Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp19771910rwd; Wed, 28 Jun 2023 14:09:17 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6Gtz1oqLJ0752S5bfkeIzj6NPfD5meFrq0sKdiYxb0ou3QhR76hz1nVhsuDxPj1jdYb9Ug X-Received: by 2002:a05:6512:32d2:b0:4fb:9469:d65f with SMTP id f18-20020a05651232d200b004fb9469d65fmr1769125lfg.37.1687986557050; Wed, 28 Jun 2023 14:09:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1687986557; cv=none; d=google.com; s=arc-20160816; b=YTKlrqtcNHcbBS8tVNGAOsEnwIVTy/3DytuKwHPww5p1uMcsJ3COUnCMgbwRfnr1pX DyhwVZHrDnTDxqDBUkHrNLstH9hlVt7/2VaJIIPUBO0azCxpaHAGF05WRcWKb77eIYSa cF0dmroybReEVOuQsKgtfMkJSispOhhOmZ/XGICohPBQRManH6NCTqWjO85RK+iXX/I3 kf5wybg8ddv8fDUprzyapCiWduMEnlD0kBHPGFuB0CKJ1haMJbF3UYSH37EagZEMqex7 /FtqbPLjioxC5MLyz8ZIgLsFQ8ZJsvKvWF/GcwIh1cQxopRx75lgPN2VYNUccnRsR5// q4MA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=p5EAwO68zepmlB4DZ7YeQCN7tx9mqPakWLHiXEndXTk=; fh=SyVox6G/2rmVzaWgmoU99cZOHbJo8YPYpcYHkyHRo2Q=; b=sbtCaiBZ95TuLD2uIKsHUiTn89SMsgy7cyXBZQAYc/AIKc/JrB7B27RN3xueFTUpwn yqhpxM4yIF3neRS2or+yrvtmTxz5ICNOMeHIaJTPb2Nrxj/B3MCVvGiA00MmDtKfw7Pq bYBwl+t+gtGiP8C9Ei1mMn6S5FS36+RqIOeIz9LwAJ7TY/iee/EsB0RQwODL3aEfhtXM /b3D3X5dTjGyCcf4R5JELCldqF3ERSXho8EDTi47fbwiHGBP1qpFUwFx294M7i+1QipU hifalCqvWgQbH/Wx4cvnXzbfNRjnsRrAT+7qpjf6udr7J96CBOHQFy794e0XSXUDQn+S eFWg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=lqW3ouyN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w16-20020aa7dcd0000000b0051a2e1702casi5691917edu.595.2023.06.28.14.08.51; Wed, 28 Jun 2023 14:09:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=lqW3ouyN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231500AbjF1U7i (ORCPT + 99 others); Wed, 28 Jun 2023 16:59:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47256 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231687AbjF1U7h (ORCPT ); Wed, 28 Jun 2023 16:59:37 -0400 Received: from mail-pf1-x42c.google.com (mail-pf1-x42c.google.com [IPv6:2607:f8b0:4864:20::42c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1FCE619B0 for ; Wed, 28 Jun 2023 13:59:36 -0700 (PDT) Received: by mail-pf1-x42c.google.com with SMTP id d2e1a72fcca58-666e916b880so163557b3a.2 for ; Wed, 28 Jun 2023 13:59:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1687985975; x=1690577975; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc:subject:date:message-id:reply-to; bh=p5EAwO68zepmlB4DZ7YeQCN7tx9mqPakWLHiXEndXTk=; b=lqW3ouyNx7hW2mqTtqZkWWLZkqi91e+OzqynvHrRmoI+fFXMrHqi7+vOlxnIV/s3RB jfaDcgTVeM2rtOKSDntGBOqnjK1QK0I9bWtkAyJPAS67ACxO8MdHkkDm1/TMHV4ZiOlU Jzso/vrdbQt9Q3QjyeWHNBVwjD2c7FPLrT7bQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687985975; x=1690577975; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=p5EAwO68zepmlB4DZ7YeQCN7tx9mqPakWLHiXEndXTk=; b=S+BvS1ZF9RqkkVCOqwUXzXWCBqV83VXDYZSQ9OJRq+69COG36deccZ0IlHKUQIrtMU cbALaOMpzFjcExmkCpv6gkd2h+ZRV53FVJzw9WumxFfhQpOihArl5sJ5D+aBnYHaRO3B tgS6orNFDv6zOTLCdU2+n6KCwouWZ1LzaMgqrtHLsGIA+wwIUTx2xdm6VVO6Jy40RUaH Kkcxh1g9jo28QHCg6k/Z8PTxWkWJ73H7Nck6Ctix4tkZE7h8DDAocWowUBMKO/dRJCGb