From patchwork Tue Feb 6 09:56:47 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 197288 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:168b:b0:106:860b:bbdd with SMTP id ma11csp1430730dyb; Tue, 6 Feb 2024 01:57:12 -0800 (PST) X-Google-Smtp-Source: AGHT+IEN8Q48PSL3b3/wwrXBI0XQvpJZgYeaD3wfEhPIXG+Czc7as9rG9Qa/8Ru94voTjZ367JGv X-Received: by 2002:a17:903:1112:b0:1d8:e4b8:95e5 with SMTP id n18-20020a170903111200b001d8e4b895e5mr1402272plh.32.1707213432646; Tue, 06 Feb 2024 01:57:12 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707213432; cv=pass; d=google.com; s=arc-20160816; b=NfANaSgYzoMcFmIYQn3ZQYjSFM1EpirdafVJgokXw7eaIHuy1/raoOka0FyoR8YzHI QmbOpHuzxt2UVQri9N3V08IsO0FxlxJbbs6cu7l/bsrCewmdqlucj22mpAs75juFa2jz R5o9M/j6UCCOZiaE8B1IpT55ZFCrrXEISZV1l3MkcuoPRiy+iRdzJoVCtzZ5xfrYsf9V 46pBC9AZ6TbqUdsfWV3WepyLxNoIR+hkQR4qcAdum0Aw7v2VpKwTlirqKnCRl/kHROSz GHEI3dr036fbWsh/O8eV15YYhSk9N7PXFATOPIcd/Z5YTFrSJCravkeVuGQtj9hw7hjD 0+6Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=YvtejigsA6lvJftTJlUnU81wJFgRlPFcDxMvj4jJa74=; fh=Ql1UB9MAEMKsg6aMrJPU3KEMnT2gx3iQRRuhUovG0I8=; b=GnCmuGH+VwwHcHaOpWSuIUemL3uoSKV3tJJEPflvhz4o6gBmP0Fo8pza7US9SViNZk Wv3AN+ZVZrM+U2/26LMqSHSF8tpu6mBUHUbx4A9k0Hdt4+2zwBwfGTmO//GcHnKezJ37 /rBe+MC50u1M1uwZ3dmDPWgpCKArD+l/LgZzxa5/sf5ESjJYtqIbORA2Mm8dNOK2sJNp pSCjATxR5Wm+FMibFEIu0g5ks42YF4uuWqyoeXHuxpnGr+ZaPbeu7XuGuzN0UZoUYPxr UvC/OdzrDGUwDins+/Mpnh5onFL+dnamMzUJ+fxuM81tL/1KmMTXCbYkc9A6IHBePDry lnQA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=f34EUJS7; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-54624-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-54624-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org X-Forwarded-Encrypted: i=1; AJvYcCU5l2ztGgjUQ6fA/45n1qaBGn+Mc0xPjMVvgXtP0MbtUrHftzhAu115HM9KP4Or9bl8c+tyzV1qJxA/W3DkGbAhvFwrjQ== Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id r20-20020a170902c61400b001d4931a0bfcsi1333117plr.638.2024.02.06.01.57.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Feb 2024 01:57:12 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-54624-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=f34EUJS7; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-54624-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-54624-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 68BA6285853 for ; Tue, 6 Feb 2024 09:57:12 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B6D1C12D77B; Tue, 6 Feb 2024 09:56:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="f34EUJS7" Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3BFE312D750 for ; Tue, 6 Feb 2024 09:56:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.180 