Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp1238585pxb; Wed, 4 Nov 2020 03:49:44 -0800 (PST) X-Google-Smtp-Source: ABdhPJwtswW9evQ/+4RNh9VHtBC6e86Pbb6WuCF/zaMDmX40ARt0qUzHJUpEuIJEcVTG5dR3LDWT X-Received: by 2002:a50:f104:: with SMTP id w4mr15992631edl.381.1604490584115; Wed, 04 Nov 2020 03:49:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1604490584; cv=none; d=google.com; s=arc-20160816; b=PCYZWb0O1PsTWMZfEUL66VDm/iJi9uOkMTNx4ksUVb2TaAMtUrd0wwvsBN17kpHswo W7f6OKekxk9ctBGVL8In9LsWvV8xblyepyFezVzDWkCv8UzF5gXFnZxN1ToUMPDOUi03 rW4SmAdAFfQD7yUy0aukAktog3tp5axfFs8OnUHEP+R77+28DdgbFMQUEHVDjl9ZJcoc FI23LRZHI+kPPN8N9Q6RLKXKAduRXACCpZM6YsDX8sR2xCzNZrPhjG/I6Sfj+mrt7g1O L3dPj5fa2pEnMsQ1hriUp878JaL9cArM2O6rK+ervntUrw4ZQVDZPkTXrKizqMGbTlfV dtbw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=LrTKUro/EAfrSfquqr6fzY3elZ7+MZodt7l7Rb7VaMA=; b=PWtRYFC8c1xlYzBue2HRkBR4z8HMFfEFag92mwPc0Dehoahe1Ee9dhd2Z1TmznuF3p n9yQer5yDOiW7jD8n7f+obYc+BcqrF0UBJw33tMDyGjBonTOyHYGcwg1mIKsLvNZFYSV AtY5/hLHAeKozNOTJPJxVdSlpfiNdTWYuy7A6SkIutW1bFOHOsj7tKw9JV+iKBKxfxKP w5vM+zmD1e/KhEJ7LwLdSmItYJ06Re6dI25DO6QC/rnKxvxFYBFNnmII9SCiTsLaH5bg EsraKzMM/iSb39Cs0ktIrji6kHoOdDT1/tcQb/a0di87gZafb3f5dJZSa449TXwKEsJm 9zhA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="TA/upDzk"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n6si1119537edi.165.2020.11.04.03.49.20; Wed, 04 Nov 2020 03:49:44 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="TA/upDzk"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729746AbgKDLlF (ORCPT + 99 others); Wed, 4 Nov 2020 06:41:05 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46796 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729630AbgKDLlF (ORCPT ); Wed, 4 Nov 2020 06:41:05 -0500 Received: from mail-pf1-x443.google.com (mail-pf1-x443.google.com [IPv6:2607:f8b0:4864:20::443]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D58DDC0613D3; Wed, 4 Nov 2020 03:41:03 -0800 (PST) Received: by mail-pf1-x443.google.com with SMTP id c20so17061459pfr.8; Wed, 04 Nov 2020 03:41:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=LrTKUro/EAfrSfquqr6fzY3elZ7+MZodt7l7Rb7VaMA=; b=TA/upDzkSlqE8bbPerc9M1oYcPB/SCguB/fv6tsU0qNJEICokPJOWWbzUO1heqjx1X 3MJkKQbgC+mF0e9Skbu2tODntCXpim0YAGDgj8FN7sDDIYQ3LWENybyqXCZl/be+XIV7 WkLl+XHEOUOo5pQruyx0qVAlxfInjmoyHlqVQGeveukro3khLO1jYepKUOZHrwFZ9ajK qadPobf/QXXP57jlIZ1IuZ5JjtLZc2rA7A6Suqtp3Kq9x2PAu07ziUDnyQuTlnoexYBH aFgJjI+kgZNHMfPu8OpcuPuLOyBtB9ucJUa6Vc1pIoNedcqDe7XyKvzwxbAnHqPdVC/8 3d2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=LrTKUro/EAfrSfquqr6fzY3elZ7+MZodt7l7Rb7VaMA=; b=gXzrw5l7wvDRlPFIygshd7oftKBYo3pjLMzFSgvRdP/Kd/+AIWv5BsuWtj2GY9cfvH TtRT4rvAkVNmmcrxkIK3WoWWWY3Hu3WjhJ3LmyA3zbJckbKQarJryi4pRvH3Xq0NbQjg E24fsDwwacaRwU0t0CUKx97Vv26fBRieT8m397lRWYKzl1cR8g0cLI6hI29LsUewI57r 6kki9Q/5+0BJZzoaKuS4cOH9mWgBkkaIxo7qTT6FJV8PDMH2ROBjjDRxtcRYPxBejZq/ yzJm8PF79kPku3HmbksQY7LGBzXqQ9D3E8cqxpk6KtccAduKI50aCZfhCLipuUgO6DwT jcag== X-Gm-Message-State: AOAM533IEE09U06Ifvqfuk5QAR3ImE0oCXXZE1FP9b3F/AXlfQ12LFix O/435oEcidkH/aTdWev8u4J/C6Tu1GbuU1GBlyw= X-Received: by 2002:a63:f445:: with SMTP id p5mr20807325pgk.293.1604490063419; Wed, 04 Nov 2020 03:41:03 -0800 (PST) MIME-Version: 1.0 References: <202010091613.B671C86@keescook> <202010121556.1110776B83@keescook> <202010221520.44C5A7833E@keescook> <202010231945.90FA4A4AA@keescook> <202011031612.6AA505157@keescook> In-Reply-To: <202011031612.6AA505157@keescook> From: YiFei Zhu Date: Wed, 4 Nov 2020 05:40:51 -0600 Message-ID: Subject: Re: [PATCH v4 seccomp 5/5] seccomp/cache: Report cache data through /proc/pid/seccomp_cache To: Kees Cook Cc: Linux Containers , YiFei Zhu , bpf , kernel list , Aleksa Sarai , Andrea Arcangeli , Andy Lutomirski , David Laight , Dimitrios Skarlatos , Giuseppe Scrivano , Hubertus Franke , Jack Chen , Jann Horn , Josep Torrellas , Tianyin Xu , Tobin Feldman-Fitzthum , Tycho Andersen , Valentin Rothberg , Will Drewry Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Nov 3, 2020 at 6:29 PM Kees Cook wrote: > Yeah, this is very interesting. That there is anything measurably _slower_ > with the cache is surprising. Though with only 4 runs, I wonder if it's > still noisy? What happens at 10 runs -- more importantly what is the > standard deviation? I could do that. it just takes such a long time. Each run takes about 20 minutes so with 10 runs per environment, 3 environments (native + 2 docker) per boot, and 4 boots (2 bootparam * 2 compile config), it's 27 hours of compilation. I should probably script it at that point. > I assume this is from Indirect Branch Prediction Barrier (IBPB) and > Single Threaded Indirect Branch Prediction (STIBP) (which get enabled > for threads under seccomp by default). > > Try booting with "spectre_v2_user=prctl" Hmm, to make sure, boot with just "spectre_v2_user=prctl" on the command line and test the performance of that? YiFei Zhu