[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-08-01 Thread Mathew Hodson
** Project changed: snapd => ubuntu-translations

** No longer affects: ubuntu-translations

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in libseccomp package in Ubuntu:
  Fix Released
Status in libseccomp source package in Xenial:
  Fix Released
Status in libseccomp source package in Bionic:
  Fix Released
Status in libseccomp source package in Eoan:
  Won't Fix
Status in libseccomp source package in Focal:
  Fix Released
Status in libseccomp source package in Groovy:
  Fix Released

Bug description:
  [IMPACT]
  There is a known and patched issue with version 2.4 of libseccomp where 
certain operations have a large performance regression. This is causing some 
packages that use libseccomp such as container orchestration systems to 
occasionally time out or otherwise fail under certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

  Upstream issue : https://github.com/seccomp/libseccomp/issues/153
  Upstream fix : https://github.com/seccomp/libseccomp/pull/180/

  [Test Case]

  For this test case we use Docker on Ubuntu Groovy (20.10) :

  --> Current libseccomp version
  #dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu3 
 amd64high level interface to Linux seccomp filter

  ## pull ubuntu image
  # docker pull ubuntu
  ## create a container
  # docker run --name test_seccomp -it 74435f89ab78 /bin/bash

  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m10,319s
  user  0m0,018s
  sys   0m0,033s

  
  --> Patched libseccomp version

  # dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu4 
 amd64high level interface to Linux seccomp filter

  # docker start test_seccomp
  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m3,650s
  user  0m0,025s
  sys   0m0,028s

  [Regression Potential]

  The first of the 2 patches cleans up the code that adds rules to a
  single filter without changing the logic of the code. The second patch
  introduces the idea of shadow transactions. On a successful
  transaction commit the old transaction checkpoint is preserved and is
  brought up to date with the current filter. The next time a new
  transaction starts, it checks is the a shadow transaction exist and if
  so the shadow is used instead of creating a new checkpoint from
  scratch [1]. This is the patch that mitigates the performance
  regression. Any potential regression will involve the parts of the
  code that add rules to filters and/or the code that creates and checks
  the shadow transactions.

  
  [Other]

  Affected releases : Groovy, Focal, Eoan, Bionic, Xenial.

  [1]
  
https://github.com/seccomp/libseccomp/pull/180/commits/bc3a6c0453b0350ee43e4925482f705a2fbf5a4d

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-07-27 Thread Dariusz Gadomski
Marking Eoan as Won't fix due to EOL.

** Changed in: libseccomp (Ubuntu Eoan)
   Status: Fix Committed => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  Invalid
Status in libseccomp package in Ubuntu:
  Fix Released
Status in libseccomp source package in Xenial:
  Fix Released
Status in libseccomp source package in Bionic:
  Fix Released
Status in libseccomp source package in Eoan:
  Won't Fix
Status in libseccomp source package in Focal:
  Fix Released
Status in libseccomp source package in Groovy:
  Fix Released

Bug description:
  [IMPACT]
  There is a known and patched issue with version 2.4 of libseccomp where 
certain operations have a large performance regression. This is causing some 
packages that use libseccomp such as container orchestration systems to 
occasionally time out or otherwise fail under certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

  Upstream issue : https://github.com/seccomp/libseccomp/issues/153
  Upstream fix : https://github.com/seccomp/libseccomp/pull/180/

  [Test Case]

  For this test case we use Docker on Ubuntu Groovy (20.10) :

  --> Current libseccomp version
  #dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu3 
 amd64high level interface to Linux seccomp filter

  ## pull ubuntu image
  # docker pull ubuntu
  ## create a container
  # docker run --name test_seccomp -it 74435f89ab78 /bin/bash

  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m10,319s
  user  0m0,018s
  sys   0m0,033s

  
  --> Patched libseccomp version

  # dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu4 
 amd64high level interface to Linux seccomp filter

  # docker start test_seccomp
  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m3,650s
  user  0m0,025s
  sys   0m0,028s

  [Regression Potential]

  The first of the 2 patches cleans up the code that adds rules to a
  single filter without changing the logic of the code. The second patch
  introduces the idea of shadow transactions. On a successful
  transaction commit the old transaction checkpoint is preserved and is
  brought up to date with the current filter. The next time a new
  transaction starts, it checks is the a shadow transaction exist and if
  so the shadow is used instead of creating a new checkpoint from
  scratch [1]. This is the patch that mitigates the performance
  regression. Any potential regression will involve the parts of the
  code that add rules to filters and/or the code that creates and checks
  the shadow transactions.

  
  [Other]

  Affected releases : Groovy, Focal, Eoan, Bionic, Xenial.

  [1]
  
https://github.com/seccomp/libseccomp/pull/180/commits/bc3a6c0453b0350ee43e4925482f705a2fbf5a4d

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-07-23 Thread Launchpad Bug Tracker
This bug was fixed in the package libseccomp - 2.4.3-1ubuntu3.16.04.3

---
libseccomp (2.4.3-1ubuntu3.16.04.3) xenial; urgency=medium

  * d/p/db-consolidate-some-of-the-code-which-adds-rules.patch
  * d/p/db-add-shadow-transactions.patch (LP: #1861177)
Backport upstream patches to address performance regression introduced
in libseccomp 2.4.

 -- Ioanna Alifieraki   Mon, 29
Jun 2020 13:57:55 +0100

** Changed in: libseccomp (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  Invalid
Status in libseccomp package in Ubuntu:
  Fix Released
Status in libseccomp source package in Xenial:
  Fix Released
Status in libseccomp source package in Bionic:
  Fix Released
Status in libseccomp source package in Eoan:
  Fix Committed
Status in libseccomp source package in Focal:
  Fix Released
Status in libseccomp source package in Groovy:
  Fix Released

Bug description:
  [IMPACT]
  There is a known and patched issue with version 2.4 of libseccomp where 
certain operations have a large performance regression. This is causing some 
packages that use libseccomp such as container orchestration systems to 
occasionally time out or otherwise fail under certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

  Upstream issue : https://github.com/seccomp/libseccomp/issues/153
  Upstream fix : https://github.com/seccomp/libseccomp/pull/180/

  [Test Case]

  For this test case we use Docker on Ubuntu Groovy (20.10) :

  --> Current libseccomp version
  #dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu3 
 amd64high level interface to Linux seccomp filter

  ## pull ubuntu image
  # docker pull ubuntu
  ## create a container
  # docker run --name test_seccomp -it 74435f89ab78 /bin/bash

  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m10,319s
  user  0m0,018s
  sys   0m0,033s

  
  --> Patched libseccomp version

  # dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu4 
 amd64high level interface to Linux seccomp filter

  # docker start test_seccomp
  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m3,650s
  user  0m0,025s
  sys   0m0,028s

  [Regression Potential]

  The first of the 2 patches cleans up the code that adds rules to a
  single filter without changing the logic of the code. The second patch
  introduces the idea of shadow transactions. On a successful
  transaction commit the old transaction checkpoint is preserved and is
  brought up to date with the current filter. The next time a new
  transaction starts, it checks is the a shadow transaction exist and if
  so the shadow is used instead of creating a new checkpoint from
  scratch [1]. This is the patch that mitigates the performance
  regression. Any potential regression will involve the parts of the
  code that add rules to filters and/or the code that creates and checks
  the shadow transactions.

  
  [Other]

  Affected releases : Groovy, Focal, Eoan, Bionic, Xenial.

  [1]
  
https://github.com/seccomp/libseccomp/pull/180/commits/bc3a6c0453b0350ee43e4925482f705a2fbf5a4d

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-07-23 Thread Launchpad Bug Tracker
This bug was fixed in the package libseccomp - 2.4.3-1ubuntu3.18.04.3

---
libseccomp (2.4.3-1ubuntu3.18.04.3) bionic; urgency=medium

  * d/p/db-consolidate-some-of-the-code-which-adds-rules.patch
  * d/p/db-add-shadow-transactions.patch (LP: #1861177)
Backport upstream patches to address performance regression introduced
in libseccomp 2.4.

 -- Ioanna Alifieraki   Mon, 29
Jun 2020 13:52:22 +0100

** Changed in: libseccomp (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  Invalid
Status in libseccomp package in Ubuntu:
  Fix Released
Status in libseccomp source package in Xenial:
  Fix Released
Status in libseccomp source package in Bionic:
  Fix Released
Status in libseccomp source package in Eoan:
  Fix Committed
Status in libseccomp source package in Focal:
  Fix Released
Status in libseccomp source package in Groovy:
  Fix Released

Bug description:
  [IMPACT]
  There is a known and patched issue with version 2.4 of libseccomp where 
certain operations have a large performance regression. This is causing some 
packages that use libseccomp such as container orchestration systems to 
occasionally time out or otherwise fail under certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

  Upstream issue : https://github.com/seccomp/libseccomp/issues/153
  Upstream fix : https://github.com/seccomp/libseccomp/pull/180/

  [Test Case]

  For this test case we use Docker on Ubuntu Groovy (20.10) :

  --> Current libseccomp version
  #dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu3 
 amd64high level interface to Linux seccomp filter

  ## pull ubuntu image
  # docker pull ubuntu
  ## create a container
  # docker run --name test_seccomp -it 74435f89ab78 /bin/bash

  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m10,319s
  user  0m0,018s
  sys   0m0,033s

  
  --> Patched libseccomp version

  # dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu4 
 amd64high level interface to Linux seccomp filter

  # docker start test_seccomp
  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m3,650s
  user  0m0,025s
  sys   0m0,028s

  [Regression Potential]

  The first of the 2 patches cleans up the code that adds rules to a
  single filter without changing the logic of the code. The second patch
  introduces the idea of shadow transactions. On a successful
  transaction commit the old transaction checkpoint is preserved and is
  brought up to date with the current filter. The next time a new
  transaction starts, it checks is the a shadow transaction exist and if
  so the shadow is used instead of creating a new checkpoint from
  scratch [1]. This is the patch that mitigates the performance
  regression. Any potential regression will involve the parts of the
  code that add rules to filters and/or the code that creates and checks
  the shadow transactions.

