Adding Daniel for awareness.
Regards.
Pablo
El mié., 31 ago. 2022 16:09, John Reiser <jreiser@xxxxxxxxxxxx> escribió:
Here is one end-to-end performance measurement of using hardened_malloc.
sudo sh -c "echo 1 >/proc/sys/vm/drop_caches"
/usr/bin/time rpmbuild -bc kernel-5.15.11-100.fc34.spec >rpmbuild.out 2>&1
For glibc, the result was
19274.30user 2522.87system 1:49:06elapsed 332%CPU (0avgtext+0avgdata 3389052maxresident)k
148504inputs+217900040outputs (18221major+1005715216minor)pagefaults 0swaps
For the same task, but preceded by
export LD_PRELOAD=/usr/lib64/libhardened_malloc.so
the result was
26108.73user 4805.55system 2:22:43elapsed 360%CPU (0avgtext+0avgdata 1881564maxresident)k
586704inputs+217900504outputs (31876major+1848825755minor)pagefaults 0swaps
So compared to glibc-2.33-21.fc34.x86_64, hardened_malloc used
1.3 times as much wall clock (8563 / 6536 in seconds)
1.35 times as much user CPU (26108 / 19274)
1.9 times as much sys CPU ( 4805 / 2522).
The environment was a physical machine running fedora 5.17.12-100.fc34.x86_64:
Intel Core i5-6500 @3.2GHz (4 CPU, 4 cores, 256kB L2 cache per core, 6MB L3 shared)
32GB DDR4 RAM
/usr ext4 on SSD, /data ext4 on 4TB spinning commodity hard drive
In the .spec, I changed to:
%define make_opts -j4
so that much of the compiling ran 4 jobs in parallel.
/usr/bin/top showed minimal use of swapspace: 4MB,
hardened_malloc required (as documented in its README.md):
----- /etc/sysctl.d/hardened_malloc.conf
# (Fedora 5.17.12) default is 65530 (2**16 - 6),
# libhardened_malloc suggests 1048576 (2**20)
# we choose 1048570 (2**20 - 6)
vm.max_map_count = 1048570
-----
else the job crashed:
BTF .btf.vmlinux.bin.o
memory exhausted
The libhardened_malloc source code version was:
commit 72fb3576f568481a03076c62df37984f96bfdfeb
of Tue Aug 16 07:47:26 2022 -0400
Bottom line opinion: hardened_malloc's added security against exploit
by malware costs too much. I will not choose hardened_malloc for this task.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
