Received: by 2002:a05:6500:1b45:b0:1f5:f2ab:c469 with SMTP id cz5csp192797lqb; Tue, 16 Apr 2024 12:40:50 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCU3rUbc6+oxh8edCYpiVNGKAUgV5N/+9FKhPLtzLssMO2pTh3tJsnSbEx9tCtUZvI8eezpvFLVDcA8M9cMYoSA623vjHY+KolUz+KCydA== X-Google-Smtp-Source: AGHT+IEUlUObF3VTUapJolXc66W1BrazcswH/MlI7umLkinB3GhjVsDWB6RwuJG75UaK5q+UymwT X-Received: by 2002:a05:622a:393:b0:436:972b:fc1 with SMTP id j19-20020a05622a039300b00436972b0fc1mr17326247qtx.62.1713296450432; Tue, 16 Apr 2024 12:40:50 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1713296450; cv=pass; d=google.com; s=arc-20160816; b=n3sZfkNF45MME2JYZzqG2AIeT79ZSgzufNgWVyL8srEb0vLeycI2xzElscksjCPTm4 IgxMGPUBrjbmxT8TlXbEz8MzICA5t50jP8qGYF2sb63c+uWjyrbDV+UmxD6KLqyqRRVi Hs+mhz+WcWG06bugcKSyToyYDE31WhosuZ0VeOuv/BJWn6n+h7evGkgiGWz9jh8FrD70 CbIs+jwL63BpzSAt3xp9QD3e/fa3sc9Fr2V4q7auWy5XoKFjcVQwvC7OnPCQWyz9i0rL Y+49pbCWMGN031QADoxoSlnxDbJV4fvBOTVcNpR3WFa58nRC1UDK3dYhRaQYy9UhYjo8 GhPQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=KwEv4Z/MXON03xxjjs3as0fX96oGOhkKVq/HAbUMzow=; fh=hA+ih/mlMupyH/pkBG4AU2exYHm6xQBUmH9dp+pNZ2M=; b=KQV5imgsPIZgupGTjq/cZfFz4h9HVHOe0arJM2Ttf5QqdgfJxAo70kqbWRrCq0rZm9 R04jqaPjLhdMlRTK0gwjDZw8p4/bdKDgXxU54j6TXDc1jg1GEpiZ0Og8ZJiA5bLqgAsk w0eQhV1hB67i18QcCNnBBAgZSGRYPCcRydmqKq/iZLGXlItWHwfaWZ6ItfqDm/q18flY ac7elhBF/EC88saw+EIcUuNaAeh1b8mP4EauQ5yVuJiP6Y8ToeZoPk/v+B23Wm45QKkP WNIXC7MZo7SCnGQugM/+i0+hmVa5lpdD7d6TS8nhApPMihStryFeMwIhsCvx4hocDYu/ RNRw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=gIPnfds+; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-147479-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-147479-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id n15-20020a05622a040f00b00434f39f0037si13389882qtx.60.2024.04.16.12.40.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 16 Apr 2024 12:40:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-147479-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=gIPnfds+; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-147479-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-147479-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 0C4B61C214AF for ; Tue, 16 Apr 2024 19:40:50 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A8C0A1386D2; Tue, 16 Apr 2024 19:40:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="gIPnfds+" Received: from mail-oa1-f41.google.com (mail-oa1-f41.google.com [209.85.160.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4F3B812E1F0 for ; Tue, 16 Apr 2024 19:40:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.160.41 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713296439; cv=none; b=Y8OGMnyfYsoqkpYwIiJSB0DNthgKg6pqdBNCMxccNZgSh1bdCOEP+nFzPRfZgFWZ5ruW+5echCLS33SNRUc6DCnoifHeqeWphi/c7DG6Cb6F3fc4k6tUl5uwHS6Y+jeTJcWtWE6eewvtoZ6xZYhN8MlTmsBF6jsB7rZP35uZiU4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713296439; c=relaxed/simple; bh=RvR6Qs/XmUof5Nbp59FmfgdsMMPaxV8slV+aC7LWifg=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Content-Type; b=KXwnm8zq/lEfdsLmrp1c9+c5ZC/pcsCcY7IfvYcwChPOxNlg9dPzN+8f0dRKeDlyvrT/+tHCP6BcTA/J0dDT3aXe8ufBApMFD9lLKgE5xw6qYETH89HME7qj6NEwKhEGHKlE2bI4WPf9MPhBfl9bWqxNg0x/irmBMjTYYQ+LjTU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=gIPnfds+; arc=none smtp.client-ip=209.85.160.