Attached is the next set of patches to implement stacking through
chaining. The kernel object security pointers are now always
hlist_heads. However when stacker is not compiled in,
security_{set,get,del}_value become macros which do not search the hlist
at all. This does make for better performance than simply always using
the functions in security/security.c. (I can send lmbench results for
that setup if anyone likes), but is just as fast as (within stdev,
faster than :) the last version which redefined the security field
depending on CONFIG_SECURITY_STACKER.
The attached chain3-2 shows the results for this patched kernel
(rc2-bk4) with stacker compiled out and selinux+capabilities compiled
in. nostack is the old results from rc1-bk12 with no stacking patch.
The patches were applied in the following order:
lsm-chain.patch
seclvl-stack.patch
selinux-stack.patch
stacker.patch
stacker-selinux-procattr-hack.patch
thanks,
-serge
--
=======================================================
Serge Hallyn
Security Software Engineer, IBM Linux Technology Center
serue@private
L M B E N C H 2 . 0 S U M M A R Y
------------------------------------
Basic system parameters
----------------------------------------------------
Host OS Description Mhz
--------- ------------- ----------------------- ----
ereshkiga Linux 2.6.10- i686-pc-linux-gnu 2974
ereshkiga Linux 2.6.10- i686-pc-linux-gnu 2974
ereshkiga Linux 2.6.10- i686-pc-linux-gnu 2974
ereshkiga Linux 2.6.10- i686-pc-linux-gnu 2974
Processor, Processes - times in microseconds - smaller is better
----------------------------------------------------------------
Host OS Mhz null null open selct sig sig fork exec sh
call I/O stat clos TCP inst hndl proc proc proc
--------- ------------- ---- ---- ---- ---- ---- ----- ---- ---- ---- ---- ----
ereshkiga Linux 2.6.10- 2974 0.14 0.33 2.56 2.97 4.767 0.51 2.39 73.9 356. 1661
ereshkiga Linux 2.6.10- 2974 0.14 0.33 2.56 3.02 4.771 0.51 2.40 73.4 351. 1655
ereshkiga Linux 2.6.10- 2974 0.14 0.33 2.54 3.02 4.770 0.51 2.37 73.2 348. 1659
ereshkiga Linux 2.6.10- 2974 0.14 0.33 2.55 3.03 4.821 0.52 2.43 77.6 348. 1674
MEAN 2.55 3.01 4.782 0.51 2.40 74.5 351 1662
STDEV 0.01 0.02 0.022 .004 0.02 1.8 3 7
CI (95%)
Context switching - times in microseconds - smaller is better
-------------------------------------------------------------
Host OS 2p/0K 2p/16K 2p/64K 8p/16K 8p/64K 16p/16K 16p/64K
ctxsw ctxsw ctxsw ctxsw ctxsw ctxsw ctxsw
--------- ------------- ----- ------ ------ ------ ------ ------- -------
ereshkiga Linux 2.6.10- 1.500 2.3400 4.4200 2.9200 30.9 6.02000 35.9
ereshkiga Linux 2.6.10- 1.530 2.3000 4.3400 2.9800 29.7 5.75000 36.2
ereshkiga Linux 2.6.10- 1.500 2.3200 4.4100 2.9700 29.6 6.86000 36.5
ereshkiga Linux 2.6.10- 1.520 2.3100 4.4100 3.2400 27.2 6.51000 35.9
MEAN 2.32 4.4000 3.03 29.4 6.29 36.1
STDEV 0.01 0.03 0.12 1.3 0.43 0.2
CI (95%)
*Local* Communication latencies in microseconds - smaller is better
-------------------------------------------------------------------
Host OS 2p/0K Pipe AF UDP RPC/ TCP RPC/ TCP
ctxsw UNIX UDP TCP conn
--------- ------------- ----- ----- ---- ----- ----- ----- ----- ----
ereshkiga Linux 2.6.10- 1.500 4.952 10.4 16.2 20.1 18.2 25.8 59.9
