Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Tomasz Stanislawski <t.stanislaws <at> samsung.com>
Subject: [PATCH 0/4] Optimizations for memory handling in SMACK
Newsgroups: gmane.linux.kernel.lsm
Date: Wednesday 19th June 2013 15:13:31 UTC (over 4 years ago)
Hi everyone,
This patchset focuses on optimizations for memory handling done in
internals of
smk_write_rules_list(). It is an update from [1].

The first patch introduces a limit for maximal length of a rule string. 
The
second patch optimizes rule string parsing to avoid unnecessary
allocations.
The third and the forth introduce kmem_cache to reduce memory wasted on
padding
bytes.

The patchset is rebased on smack/next. Additionally the "memleak" patch [2]
has
to be applied. This patch conflicts with the this patchset.

Some measurements for time and used memory were prepared.  The test
platform
was ARM target. The Smack configuration contains circa 17K rules and 500
labels.  The procedure is following:
1. Boot the target with 'init=/bin/bash' added to cmdline.
2. Mount all needed file systems (procfs and smackfs in principle)
3. Measure SLAB memory with (column Pre expressed in [kiB]):
   # grep SUnreclaim: /proc/meminfo
4. Initialize SMACK and measure time (column Time [sec])
   # time smackctl apply
5. Measure SLAB memory with (column Post expressed in [kiB]):
   # grep SUnreclaim: /proc/meminfo

Each measurement was repeated 5 time to reduce noise.
The column 'Diff' is equal to 'Post' - 'Pre'.
This value is expected to be equal to kernel memory
allocated during the initialization of SMACK.

Result for the reference kernel from smack/next:

Run:|Pre |Post|Diff|Time
.-------------------------
1   |5132|7116|1984|1.162
2   |5148|7024|1876|1.134
3   |5292|7264|1972|1.148
4   |5436|7424|1988|1.156
5   |5364|7276|1912|1.140
.-------------------------
AVG:|    |    |1946|1.148


Results for reference kernel plus memfix patch.

Run:|Pre |Post|Diff|Time
.-------------------------
1   |5056|6388|1332|1.149
2   |5072|6444|1372|1.127
3   |4892|6336|1444|1.131
4   |5468|6740|1272|1.149
5   |5192|6520|1328|1.145
.-------------------------
AVG:|    |    |1349|1.140

Fixing the memleak reduced memeory consumption by 600 KiB.


Results for previous kernel + patch 2. Patch 1 was not tested
because it is only a protection limit.

Run:|Pre |Post|Diff|Time
.-------------------------
1   |5264|6616|1352|1.117
2   |5352|6668|1316|1.115
3   |5400|6752|1352|1.118
4   |5220|6668|1448|1.122
5   |5316|6652|1336|1.101
.-------------------------
AVG:|    |    |1360|1.115

The patch 2 fastened rule loading by 25 ms.


Results for previous kernel + patch 3.

Run:|Pre |Post|Diff|Time
.-------------------------
1   |5212|6432|1220|1.106
2   |5408|6552|1144|1.118
3   |5044|6292|1248|1.107
4   |5232|6428|1196|1.120
5   |5268|6492|1224|1.111
.-------------------------
AVG:|    |    |1206|1.112

Memory consumption was reduced by 154 kiB. The patch reduced
memory used for single rule entity from 32 to 24 bytes.
This gives 8 * 17k = 132 KiB. The value is consistent with
measurements due to high noise.

Results for previous kernel + patch 3.

Run:|Pre |Post|Diff|Time
.-------------------------
1   |5300|6176| 876|1.098
2   |5044|5984| 940|1.086
3   |5504|6436| 932|1.074
4   |5244|6200| 956|1.083
5   |5280|6164| 884|1.088
.-------------------------
AVG:|    |    | 918|1.086

Memory consumption was reduced by 288 kiB. The patch reduced
memory used for single master rule entity from 32 to 16 bytes.
This gives 16 * 17k = 264 KiB. The value is consistent with
measurements due to high noise. Moreover, the initialization
was sped up by 26 ms.

To sum up, all the patches plus the memory fix reduced the amount
of memory for rule-related structures from 1946 kiB to 918 kiB.
Memory requirements were reduced by half.

I hope you find this patchset useful.
All comments are welcome.

Regards,
Tomasz Stanislawski.

Changelog:
v1:
- post 'fix memleak in smk_write_rules_list() as a separate patch'
- prepare performance measurements
- remove stack allocations for a rule string, use kmalloc()

[1] http://en.it-usenet.org/thread/20260/343969/
[2] http:[email protected]/msg454761.html

Tomasz Stanislawski (4):
  security: smack: limit a length for a rule string in the long format
  security: smack: avoid kmalloc() in smk_parse_long_rule()
  security: smack: add kmem_cache for smack_rule allocations
  security: smack: add kmem_cache for smack_master_list allocations

 security/smack/smack.h     |   10 ++++++
 security/smack/smack_lsm.c |   19 +++++++++-
 security/smack/smackfs.c   |   83
++++++++++++++++++++++++--------------------
 3 files changed, 74 insertions(+), 38 deletions(-)

-- 
1.7.9.5

--
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
 
CD: 4ms