  
  [Other]

  Affected releases : Groovy, Focal, Eoan, Bionic, Xenial.

  [1]
  
https://github.com/seccomp/libseccomp/pull/180/commits/bc3a6c0453b0350ee43e4925482f705a2fbf5a4d

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-07-23 Thread Launchpad Bug Tracker
This bug was fixed in the package libseccomp - 2.4.3-1ubuntu3.16.04.3

---
libseccomp (2.4.3-1ubuntu3.16.04.3) xenial; urgency=medium

  * d/p/db-consolidate-some-of-the-code-which-adds-rules.patch
  * d/p/db-add-shadow-transactions.patch (LP: #1861177)
Backport upstream patches to address performance regression introduced
in libseccomp 2.4.

 -- Ioanna Alifieraki   Mon, 29
Jun 2020 13:57:55 +0100

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  Invalid
Status in libseccomp package in Ubuntu:
  Fix Released
Status in libseccomp source package in Xenial:
  Fix Released
Status in libseccomp source package in Bionic:
  Fix Released
Status in libseccomp source package in Eoan:
  Fix Committed
Status in libseccomp source package in Focal:
  Fix Released
Status in libseccomp source package in Groovy:
  Fix Released

Bug description:
  [IMPACT]
  There is a known and patched issue with version 2.4 of libseccomp where 
certain operations have a large performance regression. This is causing some 
packages that use libseccomp such as container orchestration systems to 
occasionally time out or otherwise fail under certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

  Upstream issue : https://github.com/seccomp/libseccomp/issues/153
  Upstream fix : https://github.com/seccomp/libseccomp/pull/180/

  [Test Case]

  For this test case we use Docker on Ubuntu Groovy (20.10) :

  --> Current libseccomp version
  #dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu3 
 amd64high level interface to Linux seccomp filter

  ## pull ubuntu image
  # docker pull ubuntu
  ## create a container
  # docker run --name test_seccomp -it 74435f89ab78 /bin/bash

  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m10,319s
  user  0m0,018s
  sys   0m0,033s

  
  --> Patched libseccomp version

  # dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu4 
 amd64high level interface to Linux seccomp filter

  # docker start test_seccomp
  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m3,650s
  user  0m0,025s
  sys   0m0,028s

  [Regression Potential]

  The first of the 2 patches cleans up the code that adds rules to a
  single filter without changing the logic of the code. The second patch
  introduces the idea of shadow transactions. On a successful
  transaction commit the old transaction checkpoint is preserved and is
  brought up to date with the current filter. The next time a new
  transaction starts, it checks is the a shadow transaction exist and if
  so the shadow is used instead of creating a new checkpoint from
  scratch [1]. This is the patch that mitigates the performance
  regression. Any potential regression will involve the parts of the
  code that add rules to filters and/or the code that creates and checks
  the shadow transactions.

  
  [Other]

  Affected releases : Groovy, Focal, Eoan, Bionic, Xenial.

  [1]
  
https://github.com/seccomp/libseccomp/pull/180/commits/bc3a6c0453b0350ee43e4925482f705a2fbf5a4d

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-07-23 Thread Launchpad Bug Tracker
This bug was fixed in the package libseccomp - 2.4.3-1ubuntu3.18.04.3

---
libseccomp (2.4.3-1ubuntu3.18.04.3) bionic; urgency=medium

  * d/p/db-consolidate-some-of-the-code-which-adds-rules.patch
  * d/p/db-add-shadow-transactions.patch (LP: #1861177)
Backport upstream patches to address performance regression introduced
in libseccomp 2.4.

 -- Ioanna Alifieraki   Mon, 29
Jun 2020 13:52:22 +0100

** Changed in: libseccomp (Ubuntu Bionic)
   Status: Fix Committed => Fix Released

** Changed in: libseccomp (Ubuntu Bionic)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  Invalid
Status in libseccomp package in Ubuntu:
  Fix Released
Status in libseccomp source package in Xenial:
  Fix Released
Status in libseccomp source package in Bionic:
  Fix Released
Status in libseccomp source package in Eoan:
  Fix Committed
Status in libseccomp source package in Focal:
  Fix Released
Status in libseccomp source package in Groovy:
  Fix Released

Bug description:
  [IMPACT]
  There is a known and patched issue with version 2.4 of libseccomp where 
certain operations have a large performance regression. This is causing some 
packages that use libseccomp such as container orchestration systems to 
occasionally time out or otherwise fail under certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

  Upstream issue : https://github.com/seccomp/libseccomp/issues/153
  Upstream fix : https://github.com/seccomp/libseccomp/pull/180/

  [Test Case]

  For this test case we use Docker on Ubuntu Groovy (20.10) :

  --> Current libseccomp version
  #dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu3 
 amd64high level interface to Linux seccomp filter

  ## pull ubuntu image
  # docker pull ubuntu
  ## create a container
  # docker run --name test_seccomp -it 74435f89ab78 /bin/bash

  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m10,319s
  user  0m0,018s
  sys   0m0,033s

  
  --> Patched libseccomp version

  # dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu4 
 amd64high level interface to Linux seccomp filter

  # docker start test_seccomp
  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m3,650s
  user  0m0,025s
  sys   0m0,028s

  [Regression Potential]

  The first of the 2 patches cleans up the code that adds rules to a
  single filter without changing the logic of the code. The second patch
  introduces the idea of shadow transactions. On a successful
  transaction commit the old transaction checkpoint is preserved and is
  brought up to date with the current filter. The next time a new
  transaction starts, it checks is the a shadow transaction exist and if
  so the shadow is used instead of creating a new checkpoint from
  scratch [1]. This is the patch that mitigates the performance
  regression. Any potential regression will involve the parts of the
  code that add rules to filters and/or the code that creates and checks
  the shadow transactions.

  
  [Other]

  Affected releases : Groovy, Focal, Eoan, Bionic, Xenial.

  [1]
  
https://github.com/seccomp/libseccomp/pull/180/commits/bc3a6c0453b0350ee43e4925482f705a2fbf5a4d

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-07-23 Thread Launchpad Bug Tracker
This bug was fixed in the package libseccomp - 2.4.3-1ubuntu3.20.04.3

---
libseccomp (2.4.3-1ubuntu3.20.04.3) focal; urgency=medium

  * d/p/db-consolidate-some-of-the-code-which-adds-rules.patch
  * d/p/db-add-shadow-transactions.patch (LP: #1861177)
Backport upstream patches to address performance regression introduced
in libseccomp 2.4.

 -- Ioanna Alifieraki   Mon, 29
Jun 2020 13:35:12 +0100

** Changed in: libseccomp (Ubuntu Focal)
   Status: Fix Committed => Fix Released

** Changed in: libseccomp (Ubuntu Focal)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  Invalid
Status in libseccomp package in Ubuntu:
  Fix Released
Status in libseccomp source package in Xenial:
  Fix Committed
Status in libseccomp source package in Bionic:
  Fix Committed
Status in libseccomp source package in Eoan:
  Fix Committed
Status in libseccomp source package in Focal:
  Fix Released
Status in libseccomp source package in Groovy:
  Fix Released

Bug description:
  [IMPACT]
  There is a known and patched issue with version 2.4 of libseccomp where 
certain operations have a large performance regression. This is causing some 
packages that use libseccomp such as container orchestration systems to 
occasionally time out or otherwise fail under certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

  Upstream issue : https://github.com/seccomp/libseccomp/issues/153
  Upstream fix : https://github.com/seccomp/libseccomp/pull/180/

  [Test Case]

  For this test case we use Docker on Ubuntu Groovy (20.10) :

  --> Current libseccomp version
  #dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu3 
 amd64high level interface to Linux seccomp filter

  ## pull ubuntu image
  # docker pull ubuntu
  ## create a container
  # docker run --name test_seccomp -it 74435f89ab78 /bin/bash

  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m10,319s
  user  0m0,018s
  sys   0m0,033s

  
  --> Patched libseccomp version

  # dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu4 
 amd64high level interface to Linux seccomp filter

  # docker start test_seccomp
  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m3,650s
  user  0m0,025s
  sys   0m0,028s

  [Regression Potential]

  The first of the 2 patches cleans up the code that adds rules to a
  single filter without changing the logic of the code. The second patch
  introduces the idea of shadow transactions. On a successful
  transaction commit the old transaction checkpoint is preserved and is
  brought up to date with the current filter. The next time a new
  transaction starts, it checks is the a shadow transaction exist and if
  so the shadow is used instead of creating a new checkpoint from
  scratch [1]. This is the patch that mitigates the performance
  regression. Any potential regression will involve the parts of the
  code that add rules to filters and/or the code that creates and checks
  the shadow transactions.

  
  [Other]

  Affected releases : Groovy, Focal, Eoan, Bionic, Xenial.

  [1]
  
https://github.com/seccomp/libseccomp/pull/180/commits/bc3a6c0453b0350ee43e4925482f705a2fbf5a4d

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-07-23 Thread Launchpad Bug Tracker
This bug was fixed in the package libseccomp - 2.4.3-1ubuntu3.20.04.3

---
libseccomp (2.4.3-1ubuntu3.20.04.3) focal; urgency=medium

  * d/p/db-consolidate-some-of-the-code-which-adds-rules.patch
  * d/p/db-add-shadow-transactions.patch (LP: #1861177)
Backport upstream patches to address performance regression introduced
in libseccomp 2.4.

