Hi everyone, This patchset focuses on optimizations for memory handling done in internals of smk_write_rules_list(). It is an update from [1].
The first patch introduces a limit for maximal length of a rule string. The second patch optimizes rule string parsing to avoid unnecessary allocations. The third and the forth introduce kmem_cache to reduce memory wasted on padding bytes. The patchset is rebased on smack/next. Additionally the "memleak" patch [2] has to be applied. This patch conflicts with the this patchset. Some measurements for time and used memory were prepared. The test platform was ARM target. The Smack configuration contains circa 17K rules and 500 labels. The procedure is following: 1. Boot the target with 'init=/bin/bash' added to cmdline. 2. Mount all needed file systems (procfs and smackfs in principle) 3. Measure SLAB memory with (column Pre expressed in [kiB]): # grep SUnreclaim: /proc/meminfo 4. Initialize SMACK and measure time (column Time [sec]) # time smackctl apply 5. Measure SLAB memory with (column Post expressed in [kiB]): # grep SUnreclaim: /proc/meminfo Each measurement was repeated 5 time to reduce noise. The column 'Diff' is equal to 'Post' - 'Pre'. This value is expected to be equal to kernel memory allocated during the initialization of SMACK. Result for the reference kernel from smack/next: Run:|Pre |Post|Diff|Time .------------------------- 1 |5132|7116|1984|1.162 2 |5148|7024|1876|1.134 3 |5292|7264|1972|1.148 4 |5436|7424|1988|1.156 5 |5364|7276|1912|1.140 .------------------------- AVG:| | |1946|1.148 Results for reference kernel plus memfix patch. Run:|Pre |Post|Diff|Time .------------------------- 1 |5056|6388|1332|1.149 2 |5072|6444|1372|1.127 3 |4892|6336|1444|1.131 4 |5468|6740|1272|1.149 5 |5192|6520|1328|1.145 .------------------------- AVG:| | |1349|1.140 Fixing the memleak reduced memeory consumption by 600 KiB. Results for previous kernel + patch 2. Patch 1 was not tested because it is only a protection limit. Run:|Pre |Post|Diff|Time .------------------------- 1 |5264|6616|1352|1.117 2 |5352|6668|1316|1.115 3 |5400|6752|1352|1.118 4 |5220|6668|1448|1.122 5 |5316|6652|1336|1.101 .------------------------- AVG:| | |1360|1.115 The patch 2 fastened rule loading by 25 ms. Results for previous kernel + patch 3. Run:|Pre |Post|Diff|Time .------------------------- 1 |5212|6432|1220|1.106 2 |5408|6552|1144|1.118 3 |5044|6292|1248|1.107 4 |5232|6428|1196|1.120 5 |5268|6492|1224|1.111 .------------------------- AVG:| | |1206|1.112 Memory consumption was reduced by 154 kiB. The patch reduced memory used for single rule entity from 32 to 24 bytes. This gives 8 * 17k = 132 KiB. The value is consistent with measurements due to high noise. Results for previous kernel + patch 3. Run:|Pre |Post|Diff|Time .------------------------- 1 |5300|6176| 876|1.098 2 |5044|5984| 940|1.086 3 |5504|6436| 932|1.074 4 |5244|6200| 956|1.083 5 |5280|6164| 884|1.088 .------------------------- AVG:| | | 918|1.086 Memory consumption was reduced by 288 kiB. The patch reduced memory used for single master rule entity from 32 to 16 bytes. This gives 16 * 17k = 264 KiB. The value is consistent with measurements due to high noise. Moreover, the initialization was sped up by 26 ms. To sum up, all the patches plus the memory fix reduced the amount of memory for rule-related structures from 1946 kiB to 918 kiB. Memory requirements were reduced by half. I hope you find this patchset useful. All comments are welcome. Regards, Tomasz Stanislawski. Changelog: v1: - post 'fix memleak in smk_write_rules_list() as a separate patch' - prepare performance measurements - remove stack allocations for a rule string, use kmalloc() [1] http://en.it-usenet.org/thread/20260/343969/ [2] http://www.mail-archive.com/linux-kernel@vger.kernel.org/msg454761.html Tomasz Stanislawski (4): security: smack: limit a length for a rule string in the long format security: smack: avoid kmalloc() in smk_parse_long_rule() security: smack: add kmem_cache for smack_rule allocations security: smack: add kmem_cache for smack_master_list allocations security/smack/smack.h | 10 ++++++ security/smack/smack_lsm.c | 19 +++++++++- security/smack/smackfs.c | 83 ++++++++++++++++++++++++-------------------- 3 files changed, 74 insertions(+), 38 deletions(-) -- 1.7.9.5 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/