Adding Daniel for awareness.
Regards.
Pablo
El mié., 31 ago. 2022 16:09, John Reiser <jreiser(a)bitwagon.com> escribió:
Here is one end-to-end performance measurement of using
hardened_malloc.
sudo sh -c "echo 1 >/proc/sys/vm/drop_caches"
/usr/bin/time rpmbuild -bc kernel-5.15.11-100.fc34.spec >rpmbuild.out
2>&1
For glibc, the result was
19274.30user 2522.87system 1:49:06elapsed 332%CPU (0avgtext+0avgdata
3389052maxresident)k
148504inputs+217900040outputs (18221major+1005715216minor)pagefaults
0swaps
For the same task, but preceded by
export LD_PRELOAD=/usr/lib64/libhardened_malloc.so
the result was
26108.73user 4805.55system 2:22:43elapsed 360%CPU (0avgtext+0avgdata
1881564maxresident)k
586704inputs+217900504outputs (31876major+1848825755minor)pagefaults
0swaps
So compared to glibc-2.33-21.fc34.x86_64, hardened_malloc used
1.3 times as much wall clock (8563 / 6536 in seconds)
1.35 times as much user CPU (26108 / 19274)
1.9 times as much sys CPU ( 4805 / 2522).
The environment was a physical machine running fedora
5.17.12-100.fc34.x86_64:
Intel Core i5-6500 @3.2GHz (4 CPU, 4 cores, 256kB L2 cache per core,
6MB L3 shared)
32GB DDR4 RAM
/usr ext4 on SSD, /data ext4 on 4TB spinning commodity hard drive
In the .spec, I changed to:
%define make_opts -j4
so that much of the compiling ran 4 jobs in parallel.
/usr/bin/top showed minimal use of swapspace: 4MB,
hardened_malloc required (as documented in its README.md):
----- /etc/sysctl.d/hardened_malloc.conf
# (Fedora 5.17.12) default is 65530 (2**16 - 6),
# libhardened_malloc suggests 1048576 (2**20)
# we choose 1048570 (2**20 - 6)
vm.max_map_count = 1048570
-----
else the job crashed:
BTF .btf.vmlinux.bin.o
memory exhausted
The libhardened_malloc source code version was:
commit 72fb3576f568481a03076c62df37984f96bfdfeb
of Tue Aug 16 07:47:26 2022 -0400
Bottom line opinion: hardened_malloc's added security against exploit
by malware costs too much. I will not choose hardened_malloc for this
task.
_______________________________________________
devel mailing list -- devel(a)lists.fedoraproject.org
To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue