From: Jann Horn <jann@thejh.net>
To: kernel-hardening@lists.openwall.com
Cc: keescook@chromium.org,
Elena Reshetova <elena.reshetova@intel.com>,
Hans Liljestrand <ishkamiel@gmail.com>,
David Windsor <dwindsor@gmail.com>
Subject: Re: [kernel-hardening] [RFC PATCH 12/13] x86: x86 implementation for HARDENED_ATOMIC
Date: Wed, 5 Oct 2016 18:18:45 +0200 [thread overview]
Message-ID: <20161005161845.GR14666@pc.thejh.net> (raw)
In-Reply-To: <57F51EB3.1030605@intel.com>
[-- Attachment #1: Type: text/plain, Size: 2906 bytes --]
On Wed, Oct 05, 2016 at 08:39:31AM -0700, Dave Hansen wrote:
> On 10/04/2016 05:41 AM, Jann Horn wrote:
> > $ time ./atomic_user_test 2 1 1000000000 # multi-threaded, no protection
> > real 0m9.550s
> > user 0m18.988s
> > sys 0m0.000s
> > $ time ./atomic_user_test 2 2 1000000000 # multi-threaded, racy protection
> > real 0m9.249s
> > user 0m18.430s
> > sys 0m0.004s
> > $ time ./atomic_user_test 2 3 1000000000 # multi-threaded, cmpxchg protection
> > real 1m47.331s
> > user 3m34.390s
> > sys 0m0.024s
>
> Yikes, that does get a ton worse.
Yeah, but as Kees said, that's an absolute worst case, and while there
might be some performance impact with some very syscall-heavy real-world
usage, I think it's very unlikely to be that bad in practice.
It probably doesn't matter much here, but out of curiosity: Do you know
what makes this so slow? I'm not familiar with details of how processors
work - and you're at Intel, so maybe you know more about this or can ask
someone who knows? The causes I can imagine are:
1. Pipeline flushes because of branch prediction failures caused by
more-or-less random cmpxchg retries? Pipeline flushes are pretty
expensive, right?
2. Repeated back-and-forth bouncing of the cacheline because an increment
via cmpxchg needs at least two accesses instead of one, and the
cacheline could be "stolen" by the other thread between the READ_ONCE
and the cmpxchg.
3. Simply the cost of retrying if the value has changed in the meantime.
4. Maybe if two CPUs try increments at the same time, with exactly the
same timing, they get stuck in a tiny livelock where every cmpxchg
fails because the value was just updated by the other core? And then
something slightly disturbs the timing (interrupt / clock speed
change / ...), allowing one task to win the race?
> But, I guess it's good to know we
> have a few choices between performant and absolutely "correct".
Hrm. My opinion is that the racy protection is unlikely to help much with
panic_on_oops=0. So IMO, on x86, it's more like a choice between:
- performant, but pretty useless
- performant, but technically unreliable and with panic on overflow
- doing it properly, with a performance hit
> Do you have any explanation for "racy protection" going faster than no
> protection?
My guess is "I'm not measuring well enough and random stuff is going on".
Re-running these on the same box, I get the following numbers:
$ time ./atomic_user_test 2 1 1000000000 # multi-threaded, no protection
real 0m9.549s
user 0m19.023s
sys 0m0.000s
$ time ./atomic_user_test 2 2 1000000000 # multi-threaded, racy protection
real 0m9.586s
user 0m19.154s
sys 0m0.001s
(This might be because I'm using the ondemand governor, because my CPU has
the 4GHz boost thing, because stuff in the background is randomly
interfering... no idea.)