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707213415; cv=none; b=nkLrE9ja7Z4/Hz3gGrOE9+hw3pa17WxUM8UnWzIe/6OQtCiCcs3hDtfbpzKDS7zAt2qqz/FV97fJRmUd3jcIbDrdih1vK76PYH5exRbl9WV/okJH9N02Wc4m51ueJW0ZIyW0bj52tWRIi13IzByIQesfXSkdNZhfet5e1BBMCOc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707213415; c=relaxed/simple; bh=gFwQT9q2MQDOLZo3TSNZibKCNFI0OYg5lS2v/Yij/5o=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=fsmUSH8Zcf+E+A+HJlbr/6Z5O22CVS3uqkp6peZCxlZAuirVCypvFiTr6IuzXA+CX3yVm25D9DhoXEp2qwmy/KQeijDmj0ysqj2r2dsZT+dC8M1pUsbnYaYooVMTIq7Dn76hNAt7aroapTXGE+fMg4aiB33Rl1nub61LZm1MdYY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=f34EUJS7; arc=none smtp.client-ip=209.85.214.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-1d74045c463so42494625ad.3 for ; Tue, 06 Feb 2024 01:56:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1707213413; x=1707818213; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=YvtejigsA6lvJftTJlUnU81wJFgRlPFcDxMvj4jJa74=; b=f34EUJS7pq9JB9Iq765rxANwGO2iY+6kBVrCtx5b+JeiCZJI2tS4++CcyEJRrjm9pJ Zukik37Sc6QeteFfd9fdViXQjXdIcguZkN0p6UbaQgQ0Vfm7aBUrhoc3HyX3EzyruySH vDMqKuVeBMQSwI8hac4pK7CMJcfljIZPWLhaQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707213413; x=1707818213; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=YvtejigsA6lvJftTJlUnU81wJFgRlPFcDxMvj4jJa74=; b=gPE0QZGlFyw892Uwgn+fh0lAYC8vTRDnRyH5rqcewb3r6wJwwwGIsk7Sive2s6GNCW zBPTVXMdbDqSj0dCmayRt6eY3UyYyAGo+byFQbS2QFptaJYTSQUQ3MGN1SKE6CjMA7v4 tRKjOCjgl5Qar1npjc4lvNttxjKjQ06EemvQwXX8DIUjPJ19QoBeSGUX6bC2RiEIHbH3 6SFlemQrFrgMAROD6EW/ghfHKuZey+D/7Rn16DvghRLBHvwAiB0ckCz3Qk/8wxwacBk8 9ujJ3OAS2fL7sLL3H2Tm11KCtNBVmS8drOFqguLhgzlkvqcExnKWZhfk2nS9iRQ+kT58 bTjQ== X-Gm-Message-State: AOJu0Yx9vjzpIbRST5D/VtS/583H1h2/t+IT6e4xncuiBU8bZ7qizWos oJWe7877ji5QqEJ42Meft8lUb+7T0w8u+/jJUzbNaOTAg+ljpI9Sqno46YtSVw== X-Received: by 2002:a17:903:2304:b0:1d8:f394:da39 with SMTP id d4-20020a170903230400b001d8f394da39mr1326364plh.65.1707213413601; Tue, 06 Feb 2024 01:56:53 -0800 (PST) X-Forwarded-Encrypted: i=0; AJvYcCW4XJapeWoVq693/JjVCP6x9T70VxgvoAa9DEw2WL3YUgGW4WylfVi6E9yCu/nZNSoV8n43/+0umk95KhnOt/x3SF1igjAd/G1ohmsrXg287GxUeFSUugHodmJNjmQjtCelCvT+SwNKnAj5DX82/i78b1orLqkyP3dJCq1XPf08nSCspRRCe1fG9nVRcnzcUCt7gLD7nY45bAP8OYcLPS731zpVcdW9njc8SUc5Q3THJUHoEfAWbo6jLbrCg8XZOPeqDU2e63BMRaVG8g3I/p3Lurfv0TjvBccwKmDzuvE= Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id iy15-20020a170903130f00b001c407fac227sm1456525plb.41.2024.02.06.01.56.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Feb 2024 01:56:53 -0800 (PST) From: Kees Cook To: Mark Brown Cc: Kees Cook , kernel test robot , Andy Lutomirski , Will Drewry , Shuah Khan , linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH] selftests/seccomp: Pin benchmark to single CPU Date: Tue, 6 Feb 2024 01:56:47 -0800 Message-Id: <20240206095642.work.502-kees@kernel.org> X-Mailer: git-send-email 2.34.