Received: by 2002:a05:7412:e794:b0:fa:551:50a7 with SMTP id o20csp91946rdd; Mon, 8 Jan 2024 19:29:00 -0800 (PST) X-Google-Smtp-Source: AGHT+IErkanb7xazXm6JeUHA+Sb3p0Lz6WxJXq+enHUH0DDcmX5nAT/rjI6oZ8+T2w0hnoF08S0y X-Received: by 2002:ac2:54a6:0:b0:50e:a9ee:4fd with SMTP id w6-20020ac254a6000000b0050ea9ee04fdmr1556311lfk.127.1704770939535; Mon, 08 Jan 2024 19:28:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704770939; cv=none; d=google.com; s=arc-20160816; b=0EUSoX7nSUzuSB6qVZcigsJjUhyK8rPWOPGL8sK2WTtuF+8a/zgTwKRO2qKc45ZWa7 x4G8vBTK+bLctFNqD7/5kg9iCszPBItoWlQ0Wn2tlE1l3BsfPeTGsVz6KiTraZ7YU4F3 UQCV6MDdS+1TfFrNeAfsDx1NUGMP9TQzTw8tGWlmIjTVkQwoLN8ajJkdEZD9dkiP3aYX k/lrGCEw3N7kD7S62NTzOG5XcdKJCCU+ft0v0XZsuLaR7Q6oLmoau+HVS8uWjoh3FWYv Nrmh8St64EeSEzcxx2/h7CbiDCG37Mk1char+9OvleLWPbCsMCn+sKSi6JZDaxxgWx9T eaEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :dkim-signature; bh=+fwef4f8zdi8jyi9mZHrI80qFYXJ3jAKC206/8D+udk=; fh=VKQasrpBGlye5s90cs9XD7dfiItSKjCnDADCRpCqpSo=; b=irzRji/YJWuoUFb2WSf26ssQR1zP5f9/dVzcoRf0gRWIAScy6au9e22SLFjIQkzsi/ eYQBF1Q+uSO1p59cpxzhAeA31i9lKkOQz22g13ho8Y8OKgHMEjDeMdV6CIgBC6X5Gf3y nhezbV4q24W0L/Ir/wZMg+1rQa/R80EVH0Rus3w6fyjXKRhyHjecGkSUgRwZmXyVqs4I GzdzzNSarh63tqZk5ZM56RPhi978OdzxchJTrfQO4F7PAu2xQbKEN58JkzY/MGMd1jP+ 2t99Q7AKmvjQwYR0cDysHvhQuw3kyapDAcrZ+FCMz6cq76/GKCNNdC3zCVheJYrwuu3w WbkQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linux-foundation.org header.s=google header.b=Sp8LDrYy; spf=pass (google.com: domain of linux-kernel+bounces-20326-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-20326-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id xo7-20020a170907bb8700b00a28f1eaeaedsi465563ejc.698.2024.01.08.19.28.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jan 2024 19:28:59 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-20326-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linux-foundation.org header.s=google header.b=Sp8LDrYy; spf=pass (google.com: domain of linux-kernel+bounces-20326-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-20326-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id F3C9E1F236C4 for ; Tue, 9 Jan 2024 03:28:58 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A2B874418; Tue, 9 Jan 2024 03:28:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=linux-foundation.org header.i=@linux-foundation.org header.b="Sp8LDrYy" Received: from mail-ed1-f45.google.com (mail-ed1-f45.google.com [209.85.208.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9EBE928FE for ; Tue, 9 Jan 2024 03:28:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=linux-foundation.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linuxfoundation.org Received: by mail-ed1-f45.google.com with SMTP id 4fb4d7f45d1cf-55719cdc0e1so2776694a12.1 for ; Mon, 08 Jan 2024 19:28:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; t=1704770923; x=1705375723; darn=vger.kernel.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=Q2n04rycTbVj98G4Oti5JohO5PKOBYnQTDfzjI/yRas=; b=Sp8LDrYysiKUwFAN/rHoEVJWCXUbeOc1POniDowgYx3xTnxiKUxt9XbaR3OKxS+AXc WjzepJTqaASNsDI6ELWTjDQVJP2ON+re2f3XvAeaGEtSNvQPmPlB7PXc2qezq+BkHkkS 3uysPBXFV1edCV+DA0YLMx7M2oOk89WkDlR7U= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704770923; x=1705375723; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Q2n04rycTbVj98G4Oti5JohO5PKOBYnQTDfzjI/yRas=; b=L1Z5Y+x4aXkJ03oTKsxbq5gnfYb9Zk6B+ke9rCM2rTdGhzqsfFvKi5LOH8P4dRRozB l3AXyReuxJHmoQ9S0MWDllXFFoCq0afui1mTAr6vDZxzvRQRJRJlH5nJGs8poRUE3tvd LKDuG5xqhZ3e1YttdPjF/1Iz3D9QVO3POCe/Y2OwHNNqPpkv/y3dOu7200qshp3cdfBY DSg9QXx4rRAKfaGB5f0JdHP3GrxqEGIcgKA4c4BOoW83dmg50xSGB/2YERXE5rn9k2ge gJ8Xr7E7FNQG6GSVWeAYpN1G/BjWPpzGMcnJBg+GYq3LKcFJHT8Ul/wJrV3xQue4liw8 OTmQ== X-Gm-Message-State: AOJu0YwCS3fMduVet7M5bJeeUQZ/xaN4MSKTfrqqpUamcbOhY7APfvKF bQheP2Bh3FxCeFfyz0aDVfXAcoVhHhIvkziDZaUtXfR54w5yehOO X-Received: by 2002:a17:906:f102:b0:a29:f46f:f572 with SMTP id gv2-20020a170906f10200b00a29f46ff572mr147058ejb.104.1704770923692; Mon, 08 Jan 2024 19:28:43 -0800 (PST) Received: from mail-ed1-f54.google.com (mail-ed1-f54.google.com. [209.85.208.54]) by smtp.gmail.com with ESMTPSA id ch19-20020a170906c2d300b00a2b091e93aesm525605ejb.115.2024.01.08.19.28.42 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 08 Jan 2024 19:28:42 -0800 (PST) Received: by mail-ed1-f54.google.com with SMTP id 4fb4d7f45d1cf-555bd21f9fdso2785813a12.0 for ; Mon, 08 Jan 2024 19:28:42 -0800 (PST) X-Received: by 2002:a17:906:36c7:b0:a28:e76c:f928 with SMTP id b7-20020a17090636c700b00a28e76cf928mr156222ejc.6.1704770921784; Mon, 08 Jan 2024 19:28:41 