 -- Ioanna Alifieraki   Mon, 29
Jun 2020 13:35:12 +0100

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  Invalid
Status in libseccomp package in Ubuntu:
  Fix Released
Status in libseccomp source package in Xenial:
  Fix Committed
Status in libseccomp source package in Bionic:
  Fix Committed
Status in libseccomp source package in Eoan:
  Fix Committed
Status in libseccomp source package in Focal:
  Fix Released
Status in libseccomp source package in Groovy:
  Fix Released

Bug description:
  [IMPACT]
  There is a known and patched issue with version 2.4 of libseccomp where 
certain operations have a large performance regression. This is causing some 
packages that use libseccomp such as container orchestration systems to 
occasionally time out or otherwise fail under certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

  Upstream issue : https://github.com/seccomp/libseccomp/issues/153
  Upstream fix : https://github.com/seccomp/libseccomp/pull/180/

  [Test Case]

  For this test case we use Docker on Ubuntu Groovy (20.10) :

  --> Current libseccomp version
  #dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu3 
 amd64high level interface to Linux seccomp filter

  ## pull ubuntu image
  # docker pull ubuntu
  ## create a container
  # docker run --name test_seccomp -it 74435f89ab78 /bin/bash

  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m10,319s
  user  0m0,018s
  sys   0m0,033s

  
  --> Patched libseccomp version

  # dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu4 
 amd64high level interface to Linux seccomp filter

  # docker start test_seccomp
  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m3,650s
  user  0m0,025s
  sys   0m0,028s

  [Regression Potential]

  The first of the 2 patches cleans up the code that adds rules to a
  single filter without changing the logic of the code. The second patch
  introduces the idea of shadow transactions. On a successful
  transaction commit the old transaction checkpoint is preserved and is
  brought up to date with the current filter. The next time a new
  transaction starts, it checks is the a shadow transaction exist and if
  so the shadow is used instead of creating a new checkpoint from
  scratch [1]. This is the patch that mitigates the performance
  regression. Any potential regression will involve the parts of the
  code that add rules to filters and/or the code that creates and checks
  the shadow transactions.

  
  [Other]

  Affected releases : Groovy, Focal, Eoan, Bionic, Xenial.

  [1]
  
https://github.com/seccomp/libseccomp/pull/180/commits/bc3a6c0453b0350ee43e4925482f705a2fbf5a4d

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-07-20 Thread Ioanna Alifieraki
# autopkgtest regression in EOAN

There is an autopkgtest regression in EOAN on ppc64el for systemd package.
The regression is caused by the 'upstream' test.
As it's shown here 
http://autopkgtest.ubuntu.com/packages/s/systemd/eoan/ppc64el this test
has always been failing since systemd version 240-6ubuntu5 and can be ignored.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  Invalid
Status in libseccomp package in Ubuntu:
  Fix Released
Status in libseccomp source package in Xenial:
  Fix Committed
Status in libseccomp source package in Bionic:
  Fix Committed
Status in libseccomp source package in Eoan:
  Fix Committed
Status in libseccomp source package in Focal:
  Fix Committed
Status in libseccomp source package in Groovy:
  Fix Released

Bug description:
  [IMPACT]
  There is a known and patched issue with version 2.4 of libseccomp where 
certain operations have a large performance regression. This is causing some 
packages that use libseccomp such as container orchestration systems to 
occasionally time out or otherwise fail under certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

  Upstream issue : https://github.com/seccomp/libseccomp/issues/153
  Upstream fix : https://github.com/seccomp/libseccomp/pull/180/

  [Test Case]

  For this test case we use Docker on Ubuntu Groovy (20.10) :

  --> Current libseccomp version
  #dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu3 
 amd64high level interface to Linux seccomp filter

  ## pull ubuntu image
  # docker pull ubuntu
  ## create a container
  # docker run --name test_seccomp -it 74435f89ab78 /bin/bash

  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m10,319s
  user  0m0,018s
  sys   0m0,033s

  
  --> Patched libseccomp version

  # dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu4 
 amd64high level interface to Linux seccomp filter

  # docker start test_seccomp
  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m3,650s
  user  0m0,025s
  sys   0m0,028s

  [Regression Potential]

  The first of the 2 patches cleans up the code that adds rules to a
  single filter without changing the logic of the code. The second patch
  introduces the idea of shadow transactions. On a successful
  transaction commit the old transaction checkpoint is preserved and is
  brought up to date with the current filter. The next time a new
  transaction starts, it checks is the a shadow transaction exist and if
  so the shadow is used instead of creating a new checkpoint from
  scratch [1]. This is the patch that mitigates the performance
  regression. Any potential regression will involve the parts of the
  code that add rules to filters and/or the code that creates and checks
  the shadow transactions.

  
  [Other]

  Affected releases : Groovy, Focal, Eoan, Bionic, Xenial.

  [1]
  
https://github.com/seccomp/libseccomp/pull/180/commits/bc3a6c0453b0350ee43e4925482f705a2fbf5a4d

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-07-20 Thread Ioanna Alifieraki
#VERIFICATION EOAN

---> Old version
# dpkg -l | grep libseccomp
ii  libseccomp2:amd64  2.4.3-1ubuntu3.19.10.2amd64  high level interface to 
Linux seccomp filter


# for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
MAX TIME : 9.374s

---> New version

# dpkg -l | grep libseccomp
ii  libseccomp2:amd64 2.4.3-1ubuntu3.19.10.3  amd64   high level interface to 
Linux seccomp filter


# for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
MAX TIME : 2.009s

** Tags removed: verification-needed-eoan
** Tags added: verification-done-eoan

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  Invalid
Status in libseccomp package in Ubuntu:
  Fix Released
Status in libseccomp source package in Xenial:
  Fix Committed
Status in libseccomp source package in Bionic:
  Fix Committed
Status in libseccomp source package in Eoan:
  Fix Committed
Status in libseccomp source package in Focal:
  Fix Committed
Status in libseccomp source package in Groovy:
  Fix Released

Bug description:
  [IMPACT]
  There is a known and patched issue with version 2.4 of libseccomp where 
certain operations have a large performance regression. This is causing some 
packages that use libseccomp such as container orchestration systems to 
occasionally time out or otherwise fail under certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

  Upstream issue : https://github.com/seccomp/libseccomp/issues/153
  Upstream fix : https://github.com/seccomp/libseccomp/pull/180/

  [Test Case]

  For this test case we use Docker on Ubuntu Groovy (20.10) :

  --> Current libseccomp version
  #dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu3 
 amd64high level interface to Linux seccomp filter

  ## pull ubuntu image
  # docker pull ubuntu
  ## create a container
  # docker run --name test_seccomp -it 74435f89ab78 /bin/bash

  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m10,319s
  user  0m0,018s
  sys   0m0,033s

  
  --> Patched libseccomp version

  # dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu4 
 amd64high level interface to Linux seccomp filter

  # docker start test_seccomp
  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m3,650s
  user  0m0,025s
  sys   0m0,028s

  [Regression Potential]

  The first of the 2 patches cleans up the code that adds rules to a
  single filter without changing the logic of the code. The second patch
  introduces the idea of shadow transactions. On a successful
  transaction commit the old transaction checkpoint is preserved and is
  brought up to date with the current filter. The next time a new
  transaction starts, it checks is the a shadow transaction exist and if
  so the shadow is used instead of creating a new checkpoint from
  scratch [1]. This is the patch that mitigates the performance
  regression. Any potential regression will involve the parts of the
  code that add rules to filters and/or the code that creates and checks
  the shadow transactions.

  
  [Other]

  Affected releases : Groovy, Focal, Eoan, Bionic, Xenial.

  [1]
  
https://github.com/seccomp/libseccomp/pull/180/commits/bc3a6c0453b0350ee43e4925482f705a2fbf5a4d

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-07-17 Thread Ioanna Alifieraki
#VERIFICATION BIONIC

---> Old version
# dpkg -l | grep libseccomp
ii  libseccomp2:amd64 2.4.3-1ubuntu3.18.04.2  amd64 high level interface to 
Linux seccomp filter


# for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
MAX TIME : 8.148s

---> New version

# dpkg -l | grep libseccomp
ii  libseccomp2:amd64 2.4.3-1ubuntu3.18.04.3  amd64 high level interface to 
Linux seccomp filter

# for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
MAX TIME : 2.713s

** Tags removed: verification-needed-bionic
** Tags added: verification-done-bionic

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  Invalid
Status in libseccomp package in Ubuntu:
  Fix Released
Status in libseccomp source package in Xenial:
  Fix Committed
Status in libseccomp source package in Bionic:
  Fix Committed
Status in libseccomp source package in Eoan:
  Fix Committed
Status in libseccomp source package in Focal:
  Fix Committed
Status in libseccomp source package in Groovy:
  Fix Released

Bug description:
  [IMPACT]
  There is a known and patched issue with version 2.4 of libseccomp where 
certain operations have a large performance regression. This is causing some 
packages that use libseccomp such as container orchestration systems to 
occasionally time out or otherwise fail under certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

  Upstream issue : https://github.com/seccomp/libseccomp/issues/153
  Upstream fix : https://github.com/seccomp/libseccomp/pull/180/

  [Test Case]

  For this test case we use Docker on Ubuntu Groovy (20.10) :

  --> Current libseccomp version
  #dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu3 
 amd64high level interface to Linux seccomp filter

  ## pull ubuntu image
  # docker pull ubuntu
  ## create a container
  # docker run --name test_seccomp -it 74435f89ab78 /bin/bash

  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m10,319s
  user  0m0,018s
  sys   0m0,033s

  
  --> Patched libseccomp version

  # dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu4 
 amd64high level interface to Linux seccomp filter

  # docker start test_seccomp
  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m3,650s
  user  0m0,025s
  sys   0m0,028s

  [Regression Potential]

  The first of the 2 patches cleans up the code that adds rules to a
  single filter without changing the logic of the code. The second patch
  introduces the idea of shadow transactions. On a successful
  transaction commit the old transaction checkpoint is preserved and is
  brought up to date with the current filter. The next time a new
  transaction starts, it checks is the a shadow transaction exist and if
  so the shadow is used instead of creating a new checkpoint from
  scratch [1]. This is the patch that mitigates the performance
  regression. Any potential regression will involve the parts of the
  code that add rules to filters and/or the code that creates and checks
  the shadow transactions.

