP
+fi
+
+# $1 - depth
+# $2 - If $2 == 0 then only files of depth $2 is used in ruleset.
+# Otherwise, ruleset uses files of depth 1-$2 and ruleset layer
+# of each file matches depth of the file.
+# $3 - Number of iterations of this sample
+run_sample()
+{
+ n_layers=$1
+ if [[ $2 -eq 0 ]]; then
+ n_layers=1
+ fi
+
+ echo Running find on $n_layers layers, $1 depth, $3 iterations...
+ gen_linux_src_topology $LINUX_SRC $1 $2 $TOPOLOGY
+
+ $BENCH_CMD -s -r $3 -b -t fs:$TOPOLOGY:$READ_ACCESS -e openat \
+ $FIND $LINUX_SRC -mindepth $1 -maxdepth $1 -exec file '{}' \;
+}
+
+run_sample 5 0 10
+run_sample 5 1 10
+run_sample 10 0 500
+run_sample 10 1 500
--
2.34.1
Powered by blists - more mailing lists