On Fri, Apr 19, 2024 at 2:22 AM Jeff Xu <jeffxu@xxxxxxxxxxxx> wrote: > The overhead is likely to grow linearly with the number of VMA, since > it takes time to retrieve VMA's metadata. > > Let's use one data sample to look at impact: > > Test: munmap 1000 memory range, each memory range has 1 VMA > > syscall__ vmas t t_mseal delta_ns per_vma % > munmap__ 1 909 944 35 35 104% > > For those 1000 munmap calls, sealing adds 35000 ns in total, or 35 ns per call. Have you tried to spray around some likely() and unlikely()s? Does that make a difference? I'm thinking that sealing VMAs will be very rare, and mprotect/munmapping them is probably a programming error anyway, so the extra branches in the mprotect/munmap/madvice (etc) should be a nice target for some branch annotation. -- Pedro