  
  [Other]

  Affected releases : Groovy, Focal, Eoan, Bionic, Xenial.

  [1]
  
https://github.com/seccomp/libseccomp/pull/180/commits/bc3a6c0453b0350ee43e4925482f705a2fbf5a4d

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-07-16 Thread Ioanna Alifieraki
#VERIFICATION FOCAL

---> Old version
# dpkg -l | grep libseccomp
ii  libseccomp2:amd642.4.3-1ubuntu3.20.04.2
amd64high level interface to Linux seccomp filter

# for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
MAX TIME : 10.176s


---> New version

# dpkg -l | grep libseccomp
ii  libseccomp2:amd642.4.3-1ubuntu3.20.04.3
amd64high level interface to Linux seccomp filter

# for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
MAX TIME : 3.161s

** Tags removed: verification-needed-focal
** Tags added: verification-done-focal

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  Invalid
Status in libseccomp package in Ubuntu:
  Fix Released
Status in libseccomp source package in Xenial:
  Fix Committed
Status in libseccomp source package in Bionic:
  Fix Committed
Status in libseccomp source package in Eoan:
  Fix Committed
Status in libseccomp source package in Focal:
  Fix Committed
Status in libseccomp source package in Groovy:
  Fix Released

Bug description:
  [IMPACT]
  There is a known and patched issue with version 2.4 of libseccomp where 
certain operations have a large performance regression. This is causing some 
packages that use libseccomp such as container orchestration systems to 
occasionally time out or otherwise fail under certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

  Upstream issue : https://github.com/seccomp/libseccomp/issues/153
  Upstream fix : https://github.com/seccomp/libseccomp/pull/180/

  [Test Case]

  For this test case we use Docker on Ubuntu Groovy (20.10) :

  --> Current libseccomp version
  #dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu3 
 amd64high level interface to Linux seccomp filter

  ## pull ubuntu image
  # docker pull ubuntu
  ## create a container
  # docker run --name test_seccomp -it 74435f89ab78 /bin/bash

  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m10,319s
  user  0m0,018s
  sys   0m0,033s

  
  --> Patched libseccomp version

  # dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu4 
 amd64high level interface to Linux seccomp filter

  # docker start test_seccomp
  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m3,650s
  user  0m0,025s
  sys   0m0,028s

  [Regression Potential]

  The first of the 2 patches cleans up the code that adds rules to a
  single filter without changing the logic of the code. The second patch
  introduces the idea of shadow transactions. On a successful
  transaction commit the old transaction checkpoint is preserved and is
  brought up to date with the current filter. The next time a new
  transaction starts, it checks is the a shadow transaction exist and if
  so the shadow is used instead of creating a new checkpoint from
  scratch [1]. This is the patch that mitigates the performance
  regression. Any potential regression will involve the parts of the
  code that add rules to filters and/or the code that creates and checks
  the shadow transactions.

  
  [Other]

  Affected releases : Groovy, Focal, Eoan, Bionic, Xenial.

  [1]
  
https://github.com/seccomp/libseccomp/pull/180/commits/bc3a6c0453b0350ee43e4925482f705a2fbf5a4d

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-07-16 Thread Ioanna Alifieraki
#VERIFICATION XENIAL

---> Old version
# dpkg -l | grep libseccomp
ii  libseccomp2:amd64   2.4.3-1ubuntu3.16.04.2  
amd64high level interface to Linux seccomp filte

# for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
MAX TIME : 8.923s


---> New version

# dpkg -l | grep libseccomp
ii  libseccomp2:amd64 2.4.3-1ubuntu3.16.04.3
  amd64high level interface to Linux seccomp filter


# for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
MAX TIME : 3.270s

** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  Invalid
Status in libseccomp package in Ubuntu:
  Fix Released
Status in libseccomp source package in Xenial:
  Fix Committed
Status in libseccomp source package in Bionic:
  Fix Committed
Status in libseccomp source package in Eoan:
  Fix Committed
Status in libseccomp source package in Focal:
  Fix Committed
Status in libseccomp source package in Groovy:
  Fix Released

Bug description:
  [IMPACT]
  There is a known and patched issue with version 2.4 of libseccomp where 
certain operations have a large performance regression. This is causing some 
packages that use libseccomp such as container orchestration systems to 
occasionally time out or otherwise fail under certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

  Upstream issue : https://github.com/seccomp/libseccomp/issues/153
  Upstream fix : https://github.com/seccomp/libseccomp/pull/180/

  [Test Case]

  For this test case we use Docker on Ubuntu Groovy (20.10) :

  --> Current libseccomp version
  #dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu3 
 amd64high level interface to Linux seccomp filter

  ## pull ubuntu image
  # docker pull ubuntu
  ## create a container
  # docker run --name test_seccomp -it 74435f89ab78 /bin/bash

  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m10,319s
  user  0m0,018s
  sys   0m0,033s

  
  --> Patched libseccomp version

  # dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu4 
 amd64high level interface to Linux seccomp filter

  # docker start test_seccomp
  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m3,650s
  user  0m0,025s
  sys   0m0,028s

  [Regression Potential]

  The first of the 2 patches cleans up the code that adds rules to a
  single filter without changing the logic of the code. The second patch
  introduces the idea of shadow transactions. On a successful
  transaction commit the old transaction checkpoint is preserved and is
  brought up to date with the current filter. The next time a new
  transaction starts, it checks is the a shadow transaction exist and if
  so the shadow is used instead of creating a new checkpoint from
  scratch [1]. This is the patch that mitigates the performance
  regression. Any potential regression will involve the parts of the
  code that add rules to filters and/or the code that creates and checks
  the shadow transactions.

  
  [Other]

  Affected releases : Groovy, Focal, Eoan, Bionic, Xenial.

  [1]
  
https://github.com/seccomp/libseccomp/pull/180/commits/bc3a6c0453b0350ee43e4925482f705a2fbf5a4d

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-07-14 Thread Launchpad Bug Tracker
This bug was fixed in the package libseccomp - 2.4.3-1ubuntu4

---
libseccomp (2.4.3-1ubuntu4) groovy; urgency=medium

  * d/p/db-consolidate-some-of-the-code-which-adds-rules.patch
  * d/p/db-add-shadow-transactions.patch (LP: #1861177)
Backport upstream patches to address performance regression introduced
in libseccomp 2.4.

 -- Ioanna Alifieraki   Mon, 22
Jun 2020 11:10:27 +0100

** Changed in: libseccomp (Ubuntu Groovy)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  Invalid
Status in libseccomp package in Ubuntu:
  Fix Released
Status in libseccomp source package in Xenial:
  Fix Committed
Status in libseccomp source package in Bionic:
  Fix Committed
Status in libseccomp source package in Eoan:
  Fix Committed
Status in libseccomp source package in Focal:
  Fix Committed
Status in libseccomp source package in Groovy:
  Fix Released

Bug description:
  [IMPACT]
  There is a known and patched issue with version 2.4 of libseccomp where 
certain operations have a large performance regression. This is causing some 
packages that use libseccomp such as container orchestration systems to 
occasionally time out or otherwise fail under certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

  Upstream issue : https://github.com/seccomp/libseccomp/issues/153
  Upstream fix : https://github.com/seccomp/libseccomp/pull/180/

  [Test Case]

  For this test case we use Docker on Ubuntu Groovy (20.10) :

  --> Current libseccomp version
  #dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu3 
 amd64high level interface to Linux seccomp filter

  ## pull ubuntu image
  # docker pull ubuntu
  ## create a container
  # docker run --name test_seccomp -it 74435f89ab78 /bin/bash

  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m10,319s
  user  0m0,018s
  sys   0m0,033s

  
  --> Patched libseccomp version

  # dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu4 
 amd64high level interface to Linux seccomp filter

  # docker start test_seccomp
  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m3,650s
  user  0m0,025s
  sys   0m0,028s

  [Regression Potential]

  The first of the 2 patches cleans up the code that adds rules to a
  single filter without changing the logic of the code. The second patch
  introduces the idea of shadow transactions. On a successful
  transaction commit the old transaction checkpoint is preserved and is
  brought up to date with the current filter. The next time a new
  transaction starts, it checks is the a shadow transaction exist and if
  so the shadow is used instead of creating a new checkpoint from
  scratch [1]. This is the patch that mitigates the performance
  regression. Any potential regression will involve the parts of the
  code that add rules to filters and/or the code that creates and checks
  the shadow transactions.

  
  [Other]

  Affected releases : Groovy, Focal, Eoan, Bionic, Xenial.