ereshkiga Linux 2.6.10- 1.530 4.914 8.78 15.8 20.6 18.2 25.7 60.0
ereshkiga Linux 2.6.10- 1.500 4.929 8.76 15.8 20.2 18.4 25.8 61.5
ereshkiga Linux 2.6.10- 1.520 4.961 8.64 16.0 20.5 18.3 25.7 60.4
MEAN 4.939 9.15 16.0 20.4 18.3 25.8 60.5
STDEV 0.019 0.73 0.2 0.2 0.1 0.1 0.6
CI (95%)
File & VM system latencies in microseconds - smaller is better
--------------------------------------------------------------
Host OS 0K File 10K File Mmap Prot Page
Create Delete Create Delete Latency Fault Fault
--------- ------------- ------ ------ ------ ------ ------- ----- -----
ereshkiga Linux 2.6.10- 18.8 9.6970 46.1 16.4 1020.0 0.536 1.00000
ereshkiga Linux 2.6.10- 18.8 9.6740 46.5 16.4 1032.0 0.554 1.00000
ereshkiga Linux 2.6.10- 18.8 9.6700 46.0 16.4 1024.0 0.519 1.00000
ereshkiga Linux 2.6.10- 18.9 9.6620 46.6 16.4 1020.0 0.504 1.00000
MEAN 9.676 46.3 16.4 1024 0.528
STDEV 0.013 0.3 0 5 0.019
CI (95%)
*Local* Communication bandwidths in MB/s - bigger is better
-----------------------------------------------------------
Host OS Pipe AF TCP File Mmap Bcopy Bcopy Mem Mem
UNIX reread reread (libc) (hand) read write
--------- ------------- ---- ---- ---- ------ ------ ------ ------ ---- -----
ereshkiga Linux 2.6.10- 1175 2805 545. 1689.5 1913.5 599.1 620.7 1913 863.7
ereshkiga Linux 2.6.10- 1179 2289 566. 1678.4 1913.3 600.6 621.6 1912 874.4
ereshkiga Linux 2.6.10- 1143 2118 564. 1683.7 1893.6 602.4 628.9 1911 876.3
ereshkiga Linux 2.6.10- 1159 2936 535. 1676.5 1911.9 608.8 632.4 1912 883.5
MEAN 1164 2537 553 1682.0 1908.1 602.7 625.9 1912 874.5
STDEV 14 342 13 5.1 8.4 3.7 4.9 1 7.1
CI (95%)
Memory latencies in nanoseconds - smaller is better
(WARNING - may not be correct, check graphs)
---------------------------------------------------
Host OS Mhz L1 $ L2 $ Main mem Guesses
--------- ------------- ---- ----- ------ -------- -------
ereshkiga Linux 2.6.10- 2974 0.681 6.1690 112.2
ereshkiga Linux 2.6.10- 2974 0.671 6.1710 112.6
ereshkiga Linux 2.6.10- 2974 0.671 6.1700 112.8
ereshkiga Linux 2.6.10- 2974 0.678 6.1700 112.2
L M B E N C H 2 . 0 S U M M A R Y
------------------------------------
Basic system parameters
----------------------------------------------------
Host OS Description Mhz
--------- ------------- ----------------------- ----
ereshkiga Linux 2.6.10- results-nostack 2972
ereshkiga Linux 2.6.10- results-nostack 2972
ereshkiga Linux 2.6.10- results-nostack 2972
ereshkiga Linux 2.6.10- results-nostack 2972
Processor, Processes - times in microseconds - smaller is better
----------------------------------------------------------------
Host OS Mhz null null open selct
call I/O stat clos TCP
--------- ------------- ---- ---- ---- ---- ---- -----
ereshkiga Linux 2.6.10- 2972 0.14 0.31 2.48 3.02 4.739
ereshkiga Linux 2.6.10- 2972 0.14 0.33 2.45 3.02 4.891
ereshkiga Linux 2.6.10- 2972 0.14 0.31 2.50 3.03 4.744
ereshkiga Linux 2.6.10- 2972 0.14 0.31 2.47 3.02 4.749
MEAN .315 2.475 3.023 4.78
STDEV .0087 .018 .0043 0.06
CI (95%)
sig sig fork exec sh
inst hndl proc proc proc
---- ---- ---- ---- ----
0.51 1.75 76.7 364. 1663
0.51 1.76 74.1 361. 1644
0.51 1.75 75.5 356. 1658
0.51 1.76 74.6 364. 1679
MEAN 0.51 1.755 75.23 361.3 1661
STDEV 0 0.005 0.988 3.27 12
CI (95%)
Context switching - times in microseconds - smaller is better
-------------------------------------------------------------
Host OS 2p/0K 2p/16K 2p/64K 8p/16K 8p/64K 16p/16K 16p/64K
ctxsw ctxsw ctxsw ctxsw ctxsw ctxsw ctxsw
--------- ------------- ----- ------ ------ ------ ------ ------- -------
ereshkiga Linux 2.6.10- 1.530 2.3900 4.4200 2.9900 28.2 5.58000 35.9
ereshkiga Linux 2.6.10- 1.510 2.3700 4.4000 3.0100 30.3 6.28000 36.0
ereshkiga Linux 2.6.10- 1.510 2.3500 4.4200 2.9900 28.9 5.84000 36.0
ereshkiga Linux 2.6.10- 1.500 2.3400 4.4400 3.1600 26.4 5.90000 35.9
MEAN 1.513 2.3625 4.42 3.0375 28.45 5.9 35.95
STDEV .01090 .01920 .014 .07120 1.404 0.25 .05
CI (95%)
*Local* Communication latencies in microseconds - smaller is better
-------------------------------------------------------------------
Host OS 2p/0K Pipe AF UDP RPC/ TCP RPC/ TCP
ctxsw UNIX UDP TCP conn
--------- ------------- ----- ----- ---- ----- ----- ----- ----- ----
ereshkiga Linux 2.6.10- 1.530 4.917 9.13 16.1 19.9 18.1 25.4 61.0
ereshkiga Linux 2.6.10- 1.510 4.975 8.88 16.0 20.1 17.8 25.3 61.2
ereshkiga Linux 2.6.10- 1.510 4.948 10.2 16.0 22.8 17.8 25.4 61.1
ereshkiga Linux 2.6.10- 1.500 4.380 10.4 15.9 19.9 17.8 25.9 60.9
MEAN 1.513 4.805 9.65 16.0 20.68 17.88 25.5 61.05
STDEV .0109 .2462 .657 .07 1.230 0.130 0.23 0.112
CI (95%)
File & VM system latencies in microseconds - smaller is better
--------------------------------------------------------------
Host OS 0K File 10K File Mmap Prot Page
Create Delete Create Delete Latency Fault Fault
--------- ------------- ------ ------ ------ ------ ------- ----- -----
ereshkiga Linux 2.6.10- 18.7 7.7640 45.8 15.5 1023.0 0.639 1.00000
ereshkiga Linux 2.6.10- 19.0 7.7740 46.5 15.6 1020.0 0.650 1.00000
ereshkiga Linux 2.6.10- 18.9 7.7670 46.8 15.6 1023.0 0.639 2.00000
ereshkiga Linux 2.6.10- 22.4 7.8310 50.1 15.7 1092.0 0.641 1.00000
MEAN 19.75 7.784 47.3 15.6 1039.5 0.642 1.25
STDEV 1.534 .0274 1.66 0.07 30.34 .0045 .433
CI (95%)
*Local* Communication bandwidths in MB/s - bigger is better
-----------------------------------------------------------
Host OS Pipe AF TCP File Mmap Bcopy Bcopy Mem Mem
UNIX reread reread (libc) (hand) read write
--------- ------------- ---- ---- ---- ------ ------ ------ ------ ---- -----
ereshkiga Linux 2.6.10- 1177 2784 656. 1690.6 1895.0 601.2 624.0 1912 872.0
ereshkiga Linux 2.6.10- 1142 2525 607. 1682.2 1894.3 605.4 627.3 1912 876.8
ereshkiga Linux 2.6.10- 1181 2808 615. 1676.4 1894.3 609.2 627.6 1912 886.6
ereshkiga Linux 2.6.10- 1193 2935 558. 1680.2 1894.2 611.1 629.9 1912 883.5
MEAN 1173 2763 609 1682.4 1894.45 606.7 627.2 1912 879.7
STDEV 19.0 148 35 5.2 0.32 3.79 2.10 0 5.7
CI (95%)
Memory latencies in nanoseconds - smaller is better
(WARNING - may not be correct, check graphs)
---------------------------------------------------
Host OS Mhz L1 $ L2 $ Main mem Guesses
--------- ------------- ---- ----- ------ -------- -------
ereshkiga Linux 2.6.10- 2972 0.671 6.1700 112.4
ereshkiga Linux 2.6.10- 2972 0.671 6.1690 112.6
ereshkiga Linux 2.6.10- 2972 0.671 6.1710 112.8
ereshkiga Linux 2.6.10- 2972 0.671 6.1690 112.2
This archive was generated by hypermail 2.1.3 : Tue Nov 23 2004 - 11:26:16 PST