On Tue, Jun 26, 2018 at 2:48 AM, Paolo Abeni <pab...@redhat.com> wrote: > Hi, > > On Mon, 25 Jun 2018 11:21:38 -0700 Kees Cook <keesc...@chromium.org> wrote: >> On Mon, Jun 25, 2018 at 8:08 AM, Chris von Recklinghausen >> <creck...@redhat.com> wrote: >> > Enabling HARDENED_USER_COPY causes measurable regressions in the >> > networking performances, up to 8% under UDP flood. >> >> Which function is "hot"? i.e. which copy*user() is taking up the time? >> Do you have a workload that at can be used to reproduce the problem? > > I'm running an a small packet UDP flood using pktgen vs. an host b2b > connected. On the receiver side the UDP packets are processed by a > simple user space process that just read and drop them: > > https://github.com/netoptimizer/network-testing/blob/master/src/udp_sink.c > > Not very useful from a functional PoV, it helps mostly pin-pointing > bottle-neck in the networking stack.
Cool; thanks for the pointer! > When running a kernel with CONFIG_HARDENED_USERCOPY=y, I see a 5-8% > regression in the receive tput, compared to the same kernel without > such option. > > With CONFIG_HARDENED_USERCOPY=y, perf shows ~6% of CPU time spent > cumulatively in __check_object_size (~4%) and __virt_addr_valid (~2%). Are you able to see which network functions are making the __check_object_size() calls? -Kees -- Kees Cook Pixel Security