  [1]
  
https://github.com/seccomp/libseccomp/pull/180/commits/bc3a6c0453b0350ee43e4925482f705a2fbf5a4d

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-07-13 Thread Łukasz Zemczak
Hello Sam, or anyone else affected,

Accepted libseccomp into eoan-proposed. The package will build now and
be available at
https://launchpad.net/ubuntu/+source/libseccomp/2.4.3-1ubuntu3.19.10.3
in a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
eoan to verification-done-eoan. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-eoan. In either case, without details of your testing we will not
be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: libseccomp (Ubuntu Eoan)
   Status: In Progress => Fix Committed

** Tags added: verification-needed-eoan

** Changed in: libseccomp (Ubuntu Bionic)
   Status: In Progress => Fix Committed

** Tags added: verification-needed-bionic

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  Invalid
Status in libseccomp package in Ubuntu:
  In Progress
Status in libseccomp source package in Xenial:
  Fix Committed
Status in libseccomp source package in Bionic:
  Fix Committed
Status in libseccomp source package in Eoan:
  Fix Committed
Status in libseccomp source package in Focal:
  Fix Committed
Status in libseccomp source package in Groovy:
  In Progress

Bug description:
  [IMPACT]
  There is a known and patched issue with version 2.4 of libseccomp where 
certain operations have a large performance regression. This is causing some 
packages that use libseccomp such as container orchestration systems to 
occasionally time out or otherwise fail under certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

  Upstream issue : https://github.com/seccomp/libseccomp/issues/153
  Upstream fix : https://github.com/seccomp/libseccomp/pull/180/

  [Test Case]

  For this test case we use Docker on Ubuntu Groovy (20.10) :

  --> Current libseccomp version
  #dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu3 
 amd64high level interface to Linux seccomp filter

  ## pull ubuntu image
  # docker pull ubuntu
  ## create a container
  # docker run --name test_seccomp -it 74435f89ab78 /bin/bash

  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m10,319s
  user  0m0,018s
  sys   0m0,033s

  
  --> Patched libseccomp version

  # dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu4 
 amd64high level interface to Linux seccomp filter

  # docker start test_seccomp
  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m3,650s
  user  0m0,025s
  sys   0m0,028s

  [Regression Potential]

  The first of the 2 patches cleans up the code that adds rules to a
  single filter without changing the logic of the code. The second patch
  introduces the idea of shadow transactions. On a successful
  transaction commit the old transaction checkpoint is preserved and is
  brought up to date with the current filter. The next time a new
  transaction starts, it checks is the a shadow transaction exist and if
  so the shadow is used instead of creating a new checkpoint from
  scratch [1]. This is the patch that mitigates the performance
  regression. Any potential regression will involve the parts of the
  code that add rules to filters and/or the code that creates and checks
  the shadow transactions.

  
  [Other]

  Affected releases : Groovy, Focal, Eoan, Bionic, Xenial.

  [1]
  
https://github.com/seccomp/libseccomp/pull/180/commits/bc3a6c0453b0350ee43e4925482f705a2fbf5a4d

To manage notifications 

[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-07-13 Thread Łukasz Zemczak
Hello Sam, or anyone else affected,

Accepted libseccomp into focal-proposed. The package will build now and
be available at
https://launchpad.net/ubuntu/+source/libseccomp/2.4.3-1ubuntu3.20.04.3
in a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
focal to verification-done-focal. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-focal. In either case, without details of your testing we will
not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: libseccomp (Ubuntu Focal)
   Status: In Progress => Fix Committed

** Tags added: verification-needed verification-needed-focal

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  Invalid
Status in libseccomp package in Ubuntu:
  In Progress
Status in libseccomp source package in Xenial:
  In Progress
Status in libseccomp source package in Bionic:
  Fix Committed
Status in libseccomp source package in Eoan:
  Fix Committed
Status in libseccomp source package in Focal:
  Fix Committed
Status in libseccomp source package in Groovy:
  In Progress

Bug description:
  [IMPACT]
  There is a known and patched issue with version 2.4 of libseccomp where 
certain operations have a large performance regression. This is causing some 
packages that use libseccomp such as container orchestration systems to 
occasionally time out or otherwise fail under certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

  Upstream issue : https://github.com/seccomp/libseccomp/issues/153
  Upstream fix : https://github.com/seccomp/libseccomp/pull/180/

  [Test Case]

  For this test case we use Docker on Ubuntu Groovy (20.10) :

  --> Current libseccomp version
  #dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu3 
 amd64high level interface to Linux seccomp filter

  ## pull ubuntu image
  # docker pull ubuntu
  ## create a container
  # docker run --name test_seccomp -it 74435f89ab78 /bin/bash

  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m10,319s
  user  0m0,018s
  sys   0m0,033s

  
  --> Patched libseccomp version

  # dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu4 
 amd64high level interface to Linux seccomp filter

  # docker start test_seccomp
  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m3,650s
  user  0m0,025s
  sys   0m0,028s

  [Regression Potential]

  The first of the 2 patches cleans up the code that adds rules to a
  single filter without changing the logic of the code. The second patch
  introduces the idea of shadow transactions. On a successful
  transaction commit the old transaction checkpoint is preserved and is
  brought up to date with the current filter. The next time a new
  transaction starts, it checks is the a shadow transaction exist and if
  so the shadow is used instead of creating a new checkpoint from
  scratch [1]. This is the patch that mitigates the performance
  regression. Any potential regression will involve the parts of the
  code that add rules to filters and/or the code that creates and checks
  the shadow transactions.

  
  [Other]

  Affected releases : Groovy, Focal, Eoan, Bionic, Xenial.

  [1]
  
https://github.com/seccomp/libseccomp/pull/180/commits/bc3a6c0453b0350ee43e4925482f705a2fbf5a4d

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: 

[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-07-09 Thread Łukasz Zemczak
As discussed on IRC, I have reviewed all the SRUs. They looked correct
from my POV (although I guess I'd appreciate a second opinion from the
security team).

Since we want to include those in the -security pockets as well, I have
uploaded all of them to a security-only Bileto PPA. I have confirmed via
the build logs that only -security is enabled. The PPA can be found
here:

https://launchpad.net/~ci-train-ppa-
service/+archive/ubuntu/4143/+packages

Once the packages build correctly, I will bin-copy them to -proposed and
remove the source uploads from the upload queues.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  Invalid
Status in libseccomp package in Ubuntu:
  In Progress
Status in libseccomp source package in Xenial:
  In Progress
Status in libseccomp source package in Bionic:
  In Progress
Status in libseccomp source package in Eoan:
  In Progress
Status in libseccomp source package in Focal:
  In Progress
Status in libseccomp source package in Groovy:
  In Progress

Bug description:
  [IMPACT]
  There is a known and patched issue with version 2.4 of libseccomp where 
certain operations have a large performance regression. This is causing some 
packages that use libseccomp such as container orchestration systems to 
occasionally time out or otherwise fail under certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

  Upstream issue : https://github.com/seccomp/libseccomp/issues/153
  Upstream fix : https://github.com/seccomp/libseccomp/pull/180/

  [Test Case]

  For this test case we use Docker on Ubuntu Groovy (20.10) :

  --> Current libseccomp version
  #dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu3 
 amd64high level interface to Linux seccomp filter

  ## pull ubuntu image
  # docker pull ubuntu
  ## create a container
  # docker run --name test_seccomp -it 74435f89ab78 /bin/bash

  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m10,319s
  user  0m0,018s
  sys   0m0,033s

  
  --> Patched libseccomp version

  # dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu4 
 amd64high level interface to Linux seccomp filter

  # docker start test_seccomp
  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m3,650s
  user  0m0,025s
  sys   0m0,028s

  [Regression Potential]

  The first of the 2 patches cleans up the code that adds rules to a
  single filter without changing the logic of the code. The second patch
  introduces the idea of shadow transactions. On a successful
  transaction commit the old transaction checkpoint is preserved and is
  brought up to date with the current filter. The next time a new
  transaction starts, it checks is the a shadow transaction exist and if
  so the shadow is used instead of creating a new checkpoint from
  scratch [1]. This is the patch that mitigates the performance
  regression. Any potential regression will involve the parts of the
  code that add rules to filters and/or the code that creates and checks
  the shadow transactions.

  
  [Other]

  Affected releases : Groovy, Focal, Eoan, Bionic, Xenial.

  [1]
  
https://github.com/seccomp/libseccomp/pull/180/commits/bc3a6c0453b0350ee43e4925482f705a2fbf5a4d

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-07-06 Thread Ioanna Alifieraki
Currently, there are autopkgtest regressions on Groovy for the docker.io 
package :
https://people.canonical.com/~ubuntu-archive/proposed-migration/groovy/update_excuses.html#libseccomp

These regressions are not due to the new libseccomp (can be reproduced
with previous libseccomp version). They are due to a bug in cloud-init
when in lxd container, where 'cloud-init status' status returns error.
See bug https://bugs.launchpad.net/ubuntu/+source/cloud-
init/+bug/1886531

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  Invalid
Status in libseccomp package in Ubuntu:
  In Progress
Status in libseccomp source package in Xenial:
  In Progress
Status in libseccomp source package in Bionic:
  In Progress
Status in libseccomp source package in Eoan:
  In Progress
Status in libseccomp source package in Focal:
  In Progress
Status in libseccomp source package in Groovy:
  In Progress

Bug description:
  [IMPACT]
  There is a known and patched issue with version 2.4 of libseccomp where 
certain operations have a large performance regression. This is causing some 
packages that use libseccomp such as container orchestration systems to 
occasionally time out or otherwise fail under certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

  Upstream issue : https://github.com/seccomp/libseccomp/issues/153
  Upstream fix : https://github.com/seccomp/libseccomp/pull/180/

  [Test Case]

  For this test case we use Docker on Ubuntu Groovy (20.10) :

  --> Current libseccomp version
  #dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu3 
 amd64high level interface to Linux seccomp filter

  ## pull ubuntu image
  # docker pull ubuntu
  ## create a container
  # docker run --name test_seccomp -it 74435f89ab78 /bin/bash

  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m10,319s
  user  0m0,018s
  sys   0m0,033s

  
  --> Patched libseccomp version

  # dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu4 
 amd64high level interface to Linux seccomp filter

  # docker start test_seccomp
  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m3,650s
  user  0m0,025s
  sys   0m0,028s

  [Regression Potential]

  The first of the 2 patches cleans up the code that adds rules to a
  single filter without changing the logic of the code. The second patch
  introduces the idea of shadow transactions. On a successful
  transaction commit the old transaction checkpoint is preserved and is
  brought up to date with the current filter. The next time a new
  transaction starts, it checks is the a shadow transaction exist and if
  so the shadow is used instead of creating a new checkpoint from
  scratch [1]. This is the patch that mitigates the performance
  regression. Any potential regression will involve the parts of the
  code that add rules to filters and/or the code that creates and checks
  the shadow transactions.