qaB9bPgCvigwMkrfGRKwnO0hI3Q+Hu9LF63sgJD+BFYa+kvdYpgKOISkwdTBI09j8pLr iWOw== X-Gm-Message-State: AC+VfDy+lR1Ks7tBj5P+Pm9rCd2zPrOKmC7ycATiInqWemqSRavTlC4p dfdZH+jaEzl+uWN7u9uXffxisg== X-Received: by 2002:a05:6a00:3a14:b0:668:82fe:16e2 with SMTP id fj20-20020a056a003a1400b0066882fe16e2mr22096409pfb.16.1687985975628; Wed, 28 Jun 2023 13:59:35 -0700 (PDT) Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241]) by smtp.gmail.com with ESMTPSA id u23-20020aa78497000000b0067aa2a70179sm4146384pfn.46.2023.06.28.13.59.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 28 Jun 2023 13:59:34 -0700 (PDT) Date: Wed, 28 Jun 2023 13:59:34 -0700 From: Kees Cook To: Julian Pidancet Cc: Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Vlastimil Babka , Roman Gushchin , Hyeonggon Yoo <42.hyeyoo@gmail.com>, linux-mm@kvack.org, Jonathan Corbet , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, Matthew Wilcox , Rafael Aquini Subject: Re: [PATCH] mm/slub: disable slab merging in the default configuration Message-ID: <202306281358.E6E6C2759@keescook> References: <20230627132131.214475-1-julian.pidancet@oracle.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20230627132131.214475-1-julian.pidancet@oracle.com> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jun 27, 2023 at 03:21:31PM +0200, Julian Pidancet wrote: > Make CONFIG_SLAB_MERGE_DEFAULT default to n unless CONFIG_SLUB_TINY is > enabled. Benefits of slab merging is limited on systems that are not > memory constrained: the overhead is negligible and evidence of its > effect on cache hotness is hard to come by. > > On the other hand, distinguishing allocations into different slabs will > make attacks that rely on "heap spraying" more difficult to carry out > with success. > > Take sides with security in the default kernel configuration over > questionnable performance benefits/memory efficiency. > > Signed-off-by: Julian Pidancet > --- > In an attempt to assess the performance impact of disabling slab > merging, a timed linux kernel compilation test has been conducted first > using slab_merge, then using slab_nomerge. Both tests started in an > identical state. Commodity hardware was used: a laptop with an AMD Ryzen > 5 3500U CPU, and 16GiB of RAM. The kernel source files were placed on > an XFS partition because of the extensive use of slab caches in XFS. > > The results are as follows: > > | slab_merge | slab_nomerge | > ------+------------------+------------------| > Time | 489.074 ? 10.334 | 489.975 ? 10.350 | > Min | 459.688 | 460.554 | > Max | 493.126 | 494.282 | > > The benchmark favors the configuration where merging is disabled, but the > difference is only ~0.18%, well under statistical significance. As mentioned, please include these kinds of perf notes in the commit log; it's useful to see later. :) Regardless, yes, please. I have been running slab_nomerge on all my systems for years and years now. With the typo fixed and commit log updated, please consider this: Reviewed-by: Kees Cook -Kees -- Kees Cook