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Received: by mail-oa1-f41.google.com with SMTP id 586e51a60fabf-23319017c4cso3223721fac.2 for ; Tue, 16 Apr 2024 12:40:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1713296437; x=1713901237; darn=vger.kernel.org; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=KwEv4Z/MXON03xxjjs3as0fX96oGOhkKVq/HAbUMzow=; b=gIPnfds+AZmqgVlPcM05vY2KMGCvBFfZX+tCc4fa3kNhn9OmFIDYBvKWgmrN9p3LWl KmOkk74I4nLya8fELsVfokSYibTpF0NjFRsKW9m1cKQ+qDP4smksUnQvgbp1ayHnsoBn OX/556GWj6ENvVZEM4uqvtskjAUpcN9ZtZSAE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713296437; x=1713901237; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KwEv4Z/MXON03xxjjs3as0fX96oGOhkKVq/HAbUMzow=; b=Z85V4LHsVBZ4powWSdfw+S7x32SZQSxbJ91Zh/1RGI17kHtu3ZgWfEGE+uMEl24X5H ftyt4u4IgmOjyh69YJOV7J5RqPhWAShON7k7hM5vppzfcevNwIoL19fXMtcONEiIN09t IECaNtSJ3Yv6hXIQH3jKxb0HIXy5doVbkXEbV0lcQe7ArMviMK3VjullgjNKAKDeDkBh 52aaWIE+F4VURAGCAEwoTOyh9YjTfrszqlFQKjTAK6aI1OO7p+BzV86pjAj74QrDXHPa vKEJutsbVZdBQ67EOe2JhVWTBJZsWA6L6B+AfYmUou8uduKGER9+pUGGSiuilmXuCAZ2 LNzw== X-Forwarded-Encrypted: i=1; AJvYcCV63VIec+xUU0DkUQmGiUv+JkHeiBKsi6L9nmJ2/pih83K/NN6YJxp43PVlhJnc4/x7i+lskcdTmW/EX6ae2WgKqPeCGJh+w8yuMXRG X-Gm-Message-State: AOJu0YzVvUyfYiMuD3zT5dtq+DjIMO9Lrme1L27MKkx2JvQWZGyYZhAh KIqB2c5hW9ZK5nMxLHYSiGQy4Q+y+egjK80st/q8fr5G/IgC6VB+6DKoe/oAAGK0/3njpJImseB GksOulVtv5mXcgD08mplbPdfueMxCORX2f0Oz X-Received: by 2002:a05:6870:d14d:b0:22a:4249:f409 with SMTP id f13-20020a056870d14d00b0022a4249f409mr16854617oac.4.1713296437395; Tue, 16 Apr 2024 12:40:37 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240415163527.626541-1-jeffxu@chromium.org> In-Reply-To: From: Jeff Xu Date: Tue, 16 Apr 2024 12:40:26 -0700 Message-ID: Subject: Re: [PATCH v10 0/5] Introduce mseal To: "Liam R. Howlett" , jeffxu@chromium.org, akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, sroettger@google.com, willy@infradead.org, gregkh@linuxfoundation.org, torvalds@linux-foundation.org, usama.anjum@collabora.com, corbet@lwn.net, surenb@google.com, merimus@google.com, rdunlap@infradead.org, jeffxu@google.com, jorgelo@chromium.org, groeck@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, pedro.falcato@gmail.com, dave.hansen@intel.com, linux-hardening@vger.kernel.org, deraadt@openbsd.