Adding Daniel for awareness.
Regards. Pablo El mié., 31 ago. 2022 16:09, John Reiser <jrei...@bitwagon.com> escribió: > Here is one end-to-end performance measurement of using hardened_malloc. > > sudo sh -c "echo 1 >/proc/sys/vm/drop_caches" > /usr/bin/time rpmbuild -bc kernel-5.15.11-100.fc34.spec >rpmbuild.out > 2>&1 > > For glibc, the result was > 19274.30user 2522.87system 1:49:06elapsed 332%CPU (0avgtext+0avgdata > 3389052maxresident)k > 148504inputs+217900040outputs (18221major+1005715216minor)pagefaults > 0swaps > > For the same task, but preceded by > export LD_PRELOAD=/usr/lib64/libhardened_malloc.so > the result was > 26108.73user 4805.55system 2:22:43elapsed 360%CPU (0avgtext+0avgdata > 1881564maxresident)k > 586704inputs+217900504outputs (31876major+1848825755minor)pagefaults > 0swaps > > So compared to glibc-2.33-21.fc34.x86_64, hardened_malloc used > 1.3 times as much wall clock (8563 / 6536 in seconds) > 1.35 times as much user CPU (26108 / 19274) > 1.9 times as much sys CPU ( 4805 / 2522). > > The environment was a physical machine running fedora > 5.17.12-100.fc34.x86_64: > Intel Core i5-6500 @3.2GHz (4 CPU, 4 cores, 256kB L2 cache per core, > 6MB L3 shared) > 32GB DDR4 RAM > /usr ext4 on SSD, /data ext4 on 4TB spinning commodity hard drive > > In the .spec, I changed to: > %define make_opts -j4 > so that much of the compiling ran 4 jobs in parallel. > /usr/bin/top showed minimal use of swapspace: 4MB, > > hardened_malloc required (as documented in its README.md): > ----- /etc/sysctl.d/hardened_malloc.conf > # (Fedora 5.17.12) default is 65530 (2**16 - 6), > # libhardened_malloc suggests 1048576 (2**20) > # we choose 1048570 (2**20 - 6) > vm.max_map_count = 1048570 > ----- > else the job crashed: > BTF .btf.vmlinux.bin.o > memory exhausted > > The libhardened_malloc source code version was: > commit 72fb3576f568481a03076c62df37984f96bfdfeb > of Tue Aug 16 07:47:26 2022 -0400 > > Bottom line opinion: hardened_malloc's added security against exploit > by malware costs too much. I will not choose hardened_malloc for this > task. > _______________________________________________ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
