-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Sun, Feb 09, 2025 at 12:04:20PM +0100, David Hobach wrote: > On 2/8/25 15:11, Marek Marczykowski-Górecki wrote: > > Hi, > > > > We've spent some time recently on improving qrexec performance, > > specifically lower the overhead on making a qrexec call. To have some > > visibility into effects, we started with adding simple performance > > tests: > > https://github.com/QubesOS/qubes-core-admin/pull/647 > > > > Here I'll focus on just one test that is making 500 calls and measure > > the total time in seconds - the lower the better. > > > > Here are the results: > > baseline (qrexec 4.3.1): fedora-41-xfce_exec 53.047245962000034[1] > > remove qubes-rpc-multiplexer[2] (qrexec 4.3.2): fedora-41-xfce_exec > > 21.449519581999994 [3] > > cache system info for policy[4]: fedora-41-xfce_exec 9.012277056000016[5] > > > > So, in total over 5x improvement :) > > That sounds great and I look forward to that change. Thanks a lot in advance! > :) > > However for an overall improvement in user experience not only the qrexec > speed is relevant, but also the time to get the qrexec service running inside > a newly started VM.
The effort above is (almost) only about calls to already running VMs. Yes, VM startup time is another thing that could use an optimization. There are several areas that can be improved there, and indeed systemd-analyze helps quite a bit in identifying them. BTW for disposables specifically, we are going to cheat: https://github.com/QubesOS/qubes-issues/issues/1512 this should get you new disposable "started" in single milliseconds time, at the cost of some RAM. > For example on my machine a qrexec call on a running VM takes ~530ms > (hopefully less in the future with the changes you mentioned) and one on a > small non-running VM 6s, out of which the qubes-qrexec-agent.service takes > 2,8s to start: > qubes-qrexec-agent.service +20ms > └─systemd-user-sessions.service @2.855s +18ms > └─network.target @2.852s > └─networking.service @2.750s +101ms > └─network-pre.target @2.732s > └─qubes-iptables.service @2.416s +315ms > └─qubes-antispoof.service @2.210s +205ms > └─basic.target @2.206s > └─sockets.target @2.206s > └─qubes-updates-proxy-forwarder.socket @2.206s > └─sysinit.target @2.187s > └─systemd-binfmt.service @1.860s +327ms > └─proc-sys-fs-binfmt_misc.mount @2.114s +69ms > └─systemd-journald.socket @1.015s > └─-.mount @984ms > └─-.slice @985ms > > So improving the speed at which any of these services in the > qubes-qrexec-agent.service critical chain start or possibly getting rid of > dependencies entirely should improve the overall Qubes OS performance. qubes-qrexec-agent.service intentionally is started rather late in the boot process, so that user applications don't end up started in a half-functioning system. But it also means several services are on critical path... > For example these numbers looked smaller in 4.1 on the same machine and a > comparable VM [6]. > > [6] > https://github.com/3hhh/qubes-performance/blob/master/samples/4.1/t530_debian-11_01.txt#L32-L40 > > > And also, now it can do over 50 calls per second, I'd say it's way more than > > enough for its intended use. > > > > [1] > > https://openqa.qubes-os.org/tests/127227/logfile?filename=system_tests-perf_test_results.txt > > [2] https://github.com/QubesOS/qubes-issues/issues/9062 > > [3] > > https://openqa.qubes-os.org/tests/127864/logfile?filename=system_tests-perf_test_results.txt > > [4] https://github.com/QubesOS/qubes-issues/issues/9362 > > [5] > > https://openqa.qubes-os.org/tests/128145/logfile?filename=system_tests-perf_test_results.txt - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAmeorekACgkQ24/THMrX 1yzKdwgAiFWBXzjXLF54RArPHsb/7NbBddzZsvJo4Ov4ej7UmpiwTsHcRGIRfAyj hal1zeDri9TbYI+xfS2TDE/WjGPrypV5LSTuZm1vorxWoilvy7LfsRuKYDOS20la gUL66qgyXu/VlSGCLqx3T586tTlS+PXTPMWu3tWKtxylFeq5b5kZYgPq+BlTz0NE vCo5q+pstOXgckJcZvIASqPNpNMh6BXO3xrskAGkivj9gl/WKBtYxCaFJ5bt2eO4 i7t3IIyplE2TqH8pamOIBoo9pZ6eZsQ40fhbejYQha2DCVIpmghdTDpIX0DXaxNA YfVwGb0KO8kFA3GEVzvHYukbdVktow== =YV/w -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/qubes-devel/Z6it6QJFpWL5FjzP%40mail-itl.
