lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240816005943.1832694-5-ivanov.mikhail1@huawei-partners.com>
Date: Fri, 16 Aug 2024 08:59:43 +0800
From: Mikhail Ivanov <ivanov.mikhail1@...wei-partners.com>
To: <mic@...ikod.net>
CC: <willemdebruijn.kernel@...il.com>, <gnoack3000@...il.com>,
	<linux-security-module@...r.kernel.org>, <netdev@...r.kernel.org>,
	<netfilter-devel@...r.kernel.org>, <yusongping@...wei.com>,
	<artem.kuzin@...wei.com>, <konstantin.meskhidze@...wei.com>
Subject: [RFC PATCH v1 4/4] selftests/landlock: Add realworld workload based on find tool

Implement script that measures Landlock overhead for workload in which
find tool is executed on Linux source code folder. This workload is tested
with 5, 10 depth values and few number of layers.

This workload is useful to measure Landlock overhead under different
number of layers and different keys of the filesystem ruleset.

Signed-off-by: Mikhail Ivanov <ivanov.mikhail1@...wei-partners.com>
---
 .../landlock/bench/bench_find_on_linux.sh     | 84 +++++++++++++++++++
 1 file changed, 84 insertions(+)
 create mode 100755 tools/testing/selftests/landlock/bench/bench_find_on_linux.sh

diff --git a/tools/testing/selftests/landlock/bench/bench_find_on_linux.sh b/tools/testing/selftests/landlock/bench/bench_find_on_linux.sh
new file mode 100755
index 000000000000..ae53c265c444
--- /dev/null
+++ b/tools/testing/selftests/landlock/bench/bench_find_on_linux.sh
@@ -0,0 +1,84 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: GPL-2.0
+#
+# Copyright © 2024 Huawei Tech. Co., Ltd.
+#
+# Measure openat(2) overhead for workload that executes find tool on Linux source
+# code with different depths and numbers of ruleset layers.
+
+# cf. tools/testing/selftests/kselftest.h
+KSFT_PASS=0
+KSFT_FAIL=1
+KSFT_XFAIL=2
+KSFT_XPASS=3
+KSFT_SKIP=4
+
+REL_DIR=$(dirname $(realpath $0))
+FIND=/usr/bin/find
+LINUX_SRC=$(realpath $REL_DIR/../../../../../)
+BENCH_CMD=$REL_DIR/run.sh
+TOPOLOGY=.topology
+TMP=.tmp
+
+# read
+READ_ACCESS=4
+
+# $1 - Linux src files path
+# $2 - Maximum depth of files
+# $3 - If $3 == 0 then only files of depth $2 is used in ruleset.
+#      Otherwise, ruleset uses files of depth 1-$2 and ruleset layer
+#      of each file matches depth of the file.
+# $4 - Name of the file in which topology would be saved
+gen_linux_src_topology()
+{
+	n_layers=$2
+	if [[ $3 -eq 0 ]]; then
+		n_layers=1
+		find $1 -mindepth $2 -maxdepth $2 -fprintf $4 '1 %p\n'
+	else
+		find $1 -mindepth 1 -maxdepth $2 -fprintf $4 '%d %p\n'
+	fi
+
+	# Allow access to FIND
+	for depth in $(seq 1 $n_layers);
+	do
+		echo $depth /usr/bin/find >> $4
+		echo $depth /usr/bin/file >> $4
+		echo $depth /lib >> $4
+		echo $depth /etc >> $4
+	done
+}
+
+if [ ! -f "$BENCH_CMD" ]; then
+	echo $BENCH_CMD does not exist
+	exit $KSFT_SKIP
+fi
+
+if [ ! -f "$FIND" ]; then
+	echo $FIND does not exist
+	exit $KSFT_SKIP
+fi
+
+# $1 - depth
+# $2 - If $2 == 0 then only files of depth $2 is used in ruleset.
+#      Otherwise, ruleset uses files of depth 1-$2 and ruleset layer
+#      of each file matches depth of the file.
+# $3 - Number of iterations of this sample
+run_sample()
+{
+	n_layers=$1
+	if [[ $2 -eq 0 ]]; then
+		n_layers=1
+	fi
+
+	echo Running find on $n_layers layers, $1 depth, $3 iterations...
+	gen_linux_src_topology $LINUX_SRC $1 $2 $TOPOLOGY
+
+	$BENCH_CMD -s -r $3 -b -t fs:$TOPOLOGY:$READ_ACCESS -e openat \
+		$FIND $LINUX_SRC -mindepth $1 -maxdepth $1 -exec file '{}' \;
+}
+
+run_sample 5 0 10
+run_sample 5 1 10
+run_sample 10 0 500
+run_sample 10 1 500
-- 
2.34.1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