Adding Daniel for awareness.


Regards.
Pablo

El mié., 31 ago. 2022 16:09, John Reiser <jreiser@bitwagon.com> escribió:
Here is one end-to-end performance measurement of using hardened_malloc.

    sudo sh -c "echo 1 >/proc/sys/vm/drop_caches"
    /usr/bin/time rpmbuild -bc kernel-5.15.11-100.fc34.spec >rpmbuild.out 2>&1

For glibc, the result was
    19274.30user 2522.87system 1:49:06elapsed 332%CPU (0avgtext+0avgdata 3389052maxresident)k
    148504inputs+217900040outputs (18221major+1005715216minor)pagefaults 0swaps

For the same task, but preceded by
    export LD_PRELOAD=/usr/lib64/libhardened_malloc.so
the result was
    26108.73user 4805.55system 2:22:43elapsed 360%CPU (0avgtext+0avgdata 1881564maxresident)k
    586704inputs+217900504outputs (31876major+1848825755minor)pagefaults 0swaps

So compared to glibc-2.33-21.fc34.x86_64, hardened_malloc used
    1.3  times as much wall clock (8563 /  6536  in seconds)
    1.35 times as much user CPU  (26108 / 19274)
    1.9  times as much sys  CPU  ( 4805 /  2522).

The environment was a physical machine running fedora 5.17.12-100.fc34.x86_64:
    Intel Core i5-6500 @3.2GHz  (4 CPU, 4 cores, 256kB L2 cache per core, 6MB L3 shared)
    32GB DDR4 RAM
    /usr ext4 on SSD, /data ext4 on 4TB spinning commodity hard drive

In the .spec, I changed to:
    %define make_opts -j4
so that much of the compiling ran 4 jobs in parallel.
/usr/bin/top showed minimal use of swapspace: 4MB,

hardened_malloc required (as documented in its README.md):
    ----- /etc/sysctl.d/hardened_malloc.conf
    # (Fedora 5.17.12) default is   65530 (2**16 - 6),
    # libhardened_malloc suggests 1048576 (2**20)
    # we choose                   1048570 (2**20 - 6)
    vm.max_map_count = 1048570
    -----
else the job crashed:
      BTF     .btf.vmlinux.bin.o
    memory exhausted

The libhardened_malloc source code version was:
    commit 72fb3576f568481a03076c62df37984f96bfdfeb
    of Tue Aug 16 07:47:26 2022 -0400

Bottom line opinion: hardened_malloc's added security against exploit
by malware costs too much.  I will not choose hardened_malloc for this task.
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue