• Kees Cook's avatar
    selftests/seccomp: Compare bitmap vs filter overhead · 192cf322
    Kees Cook authored
    As part of the seccomp benchmarking, include the expectations with
    regard to the timing behavior of the constant action bitmaps, and report
    inconsistencies better.
    
    Example output with constant action bitmaps on x86:
    
    $ sudo ./seccomp_benchmark 100000000
    Current BPF sysctl settings:
    net.core.bpf_jit_enable = 1
    net.core.bpf_jit_harden = 0
    Benchmarking 200000000 syscalls...
    129.359381409 - 0.008724424 = 129350656985 (129.4s)
    getpid native: 646 ns
    264.385890006 - 129.360453229 = 135025436777 (135.0s)
    getpid RET_ALLOW 1 filter (bitmap): 675 ns
    399.400511893 - 264.387045901 = 135013465992 (135.0s)
    getpid RET_ALLOW 2 filters (bitmap): 675 ns
    545.872866260 - 399.401718327 = 146471147933 (146.5s)
    getpid RET_ALLOW 3 filters (full): 732 ns
    696.337101319 - 545.874097681 = 150463003638 (150.5s)
    getpid RET_ALLOW 4 filters (full): 752 ns
    Estimated total seccomp overhead for 1 bitmapped filter: 29 ns
    Estimated total seccomp overhead for 2 bitmapped filters: 29 ns
    Estimated total seccomp overhead for 3 full filters: 86 ns
    Estimated total seccomp overhead for 4 full filters: 106 ns
    Estimated seccomp entry overhead: 29 ns
    Estimated seccomp per-filter overhead (last 2 diff): 20 ns
    Estimated seccomp per-filter overhead (filters / 4): 19 ns
    Expectations:
    	native ≤ 1 bitmap (646 ≤ 675): ️
    	native ≤ 1 filter (646 ≤ 732): ️
    	per-filter (last 2 diff) ≈ per-filter (filters / 4) (20 ≈ 19): ️
    	1 bitmapped ≈ 2 bitmapped (29 ≈ 29): ️
    	entry ≈ 1 bitmapped (29 ≈ 29): ️
    	entry ≈ 2 bitmapped (29 ≈ 29): ️
    	native + entry + (per filter * 4) ≈ 4 filters total (755 ≈ 752): ️
    
    [YiFei: Changed commit message to show stats for this patch series]
    Signed-off-by: default avatarKees Cook <keescook@chromium.org>
    Link: https://lore.kernel.org/r/1b61df3db85c5f7f1b9202722c45e7b39df73ef2.1602431034.git.yifeifz2@illinois.edu
    192cf322
seccomp_benchmark.c 6.74 KB