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
next prev parent reply other threads:[~2016-10-05 16:18 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-03 6:41 [kernel-hardening] [RFC PATCH 00/13] HARDENING_ATOMIC feature Elena Reshetova
2016-10-03 6:41 ` [kernel-hardening] [RFC PATCH 01/13] Add architecture independent hardened atomic base Elena Reshetova
2016-10-03 21:10 ` [kernel-hardening] " Kees Cook
2016-10-03 21:26 ` David Windsor
2016-10-03 21:38 ` Kees Cook
2016-10-04 7:05 ` [kernel-hardening] " Reshetova, Elena
2016-10-05 15:37 ` [kernel-hardening] " Dave Hansen
2016-10-04 7:07 ` [kernel-hardening] " Reshetova, Elena
2016-10-04 6:54 ` Reshetova, Elena
2016-10-04 7:23 ` Reshetova, Elena
2016-10-12 8:26 ` [kernel-hardening] " AKASHI Takahiro
2016-10-12 17:25 ` Reshetova, Elena
2016-10-12 22:50 ` Kees Cook
2016-10-13 14:31 ` Hans Liljestrand
2016-10-03 6:41 ` [kernel-hardening] [RFC PATCH 02/13] percpu-refcount: leave atomic counter unprotected Elena Reshetova
2016-10-03 21:12 ` [kernel-hardening] " Kees Cook
2016-10-04 6:24 ` [kernel-hardening] " Reshetova, Elena
2016-10-04 13:06 ` [kernel-hardening] " Hans Liljestrand
2016-10-03 6:41 ` [kernel-hardening] [RFC PATCH 03/13] kernel: identify wrapping atomic usage Elena Reshetova
2016-10-03 21:13 ` [kernel-hardening] " Kees Cook
2016-10-04 6:28 ` [kernel-hardening] " Reshetova, Elena
2016-10-03 6:41 ` [kernel-hardening] [RFC PATCH 04/13] mm: " Elena Reshetova
2016-10-03 6:41 ` [kernel-hardening] [RFC PATCH 05/13] fs: " Elena Reshetova
2016-10-03 21:57 ` Jann Horn
2016-10-03 22:21 ` Kees Cook
2016-10-03 6:41 ` [kernel-hardening] [RFC PATCH 06/13] net: " Elena Reshetova
2016-10-03 6:41 ` [kernel-hardening] [RFC PATCH 07/13] net: atm: " Elena Reshetova
2016-10-03 6:41 ` [kernel-hardening] [RFC PATCH 08/13] security: " Elena Reshetova
2016-10-03 6:41 ` [kernel-hardening] [RFC PATCH 09/13] drivers: identify wrapping atomic usage (part 1/2) Elena Reshetova
2016-10-03 6:41 ` [kernel-hardening] [RFC PATCH 10/13] drivers: identify wrapping atomic usage (part 2/2) Elena Reshetova
2016-10-03 6:41 ` [kernel-hardening] [RFC PATCH 11/13] x86: identify wrapping atomic usage Elena Reshetova
2016-10-03 6:41 ` [kernel-hardening] [RFC PATCH 12/13] x86: x86 implementation for HARDENED_ATOMIC Elena Reshetova
2016-10-03 9:47 ` Jann Horn
2016-10-04 7:15 ` Reshetova, Elena
2016-10-04 12:46 ` Jann Horn
2016-10-03 19:27 ` Dave Hansen
2016-10-03 22:49 ` David Windsor
2016-10-04 12:41 ` Jann Horn
2016-10-04 18:51 ` Kees Cook
2016-10-04 19:48 ` Jann Horn
2016-10-05 15:39 ` Dave Hansen
2016-10-05 16:18 ` Jann Horn [this message]
2016-10-05 16:32 ` Dave Hansen
2016-10-03 21:29 ` [kernel-hardening] " Kees Cook
2016-10-03 6:41 ` [kernel-hardening] [RFC PATCH 13/13] lkdtm: add tests for atomic over-/underflow Elena Reshetova
2016-10-03 21:35 ` [kernel-hardening] " Kees Cook
2016-10-04 6:27 ` [kernel-hardening] " Reshetova, Elena
2016-10-04 6:40 ` [kernel-hardening] " Hans Liljestrand
2016-10-03 8:14 ` [kernel-hardening] [RFC PATCH 00/13] HARDENING_ATOMIC feature AKASHI Takahiro
2016-10-03 8:13 ` Reshetova, Elena
2016-10-03 21:01 ` [kernel-hardening] " Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161005161845.GR14666@pc.thejh.net \
--to=jann@thejh.net \
--cc=dwindsor@gmail.com \
--cc=elena.reshetova@intel.com \
--cc=ishkamiel@gmail.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.