Re: [PATCH 2/2] audit: Apply special optimizations

Tue, 12 Dec 2023 02:39:49 -0800 


> On 12 Dec 2023, at 11:28, Håkon Bugge <[email protected]> wrote:
> 
> For the most time-consuming function, when running a syscall benchmark
> with STIG compliant audit rules:
> 
>  Overhead  Command       Shared Object      Symbol
> .........  ............  .................  ........................
> 
>    27.62%  syscall_lat   [kernel.kallsyms]  [k] __audit_filter_op
> 
> we apply special optimizations, which speeds up the syscall
> performance by around 17% on an Intel Cascade Lake system.
> 
> We run "perf stat -d -r 5 ./syscall_lat", where syscall_lat is a C
> application that measures average syscall latency from getpid()
> running 100 million rounds.
> 
> Between each perf run, we reboot the system and waits until the last
> minute load is less than 1.0.
> 
> We boot the kernel, v6.6-rc4, with "mitigations=off", in order to
> amplify the changes in the audit system.
> 
> Let the base kernel be v6.6-rc4 with booted with "audit=1" and
> "mitigations=off" and with the commit "audit: Vary struct audit_entry
> alignment" on an Intel Cascade Lake system. The following three
> metrics are reported, nanoseconds per syscall, L1D misses per syscall,
> and finally Intructions Per Cycle, ipc.
> 
> Base vs. base + this commit gives:
> 
> ns per call:
>  min avg max   pstdev
> - 203 203 209 0.954149
> + 173 173 178 0.884534
> 
> L1d misses per syscall:
>     min    avg    max   pstdev
> -  0.012  0.103  0.817 0.238352
> +  0.010  0.209  1.235 0.399416
> 
> ipc:
>    min    avg    max   pstdev
> - 2.320  2.329  2.330 0.003000
> + 2.430  2.436  2.440 0.004899
> 
> Signed-off-by: Håkon Bugge <[email protected]>

Please disregard this message.


Thxs, Håkon

> ---
> kernel/auditsc.c | 2 ++
> 1 file changed, 2 insertions(+)
> 
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index 6f0d6fb6523fa..84d0dfe75a4ac 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -822,6 +822,7 @@ static int audit_in_mask(const struct audit_krule *rule, 
> unsigned long val)
>  * parameter can be NULL, but all others must be specified.
>  * Returns 1/true if the filter finds a match, 0/false if none are found.
>  */
> +#pragma GCC optimize("unswitch-loops", "align-loops=16", "align-jumps=16")
> static int __audit_filter_op(struct task_struct *tsk,
>   struct audit_context *ctx,
>   struct list_head *list,
> @@ -841,6 +842,7 @@ static int __audit_filter_op(struct task_struct *tsk,
> }
> return 0;
> }
> +#pragma GCC reset_options
> 
> /**
>  * audit_filter_uring - apply filters to an io_uring operation
> -- 
> 2.39.3
> 
>

Reply via email to