  
  [Other]

  Affected releases : Groovy, Focal, Eoan, Bionic, Xenial.

  [1]
  
https://github.com/seccomp/libseccomp/pull/180/commits/bc3a6c0453b0350ee43e4925482f705a2fbf5a4d

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-06-30 Thread Dan Streetman
uploaded to x/b/e/f/g, thanks!

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  Invalid
Status in libseccomp package in Ubuntu:
  In Progress
Status in libseccomp source package in Xenial:
  In Progress
Status in libseccomp source package in Bionic:
  In Progress
Status in libseccomp source package in Eoan:
  In Progress
Status in libseccomp source package in Focal:
  In Progress
Status in libseccomp source package in Groovy:
  In Progress

Bug description:
  [IMPACT]
  There is a known and patched issue with version 2.4 of libseccomp where 
certain operations have a large performance regression. This is causing some 
packages that use libseccomp such as container orchestration systems to 
occasionally time out or otherwise fail under certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

  Upstream issue : https://github.com/seccomp/libseccomp/issues/153
  Upstream fix : https://github.com/seccomp/libseccomp/pull/180/

  [Test Case]

  For this test case we use Docker on Ubuntu Groovy (20.10) :

  --> Current libseccomp version
  #dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu3 
 amd64high level interface to Linux seccomp filter

  ## pull ubuntu image
  # docker pull ubuntu
  ## create a container
  # docker run --name test_seccomp -it 74435f89ab78 /bin/bash

  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m10,319s
  user  0m0,018s
  sys   0m0,033s

  
  --> Patched libseccomp version

  # dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu4 
 amd64high level interface to Linux seccomp filter

  # docker start test_seccomp
  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m3,650s
  user  0m0,025s
  sys   0m0,028s

  [Regression Potential]

  The first of the 2 patches cleans up the code that adds rules to a
  single filter without changing the logic of the code. The second patch
  introduces the idea of shadow transactions. On a successful
  transaction commit the old transaction checkpoint is preserved and is
  brought up to date with the current filter. The next time a new
  transaction starts, it checks is the a shadow transaction exist and if
  so the shadow is used instead of creating a new checkpoint from
  scratch [1]. This is the patch that mitigates the performance
  regression. Any potential regression will involve the parts of the
  code that add rules to filters and/or the code that creates and checks
  the shadow transactions.

  
  [Other]

  Affected releases : Groovy, Focal, Eoan, Bionic, Xenial.

  [1]
  
https://github.com/seccomp/libseccomp/pull/180/commits/bc3a6c0453b0350ee43e4925482f705a2fbf5a4d

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-06-29 Thread Ioanna Alifieraki
Debdiff for Xenial.

** Patch added: "lp1861177_xenial.debdiff"
   
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1861177/+attachment/5388142/+files/lp1861177_xenial.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  Invalid
Status in libseccomp package in Ubuntu:
  In Progress
Status in libseccomp source package in Xenial:
  In Progress
Status in libseccomp source package in Bionic:
  In Progress
Status in libseccomp source package in Eoan:
  In Progress
Status in libseccomp source package in Focal:
  In Progress
Status in libseccomp source package in Groovy:
  In Progress

Bug description:
  [IMPACT]
  There is a known and patched issue with version 2.4 of libseccomp where 
certain operations have a large performance regression. This is causing some 
packages that use libseccomp such as container orchestration systems to 
occasionally time out or otherwise fail under certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

  Upstream issue : https://github.com/seccomp/libseccomp/issues/153
  Upstream fix : https://github.com/seccomp/libseccomp/pull/180/

  [Test Case]

  For this test case we use Docker on Ubuntu Groovy (20.10) :

  --> Current libseccomp version
  #dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu3 
 amd64high level interface to Linux seccomp filter

  ## pull ubuntu image
  # docker pull ubuntu
  ## create a container
  # docker run --name test_seccomp -it 74435f89ab78 /bin/bash

  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m10,319s
  user  0m0,018s
  sys   0m0,033s

  
  --> Patched libseccomp version

  # dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu4 
 amd64high level interface to Linux seccomp filter

  # docker start test_seccomp
  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m3,650s
  user  0m0,025s
  sys   0m0,028s

  [Regression Potential]

  The first of the 2 patches cleans up the code that adds rules to a
  single filter without changing the logic of the code. The second patch
  introduces the idea of shadow transactions. On a successful
  transaction commit the old transaction checkpoint is preserved and is
  brought up to date with the current filter. The next time a new
  transaction starts, it checks is the a shadow transaction exist and if
  so the shadow is used instead of creating a new checkpoint from
  scratch [1]. This is the patch that mitigates the performance
  regression. Any potential regression will involve the parts of the
  code that add rules to filters and/or the code that creates and checks
  the shadow transactions.

  
  [Other]

  Affected releases : Groovy, Focal, Eoan, Bionic, Xenial.

  [1]
  
https://github.com/seccomp/libseccomp/pull/180/commits/bc3a6c0453b0350ee43e4925482f705a2fbf5a4d

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-06-29 Thread Ioanna Alifieraki
Debdiff for Bionic.

** Patch added: "lp1861177_bionic.debdiff"
   
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1861177/+attachment/5388141/+files/lp1861177_bionic.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  Invalid
Status in libseccomp package in Ubuntu:
  In Progress
Status in libseccomp source package in Xenial:
  In Progress
Status in libseccomp source package in Bionic:
  In Progress
Status in libseccomp source package in Eoan:
  In Progress
Status in libseccomp source package in Focal:
  In Progress
Status in libseccomp source package in Groovy:
  In Progress

Bug description:
  [IMPACT]
  There is a known and patched issue with version 2.4 of libseccomp where 
certain operations have a large performance regression. This is causing some 
packages that use libseccomp such as container orchestration systems to 
occasionally time out or otherwise fail under certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

  Upstream issue : https://github.com/seccomp/libseccomp/issues/153
  Upstream fix : https://github.com/seccomp/libseccomp/pull/180/

  [Test Case]

  For this test case we use Docker on Ubuntu Groovy (20.10) :

  --> Current libseccomp version
  #dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu3 
 amd64high level interface to Linux seccomp filter

  ## pull ubuntu image
  # docker pull ubuntu
  ## create a container
  # docker run --name test_seccomp -it 74435f89ab78 /bin/bash

  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m10,319s
  user  0m0,018s
  sys   0m0,033s

  
  --> Patched libseccomp version

  # dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu4 
 amd64high level interface to Linux seccomp filter

  # docker start test_seccomp
  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m3,650s
  user  0m0,025s
  sys   0m0,028s

  [Regression Potential]

  The first of the 2 patches cleans up the code that adds rules to a
  single filter without changing the logic of the code. The second patch
  introduces the idea of shadow transactions. On a successful
  transaction commit the old transaction checkpoint is preserved and is
  brought up to date with the current filter. The next time a new
  transaction starts, it checks is the a shadow transaction exist and if
  so the shadow is used instead of creating a new checkpoint from
  scratch [1]. This is the patch that mitigates the performance
  regression. Any potential regression will involve the parts of the
  code that add rules to filters and/or the code that creates and checks
  the shadow transactions.

  
  [Other]

  Affected releases : Groovy, Focal, Eoan, Bionic, Xenial.

  [1]
  
https://github.com/seccomp/libseccomp/pull/180/commits/bc3a6c0453b0350ee43e4925482f705a2fbf5a4d

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-06-29 Thread Ioanna Alifieraki
Debdiff for Focal.

** Patch added: "lp1861177_focal.debdiff"
   
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1861177/+attachment/5388139/+files/lp1861177_focal.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  Invalid
Status in libseccomp package in Ubuntu:
  In Progress
Status in libseccomp source package in Xenial:
  In Progress
Status in libseccomp source package in Bionic:
  In Progress
Status in libseccomp source package in Eoan:
  In Progress
Status in libseccomp source package in Focal:
  In Progress
Status in libseccomp source package in Groovy:
  In Progress

Bug description:
  [IMPACT]
  There is a known and patched issue with version 2.4 of libseccomp where 
certain operations have a large performance regression. This is causing some 
packages that use libseccomp such as container orchestration systems to 
occasionally time out or otherwise fail under certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

  Upstream issue : https://github.com/seccomp/libseccomp/issues/153
  Upstream fix : https://github.com/seccomp/libseccomp/pull/180/

  [Test Case]

  For this test case we use Docker on Ubuntu Groovy (20.10) :

  --> Current libseccomp version
  #dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu3 
 amd64high level interface to Linux seccomp filter

  ## pull ubuntu image
  # docker pull ubuntu
  ## create a container
  # docker run --name test_seccomp -it 74435f89ab78 /bin/bash

  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m10,319s
  user  0m0,018s
  sys   0m0,033s

  
  --> Patched libseccomp version

  # dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu4 
 amd64high level interface to Linux seccomp filter

  # docker start test_seccomp
  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m3,650s
  user  0m0,025s
  sys   0m0,028s

  [Regression Potential]

  The first of the 2 patches cleans up the code that adds rules to a
  single filter without changing the logic of the code. The second patch
  introduces the idea of shadow transactions. On a successful
  transaction commit the old transaction checkpoint is preserved and is
  brought up to date with the current filter. The next time a new
  transaction starts, it checks is the a shadow transaction exist and if
  so the shadow is used instead of creating a new checkpoint from
  scratch [1]. This is the patch that mitigates the performance
  regression. Any potential regression will involve the parts of the
  code that add rules to filters and/or the code that creates and checks
  the shadow transactions.