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <202401081028.0E908F9E0A@keescook> In-Reply-To: From: Linus Torvalds Date: Mon, 8 Jan 2024 19:28:25 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [GIT PULL] execve updates for v6.8-rc1 To: Kees Cook Cc: Kees Cook , linux-kernel@vger.kernel.org, Alexey Dobriyan , Josh Triplett Content-Type: multipart/mixed; boundary="000000000000379261060e7ae964" --000000000000379261060e7ae964 Content-Type: text/plain; charset="UTF-8" On Mon, 8 Jan 2024 at 17:53, Linus Torvalds wrote: > > Because I *guarantee* that we can trivially write another benchmark > that shows that looking up the pathname twice is worse. Ok, so I just took a look at the alleged benchmark that was used for the "look up twice" argument. It looks quite broken. What it seems to do is to "fork+execve" on a small file, and do clock_gettime() in the parent and in the child, and add up the differences between the times. But that's just testing random scheduler interactions, not the speed of fork/exec. IOW, that one improves performance if you always run the child first after the fork(), so that the child runs immediately, finishes the work, and when the parent then resumes, it reads the completed result from the pipe. It will give big behavior changes for any scheduling behavior - like trying to run children concurrently on another CPU vs running it immediately on the same CPU etc etc. Using "vfork()" instead of "fork()" will remove *one* variable, in that it will force that "child runs first" behavior that you want, and would likely help performance a lot. But even then you'll end up with a scheduling benchmark: when the child does "execve()" that will now wake up the parent again, and the *optimal* behavior is probably to run the child fully until it does "exit" (well, at least until it runs "clock_gettime()") before scheduling the parent. You might get that by just forcing it all to run on one single CPU, unless the wakeup by the execve() synchronously wakes up the parent. IOW, you can probably get closer to the numbers you want with vfork(), but even then it's a crap-shoot and depends on scheduling. If you want to actually test execve() itself, you shouldn't use fork() at all - you should literally execve() in a loop, using the execve() argument as the "loop variable". That will actually test execve(), not the scheduling of the child, which will be pretty random. IOW, something (truly stuipid) like the attached, and then you do $ gcc -O2 --static t.c $ time ./a.out 100000 1 to time a hundred thousand execve() calls. Look ma, no fork, vfork, or scheduler interactions. Of course, if you then want to check the pathname lookup failure cost, you'd need to change the "execve()" into a "execvpe()" and play around with the PATH variable, putting "." in different places etc. And you might want to write your own PATH lookup one, to make sure it actually uses the "execve()" system call and not "stat()" to find the executable. . and do you want to then check using "execveat()" (new model) vs "path string created by appending in user space" (classic model)? Tons of variables. For example, modern "execveat()" behavior is *probably* using a small pathname that is looked up by opening the different directories in $PATH, but the old-school thing that creates pathnames all in user space and then does "execve()" on them will probably have fairly heavy path lookup costs. So now the whole "look up path twice" might be very differently expensive depending on just how you ended up dealing with the $PATH components. It *could* be cheap. Or it might be looking up a long path. End result: there's a million interactions here. You need to decide what you want to test. But you *definitely* shouldn't decide to test some random scheduler behavior and call it "execve cost". Linus --000000000000379261060e7ae964 Content-Type: text/x-c-code; charset="US-ASCII"; name="t.c" Content-Disposition: attachment; filename="t.c" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_lr5rvloi0 I2luY2x1ZGUgPHVuaXN0ZC5oPgojaW5jbHVkZSA8c3RkbGliLmg+CiNpbmNsdWRlIDxzdGRpby5o PgoKaW50IG1haW4oaW50IGFyZ2MsIGNoYXIgKiphcmd2LCBjaGFyICoqZW52cCkKewoJY2hhciBi dWZmZXJbMTBdOwoJaW50IG4sIG07CgoJaWYgKGFyZ2MgPCAzKQoJCWV4aXQoMSk7CgluID0gYXRv aShhcmd2WzFdKTsKCWlmIChuIDw9IDApCgkJZXhpdCgyKTsKCW0gPSBhdG9pKGFyZ3ZbMl0pOwoJ aWYgKG0gPj0gbikKCQlleGl0KDApOwoJc25wcmludGYoYnVmZmVyLCBzaXplb2YoYnVmZmVyKSwg IiVkIiwgbSsxKTsKCWFyZ3ZbMl0gPSBidWZmZXI7CglleGVjdmUoIi4vYS5vdXQiLCBhcmd2LCBl bnZwKTsKCWV4aXQoMyk7Cn0K --000000000000379261060e7ae964--