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2238; i=keescook@chromium.org; h=from:subject:message-id; bh=gFwQT9q2MQDOLZo3TSNZibKCNFI0OYg5lS2v/Yij/5o=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBlwgJfCsxNqlw4QkCwa0uTjz9m+WERqUM1QnArU Nk8peGOJtCJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZcICXwAKCRCJcvTf3G3A JqyTD/9FjpTBzQ/U/pDNYWZkbNEqKOmTGswAI5nhxPwJETkBv2PFztRglzljETLPB6slHXo50Xq aaLyg3Tx0jUQWvCNGmus+ZcUaZeUc9ERbP7FajXNyUdvtd4FvpLqXrb7YLGBIyJRTt0pUvwsp08 dCXkfBVP0NEg+OM1SXDxtM43MKV8KNktVyLCjDueRmNXPGfukDqLPleO02h/dRCuc6UsznNrz7W eJN8zn12je2bB+26ikjlbccbihquSHNFLUnCJShgg3EvXM9ywmZsFLlMzb4Fl5COijs0xPYrBNm FWh1ZbJ1xA0G9GAvwpDF+lUEOvluGYMWudXBwiY48XSPsLcLS1ZluT5L/+SPsljItEjPo6hqk0n CrBxjLamMqteQUQX9pIft8jHROCFAcOg0qF0sgPUzePBdn9BDi+gYjb4r6w18iT24tp090XbdnL zD5pCjM7IO/PmNZsEsgYHqW5lww/o7nBOiGje91P116WFA9RvghnOY+qJ3tBxnmm6stuujMgFa9 wBFLrpkHt8ll0GUr0Wqlh6zkFIAB2+1Y36Vby3hcpVshfevj+rPFBwAbc/4VmkOGaKchlnUZCoe fiRUeabcdhzM4JXK4d0mJYyjz8qcKzKZG5vWpDOW9gHHQNh2rYZitp7MV2ksHepXPw8qRdCK0Wz HJa76r6 9E8DwurA== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1790143032175468776 X-GMAIL-MSGID: 1790143032175468776 The seccomp benchmark test (for validating the benefit of bitmaps) can be sensitive to scheduling speed, so pin the process to a single CPU, which appears to significantly improve reliability. Reported-by: kernel test robot Closes: https://lore.kernel.org/oe-lkp/202402061002.3a8722fd-oliver.sang@intel.com Cc: Mark Brown Cc: Andy Lutomirski Cc: Will Drewry Signed-off-by: Kees Cook --- .../selftests/seccomp/seccomp_benchmark.c | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/tools/testing/selftests/seccomp/seccomp_benchmark.c b/tools/testing/selftests/seccomp/seccomp_benchmark.c index 5b5c9d558dee..d0b733e708cc 100644 --- a/tools/testing/selftests/seccomp/seccomp_benchmark.c +++ b/tools/testing/selftests/seccomp/seccomp_benchmark.c @@ -4,7 +4,9 @@ */ #define _GNU_SOURCE #include +#include #include +#include #include #include #include @@ -119,6 +121,29 @@ long compare(const char *name_one, const char *name_eval, const char *name_two, return good ? 0 : 1; } +/* Pin to a single CPU so the benchmark won't bounce around the system. */ +void affinity(void) +{ + long cpu; + ulong ncores = sysconf(_SC_NPROCESSORS_CONF); + cpu_set_t *setp = CPU_ALLOC(ncores); + ulong setsz = CPU_ALLOC_SIZE(ncores); + + /* Set from highest CPU down. */ + for (cpu = ncores - 1; cpu >= 0; cpu--) { + CPU_ZERO_S(setsz, setp); + CPU_SET_S(cpu, setsz, setp); + if (sched_setaffinity(getpid(), setsz, setp) == -1) + continue; + printf("Pinned to CPU %lu of %lu\n", cpu + 1, ncores); + goto out; + } + fprintf(stderr, "Could not set CPU affinity -- calibration may not work well"); + +out: + CPU_FREE(setp); +} + int main(int argc, char *argv[]) { struct sock_filter bitmap_filter[] = { @@ -153,6 +178,8 @@ int main(int argc, char *argv[]) system("grep -H . /proc/sys/net/core/bpf_jit_enable"); system("grep -H . /proc/sys/net/core/bpf_jit_harden"); + affinity(); + if (argc > 1) samples = strtoull(argv[1], NULL, 0); else