  
  [Other]

  Affected releases : Groovy, Focal, Eoan, Bionic, Xenial.

  [1]
  
https://github.com/seccomp/libseccomp/pull/180/commits/bc3a6c0453b0350ee43e4925482f705a2fbf5a4d

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-06-29 Thread Ioanna Alifieraki
Debdiff for Eoan.

** Patch added: "lp1861177_eoan.debdiff"
   
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1861177/+attachment/5388140/+files/lp1861177_eoan.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  Invalid
Status in libseccomp package in Ubuntu:
  In Progress
Status in libseccomp source package in Xenial:
  In Progress
Status in libseccomp source package in Bionic:
  In Progress
Status in libseccomp source package in Eoan:
  In Progress
Status in libseccomp source package in Focal:
  In Progress
Status in libseccomp source package in Groovy:
  In Progress

Bug description:
  [IMPACT]
  There is a known and patched issue with version 2.4 of libseccomp where 
certain operations have a large performance regression. This is causing some 
packages that use libseccomp such as container orchestration systems to 
occasionally time out or otherwise fail under certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

  Upstream issue : https://github.com/seccomp/libseccomp/issues/153
  Upstream fix : https://github.com/seccomp/libseccomp/pull/180/

  [Test Case]

  For this test case we use Docker on Ubuntu Groovy (20.10) :

  --> Current libseccomp version
  #dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu3 
 amd64high level interface to Linux seccomp filter

  ## pull ubuntu image
  # docker pull ubuntu
  ## create a container
  # docker run --name test_seccomp -it 74435f89ab78 /bin/bash

  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m10,319s
  user  0m0,018s
  sys   0m0,033s

  
  --> Patched libseccomp version

  # dpkg -l | grep libseccomp
  ii  libseccomp2:amd64  2.4.3-1ubuntu4 
 amd64high level interface to Linux seccomp filter

  # docker start test_seccomp
  ## run test case
  # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
  ...
  MAX TIME :
  real  0m3,650s
  user  0m0,025s
  sys   0m0,028s

  [Regression Potential]

  The first of the 2 patches cleans up the code that adds rules to a
  single filter without changing the logic of the code. The second patch
  introduces the idea of shadow transactions. On a successful
  transaction commit the old transaction checkpoint is preserved and is
  brought up to date with the current filter. The next time a new
  transaction starts, it checks is the a shadow transaction exist and if
  so the shadow is used instead of creating a new checkpoint from
  scratch [1]. This is the patch that mitigates the performance
  regression. Any potential regression will involve the parts of the
  code that add rules to filters and/or the code that creates and checks
  the shadow transactions.

  
  [Other]

  Affected releases : Groovy, Focal, Eoan, Bionic, Xenial.

  [1]
  
https://github.com/seccomp/libseccomp/pull/180/commits/bc3a6c0453b0350ee43e4925482f705a2fbf5a4d

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-06-22 Thread Ioanna Alifieraki
Debdiff for Groovy.

Currently, there is an ongoing sru of libseccomp for F,E,B and X stuck in 
proposed.
Once it is released in updates, I'll sru this one for F,E,B and X. 

** Description changed:

- There is a known and patched issue with version 2.4 of libseccomp where
- certain operations have a large performance regression. This is causing
- some packages that use libseccomp such as container orchestration
- systems to occasionally time out or otherwise fail under certain
- workloads.
+ [IMPACT]
+ There is a known and patched issue with version 2.4 of libseccomp where 
certain operations have a large performance regression. This is causing some 
packages that use libseccomp such as container orchestration systems to 
occasionally time out or otherwise fail under certain workloads.
  
  Please consider porting the patch into the various Ubuntu versions that
  have version 2.4 of libseccomp and into the backports. The performance
  patch from version 2.5 (yet to be released) applies cleanly on top of
  the 2.4 branch of libseccomp.
  
  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar Debian
  issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913
+ 
+ Upstream issue : https://github.com/seccomp/libseccomp/issues/153
+ Upstream fix : https://github.com/seccomp/libseccomp/pull/180/
+ 
+ [Test Case]
+ 
+ For this test case we use Docker on Ubuntu Groovy (20.10) :
+ 
+ --> Current libseccomp version
+ #dpkg -l | grep libseccomp
+ ii  libseccomp2:amd64  2.4.3-1ubuntu3 
 amd64high level interface to Linux seccomp filter
+ 
+ ## pull ubuntu image
+ # docker pull ubuntu
+ ## create a container
+ # docker run --name test_seccomp -it 74435f89ab78 /bin/bash
+ 
+ ## run test case
+ # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
+ ...
+ MAX TIME :
+ real  0m10,319s
+ user  0m0,018s
+ sys   0m0,033s
+ 
+ 
+ --> Patched libseccomp version
+ 
+ # dpkg -l | grep libseccomp
+ ii  libseccomp2:amd64  2.4.3-1ubuntu4 
 amd64high level interface to Linux seccomp filter
+ 
+ # docker start test_seccomp
+ ## run test case
+ # for i in `seq 1 40`; do (time sudo docker exec test_seccomp true &); done
+ ...
+ MAX TIME :
+ real  0m3,650s
+ user  0m0,025s
+ sys   0m0,028s
+ 
+ [Regression Potential]
+ 
+ The first of the 2 patches cleans up the code that adds rules to a
+ single filter without changing the logic of the code. The second patch
+ introduces the idea of shadow transactions. On a successful transaction
+ commit the old transaction checkpoint is preserved and is brought up to
+ date with the current filter. The next time a new transaction starts, it
+ checks is the a shadow transaction exist and if so the shadow is used
+ instead of creating a new checkpoint from scratch [1]. This is the patch
+ that mitigates the performance regression. Any potential regression will
+ involve the parts of the code that add rules to filters and/or the code
+ that creates and checks the shadow transactions.
+ 
+ 
+ [Other]
+ 
+ Affected releases : Groovy, Focal, Eoan, Bionic, Xenial.
+ 
+ [1]
+ 
https://github.com/seccomp/libseccomp/pull/180/commits/bc3a6c0453b0350ee43e4925482f705a2fbf5a4d

** Patch added: "lp1861177_groovy.debdiff"
   
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1861177/+attachment/5386079/+files/lp1861177_groovy.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  Invalid
Status in libseccomp package in Ubuntu:
  In Progress
Status in libseccomp source package in Xenial:
  In Progress
Status in libseccomp source package in Bionic:
  In Progress
Status in libseccomp source package in Eoan:
  In Progress
Status in libseccomp source package in Focal:
  In Progress
Status in libseccomp source package in Groovy:
  In Progress

Bug description:
  [IMPACT]
  There is a known and patched issue with version 2.4 of libseccomp where 
certain operations have a large performance regression. This is causing some 
packages that use libseccomp such as container orchestration systems to 
occasionally time out or otherwise fail under certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

  Upstream issue : https://github.com/seccomp/libseccomp/issues/153
  Upstream fix : 

[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-06-22 Thread Ioanna Alifieraki
** Also affects: libseccomp (Ubuntu Focal)
   Importance: Undecided
   Status: New

** Also affects: libseccomp (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Also affects: libseccomp (Ubuntu Groovy)
   Importance: Medium
   Status: In Progress

** Also affects: libseccomp (Ubuntu Bionic)
   Importance: Undecided
   Status: New

** Also affects: libseccomp (Ubuntu Eoan)
   Importance: Undecided
   Status: New

** Changed in: libseccomp (Ubuntu Focal)
   Status: New => In Progress

** Changed in: libseccomp (Ubuntu Eoan)
   Status: New => In Progress

** Changed in: libseccomp (Ubuntu Bionic)
   Status: New => In Progress

** Changed in: libseccomp (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: libseccomp (Ubuntu Focal)
   Importance: Undecided => Medium

** Changed in: libseccomp (Ubuntu Eoan)
   Importance: Undecided => Medium

** Changed in: libseccomp (Ubuntu Bionic)
   Importance: Undecided => Medium

** Changed in: libseccomp (Ubuntu Xenial)
   Importance: Undecided => Medium

** Changed in: libseccomp (Ubuntu Xenial)
 Assignee: (unassigned) => Ioanna Alifieraki (joalif)

** Changed in: libseccomp (Ubuntu Bionic)
 Assignee: (unassigned) => Ioanna Alifieraki (joalif)

** Changed in: libseccomp (Ubuntu Eoan)
 Assignee: (unassigned) => Ioanna Alifieraki (joalif)

** Changed in: libseccomp (Ubuntu Focal)
 Assignee: (unassigned) => Ioanna Alifieraki (joalif)

** Changed in: libseccomp (Ubuntu Groovy)
 Assignee: (unassigned) => Ioanna Alifieraki (joalif)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  Invalid
Status in libseccomp package in Ubuntu:
  In Progress
Status in libseccomp source package in Xenial:
  In Progress
Status in libseccomp source package in Bionic:
  In Progress
Status in libseccomp source package in Eoan:
  In Progress
Status in libseccomp source package in Focal:
  In Progress
Status in libseccomp source package in Groovy:
  In Progress

Bug description:
  There is a known and patched issue with version 2.4 of libseccomp
  where certain operations have a large performance regression. This is
  causing some packages that use libseccomp such as container
  orchestration systems to occasionally time out or otherwise fail under
  certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-06-10 Thread Sam Whited
Thanks for the follow ups. If the server team doesn't want to take this
on, could someone provide me with a team or person I could contact to
try and gently prod this forward (maybe someone on the security team)?
I've got some customers that are running into this and telling them to
rebuild this library themselves doesn't seem to have made them happy :)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  Invalid
Status in libseccomp package in Ubuntu:
  In Progress

Bug description:
  There is a known and patched issue with version 2.4 of libseccomp
  where certain operations have a large performance regression. This is
  causing some packages that use libseccomp such as container
  orchestration systems to occasionally time out or otherwise fail under
  certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-06-10 Thread Jamie Strandboge
There isn't a snapd task (snap-seccomp is compiled against libseccomp
but it can't influence this behavior), so unassigning Ian and marking
that task as Invalid.