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, Apr 16, 2024 at 8:13=E2=80=AFAM Liam R. Howlett wrote: > > * jeffxu@chromium.org [240415 12:35]: > > From: Jeff Xu > > > > This is V10 version, it rebases v9 patch to 6.9.rc3. > > We also applied and tested mseal() in chrome and chromebook. > > > > ------------------------------------------------------------------ > ... > > > MM perf benchmarks > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > This patch adds a loop in the mprotect/munmap/madvise(DONTNEED) to > > check the VMAs=E2=80=99 sealing flag, so that no partial update can be = made, > > when any segment within the given memory range is sealed. > > > > To measure the performance impact of this loop, two tests are developed= . > > [8] > > > > The first is measuring the time taken for a particular system call, > > by using clock_gettime(CLOCK_MONOTONIC). The second is using > > PERF_COUNT_HW_REF_CPU_CYCLES (exclude user space). Both tests have > > similar results. > > > > The tests have roughly below sequence: > > for (i =3D 0; i < 1000, i++) > > create 1000 mappings (1 page per VMA) > > start the sampling > > for (j =3D 0; j < 1000, j++) > > mprotect one mapping > > stop and save the sample > > delete 1000 mappings > > calculates all samples. > > > Thank you for doing this performance testing. > > > > > Below tests are performed on Intel(R) Pentium(R) Gold 7505 @ 2.00GHz, > > 4G memory, Chromebook. > > > > Based on the latest upstream code: > > The first test (measuring time) > > syscall__ vmas t t_mseal delta_ns per_vma % > > munmap__ 1 909 944 35 35 104% > > munmap__ 2 1398 1502 104 52 107% > > munmap__ 4 2444 2594 149 37 106% > > munmap__ 8 4029 4323 293 37 107% > > munmap__ 16 6647 6935 288 18 104% > > munmap__ 32 11811 12398 587 18 105% > > mprotect 1 439 465 26 26 106% > > mprotect 2 1659 1745 86 43 105% > > mprotect 4 3747 3889 142 36 104% > > mprotect 8 6755 6969 215 27 103% > > mprotect 16 13748 14144 396 25 103% > > mprotect 32 27827 28969 1142 36 104% > > madvise_ 1 240 262 22 22 109% > > madvise_ 2 366 442 76 38 121% > > madvise_ 4 623 751 128 32 121% > > madvise_ 8 1110 1324 215 27 119% > > madvise_ 16 2127 2451 324 20 115% > > madvise_ 32 4109 4642 534 17 113% > > > > The second test (measuring cpu cycle) > > syscall__ vmas cpu cmseal delta_cpu per_vma % > > munmap__ 1 1790 1890 100 100 106% > > munmap__ 2 2819 3033 214 107 108% > > munmap__ 4 4959 5271 312 78 106% > > munmap__ 8 8262 8745 483 60 106% > > munmap__ 16 13099 14116 1017 64 108% > > munmap__ 32 23221 24785 1565 49 107% > > mprotect 1 906 967 62 62 107% > > mprotect 2 3019 3203 184 92 106% > > mprotect 4 6149 6569 420 105 107% > > mprotect 8 9978 10524 545 68 105% > > mprotect 16 20448 21427 979 61 105% > > mprotect 32 40972 42935 1963 61 105% > > madvise_ 1 434 497 63 63 115% > > madvise_ 2 752 899 147 74 120% > > madvise_ 4 1313 1513 200 50 115% > > madvise_ 8 2271 2627 356 44 116% > > madvise_ 16 4312 4883 571 36 113% > > madvise_ 32 8376 9319 943 29 111% > > > > If I am reading this right, madvise() is affected more than the other > calls? Is that expected or do we need to have a closer look? > The madvise() has a bigger percentage (per_vma %), but it also has a smaller base value (cpu). -Jeff