linux

iv/linux

Go to file

Kees Cook 192cf32243 selftests/seccomp: Compare bitmap vs filter overhead

As part of the seccomp benchmarking, include the expectations with
regard to the timing behavior of the constant action bitmaps, and report
inconsistencies better.

Example output with constant action bitmaps on x86:

$ sudo ./seccomp_benchmark 100000000
Current BPF sysctl settings:
net.core.bpf_jit_enable = 1
net.core.bpf_jit_harden = 0
Benchmarking 200000000 syscalls...
129.359381409 - 0.008724424 = 129350656985 (129.4s)
getpid native: 646 ns
264.385890006 - 129.360453229 = 135025436777 (135.0s)
getpid RET_ALLOW 1 filter (bitmap): 675 ns
399.400511893 - 264.387045901 = 135013465992 (135.0s)
getpid RET_ALLOW 2 filters (bitmap): 675 ns
545.872866260 - 399.401718327 = 146471147933 (146.5s)
getpid RET_ALLOW 3 filters (full): 732 ns
696.337101319 - 545.874097681 = 150463003638 (150.5s)
getpid RET_ALLOW 4 filters (full): 752 ns
Estimated total seccomp overhead for 1 bitmapped filter: 29 ns
Estimated total seccomp overhead for 2 bitmapped filters: 29 ns
Estimated total seccomp overhead for 3 full filters: 86 ns
Estimated total seccomp overhead for 4 full filters: 106 ns
Estimated seccomp entry overhead: 29 ns
Estimated seccomp per-filter overhead (last 2 diff): 20 ns
Estimated seccomp per-filter overhead (filters / 4): 19 ns
Expectations:
	native ≤ 1 bitmap (646 ≤ 675): ✔️
	native ≤ 1 filter (646 ≤ 732): ✔️
	per-filter (last 2 diff) ≈ per-filter (filters / 4) (20 ≈ 19): ✔️
	1 bitmapped ≈ 2 bitmapped (29 ≈ 29): ✔️
	entry ≈ 1 bitmapped (29 ≈ 29): ✔️
	entry ≈ 2 bitmapped (29 ≈ 29): ✔️
	native + entry + (per filter * 4) ≈ 4 filters total (755 ≈ 752): ✔️

[YiFei: Changed commit message to show stats for this patch series]
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/1b61df3db85c5f7f1b9202722c45e7b39df73ef2.1602431034.git.yifeifz2@illinois.edu

2020-11-20 11:16:34 -08:00

arch

x86: Enable seccomp architecture tracking

2020-11-20 11:16:34 -08:00

block

block: add a return value to set_capacity_revalidate_and_notify

2020-11-12 13:59:04 -07:00

certs

.gitignore: add SPDX License Identifier

2020-03-25 11:50:48 +01:00

crypto

drivers-5.10-2020-10-12

2020-10-13 13:04:41 -07:00

Documentation

Devicetree fixes for v5.10, take 2:

2020-11-13 12:47:02 -08:00

drivers

drm nouveau fixes for 5.10-rc4

2020-11-15 13:07:36 -08:00

Merge branch 'akpm' (patches from Andrew)

2020-11-14 12:35:11 -08:00

include

A set of fixes for perf:

2020-11-15 09:46:36 -08:00

init

bootconfig: Extend the magic check range to the preceding 3 bytes

2020-11-12 20:36:52 -05:00

ipc

ipc: adjust proc_ipc_sem_dointvec definition to match prototype

2020-09-05 12:14:29 -07:00

kernel

seccomp/cache: Add "emulator" to check if filter is constant allow

2020-11-20 11:16:34 -08:00

lib

drm fixes for 5.10-rc3

2020-11-06 12:54:00 -08:00

LICENSES

LICENSES/deprecated: add Zlib license text

2020-09-16 14:33:49 +02:00

Merge branch 'for-5.10-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/dennis/percpu

2020-11-15 08:57:19 -08:00

net

Networking fixes for 5.10-rc4, including fixes from the bpf subtree.

2020-11-12 14:02:04 -08:00

samples

Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf

2020-11-06 17:49:34 -08:00

scripts

Networking fixes for 5.10-rc4, including fixes from the bpf subtree.

2020-11-12 14:02:04 -08:00

security

selinux/stable-5.10 PR 20201113

2020-11-14 12:04:02 -08:00

sound

ASoC: Fixes for v5.10

2020-11-05 18:19:32 +01:00

tools

selftests/seccomp: Compare bitmap vs filter overhead

2020-11-20 11:16:34 -08:00

usr

Merge branch 'work.fdpic' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

2020-08-07 13:29:39 -07:00

virt

kvm: x86/mmu: Support dirty logging for the TDP MMU

2020-10-23 03:42:13 -04:00

.clang-format

RDMA 5.10 pull request

2020-10-17 11:18:18 -07:00

.cocciconfig

…

.get_maintainer.ignore

Opt out of scripts/get_maintainer.pl

2019-05-16 10:53:40 -07:00

.gitattributes

.gitattributes: use 'dts' diff driver for dts files

2019-12-04 19:44:11 -08:00

.gitignore

.gitignore: docs: ignore sphinx_*/ directories

2020-09-10 10:44:31 -06:00

.mailmap

mailmap: fix entry for Dmitry Baryshkov/Eremin-Solenikov

2020-11-14 11:26:03 -08:00

COPYING

COPYING: state that all contributions really are covered by this file

2020-02-10 13:32:20 -08:00

CREDITS

MAINTAINERS: Move Sangbeom Kim to credits

2020-10-26 10:11:18 +01:00

Kbuild

kbuild: rename hostprogs-y/always to hostprogs/always-y

2020-02-04 01:53:07 +09:00

Kconfig

kbuild: ensure full rebuild when the compiler is updated

2020-05-12 13:28:33 +09:00

MAINTAINERS

USB/Thunderbolt fixes for 5.10-rc4

2020-11-15 10:02:41 -08:00

Makefile

Linux 5.10-rc4

2020-11-15 16:44:31 -08:00

README

Drop all 00-INDEX files from Documentation/

2018-09-09 15:08:58 -06:00

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.

Languages

C 97.6%

Assembly 1%

Shell 0.5%

Python 0.3%

Makefile 0.3%