** Changed in: snapd
   Status: Triaged => Invalid

** Changed in: snapd
 Assignee: Ian Johnson (anonymouse67) => (unassigned)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  Invalid
Status in libseccomp package in Ubuntu:
  In Progress

Bug description:
  There is a known and patched issue with version 2.4 of libseccomp
  where certain operations have a large performance regression. This is
  causing some packages that use libseccomp such as container
  orchestration systems to occasionally time out or otherwise fail under
  certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-06-09 Thread Jamie Strandboge
FYI, a 2.4.3 SRU is in flight (by amurray), but looking at
https://github.com/seccomp/libseccomp/pull/180 (the fix for the bug),
https://github.com/seccomp/libseccomp/issues/187 (2.4.3 backports), and
code inspection, the fix for the bug is not in 2.4.3 and will come in
2.5.

The security team is not currently working on this, but that could be
changed (that should be discussed outside of this bug).

** Bug watch added: github.com/seccomp/libseccomp/issues #187
   https://github.com/seccomp/libseccomp/issues/187

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  Triaged
Status in libseccomp package in Ubuntu:
  In Progress

Bug description:
  There is a known and patched issue with version 2.4 of libseccomp
  where certain operations have a large performance regression. This is
  causing some packages that use libseccomp such as container
  orchestration systems to occasionally time out or otherwise fail under
  certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-06-09 Thread Robie Basak
I asked Dimitri about this on IRC. He isn't expecting to work on this,
and nor is the server team. We think the security team will take this on
according to their priorities? If this does need the server team's
attention, please let us know.

** Tags removed: server-next

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  Triaged
Status in libseccomp package in Ubuntu:
  In Progress

Bug description:
  There is a known and patched issue with version 2.4 of libseccomp
  where certain operations have a large performance regression. This is
  causing some packages that use libseccomp such as container
  orchestration systems to occasionally time out or otherwise fail under
  certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-06-09 Thread Dimitri John Ledkov
** Changed in: libseccomp (Ubuntu)
   Importance: High => Medium

** Changed in: libseccomp (Ubuntu)
   Status: Triaged => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  Triaged
Status in libseccomp package in Ubuntu:
  In Progress

Bug description:
  There is a known and patched issue with version 2.4 of libseccomp
  where certain operations have a large performance regression. This is
  causing some packages that use libseccomp such as container
  orchestration systems to occasionally time out or otherwise fail under
  certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-05-04 Thread Ian Johnson
I can't seem to assign this bug to Dimitri, but as per
https://github.com/snapcore/core20/issues/48, Dimitri should be
preparing a libseccomp 2.4.2 SRU.

** Bug watch added: github.com/snapcore/core20/issues #48
   https://github.com/snapcore/core20/issues/48

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  Triaged
Status in libseccomp package in Ubuntu:
  Triaged

Bug description:
  There is a known and patched issue with version 2.4 of libseccomp
  where certain operations have a large performance regression. This is
  causing some packages that use libseccomp such as container
  orchestration systems to occasionally time out or otherwise fail under
  certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-04-29 Thread Sam Whited
Gentle ping. Can this be assigned to someone? Thanks!

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  Triaged
Status in libseccomp package in Ubuntu:
  Triaged

Bug description:
  There is a known and patched issue with version 2.4 of libseccomp
  where certain operations have a large performance regression. This is
  causing some packages that use libseccomp such as container
  orchestration systems to occasionally time out or otherwise fail under
  certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-01-30 Thread Ian Johnson
I'll take a look at measuring this with snapd $SOON

** Changed in: snapd
 Assignee: (unassigned) => Ian Johnson (anonymouse67)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  Triaged
Status in libseccomp package in Ubuntu:
  Triaged

Bug description:
  There is a known and patched issue with version 2.4 of libseccomp
  where certain operations have a large performance regression. This is
  causing some packages that use libseccomp such as container
  orchestration systems to occasionally time out or otherwise fail under
  certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-01-30 Thread Michael Vogt
** Changed in: snapd
   Status: New => Triaged

** Changed in: snapd
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  Triaged
Status in libseccomp package in Ubuntu:
  Triaged

Bug description:
  There is a known and patched issue with version 2.4 of libseccomp
  where certain operations have a large performance regression. This is
  causing some packages that use libseccomp such as container
  orchestration systems to occasionally time out or otherwise fail under
  certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-01-30 Thread John Lenton
I'm leaving the snapd bug task as New so mvo or ian can take a look when
it's their triage day, at the latest; I have nothing useful to do here
other than "ouch".

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  Triaged
Status in libseccomp package in Ubuntu:
  Triaged

Bug description:
  There is a known and patched issue with version 2.4 of libseccomp
  where certain operations have a large performance regression. This is
  causing some packages that use libseccomp such as container
  orchestration systems to occasionally time out or otherwise fail under
  certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-01-29 Thread Ubuntu Foundations Team Bug Bot
** Tags added: patch

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  New
Status in libseccomp package in Ubuntu:
  Triaged

Bug description:
  There is a known and patched issue with version 2.4 of libseccomp
  where certain operations have a large performance regression. This is
  causing some packages that use libseccomp such as container
  orchestration systems to occasionally time out or otherwise fail under
  certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-01-29 Thread Bryce Harrington
** Tags added: server-next

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  New
Status in libseccomp package in Ubuntu:
  Triaged

Bug description:
  There is a known and patched issue with version 2.4 of libseccomp
  where certain operations have a large performance regression. This is
  causing some packages that use libseccomp such as container
  orchestration systems to occasionally time out or otherwise fail under
  certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-01-29 Thread Bryce Harrington
2.4.1 is currently available from xenial, bionic, disco, eoan; focal
carries 2.4.2.  None of these carry the patches for this bug report yet.

** Changed in: libseccomp (Ubuntu)
   Importance: Undecided => High

** Changed in: libseccomp (Ubuntu)
   Status: New => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  New
Status in libseccomp package in Ubuntu:
  Triaged

Bug description:
  There is a known and patched issue with version 2.4 of libseccomp
  where certain operations have a large performance regression. This is
  causing some packages that use libseccomp such as container
  orchestration systems to occasionally time out or otherwise fail under
  certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-01-29 Thread Bryce Harrington
The patch mentioned in the OP is attached for reference.  Per [1] it was
proposed for inclusion in Debian last November as patches db-
consolidate-some-of-the-code-which-adds-rules-to-.patch and db-add-
shadow-transactions.patch.

The corresponding bug report upstream is [2].

1: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913
2: https://github.com/seccomp/libseccomp/issues/153

** Bug watch added: Debian Bug tracker #943913
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

** Bug watch added: github.com/seccomp/libseccomp/issues #153
   https://github.com/seccomp/libseccomp/issues/153

** Patch added: "0001-Cherry-pick-upstream-commits-21b98d8-and-19af04d.patch"
   
https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1861177/+attachment/5323922/+files/0001-Cherry-pick-upstream-commits-21b98d8-and-19af04d.patch

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  New
Status in libseccomp package in Ubuntu:
  Triaged

Bug description:
  There is a known and patched issue with version 2.4 of libseccomp
  where certain operations have a large performance regression. This is
  causing some packages that use libseccomp such as container
  orchestration systems to occasionally time out or otherwise fail under
  certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp


[Touch-packages] [Bug 1861177] Re: seccomp_rule_add is very slow

2020-01-28 Thread Jamie Strandboge
@mvo and @ijohnson, fyi, the fix for this may help with slow snap-
seccomp (unconfirmed; not actively working on it at this time).

** Also affects: snapd
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libseccomp in Ubuntu.
https://bugs.launchpad.net/bugs/1861177

Title:
  seccomp_rule_add is very slow

Status in snapd:
  New
Status in libseccomp package in Ubuntu:
  New

Bug description:
  There is a known and patched issue with version 2.4 of libseccomp
  where certain operations have a large performance regression. This is
  causing some packages that use libseccomp such as container
  orchestration systems to occasionally time out or otherwise fail under
  certain workloads.

  Please consider porting the patch into the various Ubuntu versions
  that have version 2.4 of libseccomp and into the backports. The
  performance patch from version 2.5 (yet to be released) applies
  cleanly on top of the 2.4 branch of libseccomp.

  For more information, and for a copy of the patch (which can also be
  cherry picked from the upstream libseccomp repos) see the similar
  Debian issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943913

To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/1861177/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp