On Thu, Jan 22, 2026 at 2:43 PM chunhui ren via busybox <[email protected]> wrote: > I’m working on a performance optimization and would like to explore adding > noexec support for sed and grep.
Please see docs/nofork_noexec.txt The problem here is that sed and grep can be inserted into a long-running pipe. Therefore, whatever extra memory allocated by the parent applet before fork() will be permanently used by them while they are running. Can we measure how much is that? Looks like ~16kb if the parent is a shell. Another complication is that the parent program must not set up nontrivial signals handlers which do not expect that NOEXEC applet has started running after fork(). > The motivation is to reduce fork/exec overhead in constrained environments In this case, you are eliminating just exec overhead. Not fork > I have an initial implementation attached below, where: > • sed and grep are marked as noexec-capable applets > • the change is intended purely as a performance optimization The problem here is that we don't know what's the parent applet is. If it has a potential of having large allocated memory, then NOEXECing is undesirable; if it does _NOT_, then it is okay. > Before refining or splitting this further, I’d like to confirm whether this > direction is acceptable, and whether there are known concerns in sed/grep > internals that would make noexec unsuitable. > > Thanks for your time and feedback. > > Signed-off-by: Ren Chunhui <[email protected]> > > ... > --- a/shell/ash.c > +++ b/shell/ash.c > @@ -8336,7 +8336,7 @@ static void shellexec(char *prog, char **argv, const > char *path, int idx) > envp = listvars(VEXPORT, VUNSET, /*strlist:*/ NULL, /*end:*/ NULL); > if (strchr(prog, '/') != NULL > #if ENABLE_FEATURE_SH_STANDALONE > - || (applet_no = find_applet_by_name(prog)) >= 0 > + || (((applet_no = find_applet_by_name(prog)) >= 0) > + && !is_applet_forbidden_noexec(applet_no) > + && is_applet_force_noexec(applet_no)) Unclear why you are doing this: tryexec() already has the code to NOEXEC the applets. All should work if you just patch sed and grep to be NOEXEC. It does not work? What exactly is the problem? _______________________________________________ busybox mailing list [email protected] https://lists.busybox.net/mailman/listinfo/busybox
