From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 30B4DEB64D7
	for <linux-mm@archiver.kernel.org>; Wed, 28 Jun 2023 20:59:40 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 6845A8D0002; Wed, 28 Jun 2023 16:59:39 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 6340E8D0001; Wed, 28 Jun 2023 16:59:39 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 4FC458D0002; Wed, 28 Jun 2023 16:59:39 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16])
	by kanga.kvack.org (Postfix) with ESMTP id 41ADC8D0001
	for <linux-mm@kvack.org>; Wed, 28 Jun 2023 16:59:39 -0400 (EDT)
Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay07.hostedemail.com (Postfix) with ESMTP id F213B16054A
	for <linux-mm@kvack.org>; Wed, 28 Jun 2023 20:59:38 +0000 (UTC)
X-FDA: 80953372836.17.EE08D88
Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175])
	by imf26.hostedemail.com (Postfix) with ESMTP id F02A614000A
	for <linux-mm@kvack.org>; Wed, 28 Jun 2023 20:59:36 +0000 (UTC)
Authentication-Results: imf26.hostedemail.com;
	dkim=pass header.d=chromium.org header.s=google header.b=lqW3ouyN;
	spf=pass (imf26.hostedemail.com: domain of keescook@chromium.org designates 209.85.210.175 as permitted sender) smtp.mailfrom=keescook@chromium.org;
	dmarc=pass (policy=none) header.from=chromium.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1687985977;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=p5EAwO68zepmlB4DZ7YeQCN7tx9mqPakWLHiXEndXTk=;
	b=oSlgawt+wmRGoC0qTT8wrS3AVrbrXlAdeH9Iucp5HiTQFXqIaJ2xTCgUn7Y2wFsSqTMas2
	FXhQkrcz4SjkY089Tr/e3RQBV+53TJ/9AMga4i6kHCsHuEFpIBgv7CIcQ64uFJJpMw3XLl
	9qtJNtVaVjj8M1+dLiCFFhHxcUnpgoA=
ARC-Authentication-Results: i=1;
	imf26.hostedemail.com;
	dkim=pass header.d=chromium.org header.s=google header.b=lqW3ouyN;
	spf=pass (imf26.hostedemail.com: domain of keescook@chromium.org designates 209.85.210.175 as permitted sender) smtp.mailfrom=keescook@chromium.org;
	dmarc=pass (policy=none) header.from=chromium.org
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1687985977; a=rsa-sha256;
	cv=none;
	b=X6PWIO00HbjlO9sQy2y6f5p06g0i3o5iByzwNNhL+HQ4pJKO7Mru6yOzgoUK72Bt3DGdZS
	pRQkx/H8HwVY3xLhoaobcUSx401ZW46rCfUfnsiscWz6ZoSbG1H1ENecBsLnHuOdYu5KRa
	A4236juIsZOCeG4uXIexW5HgdFuInCE=
Received: by mail-pf1-f175.google.com with SMTP id d2e1a72fcca58-676f16e0bc4so184439b3a.0
        for <linux-mm@kvack.org>; Wed, 28 Jun 2023 13:59:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google; t=1687985975; x=1690577975;
        h=in-reply-to:content-transfer-encoding:content-disposition
         :mime-version:references:message-id:subject:cc:to:from:date:from:to
         :cc:subject:date:message-id:reply-to;
        bh=p5EAwO68zepmlB4DZ7YeQCN7tx9mqPakWLHiXEndXTk=;
        b=lqW3ouyNx7hW2mqTtqZkWWLZkqi91e+OzqynvHrRmoI+fFXMrHqi7+vOlxnIV/s3RB
         jfaDcgTVeM2rtOKSDntGBOqnjK1QK0I9bWtkAyJPAS67ACxO8MdHkkDm1/TMHV4ZiOlU
         Jzso/vrdbQt9Q3QjyeWHNBVwjD2c7FPLrT7bQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1687985975; x=1690577975;
        h=in-reply-to:content-transfer-encoding:content-disposition
         :mime-version:references:message-id:subject:cc:to:from:date
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=p5EAwO68zepmlB4DZ7YeQCN7tx9mqPakWLHiXEndXTk=;
        b=BVX1p5xPsudHr1vnrCTZqni8lawIZXZTri1PbrlvDv2UaFe/SwwpWfc2KF1N4IyYqZ
         pjLWQhCbwAhKBhy/NUTTKbO+U0L9TLD2qauIogDe3dHV4Fh+qY3S3+r9Qpg/H+WqIr57
         wQBkuQmSnMuetRlpaJ3qTZy5QC9fkrGkcORTKBUjacSuIMYQZKO+KUpwmVe+ArgKPirc
         g7MjR7jpik1P2QhjfAaWJykXN9JXll1DX4Rsg008i+fyhuvsWB2Sunvr0R+Fy2NtQRnE
         R6jIUdKAMNCywhSkSbmsOsFYBFhd2CCrQPTufbVzVV97TRJTZrgq7y9ptMjej1dIqNLs
         QNrQ==
X-Gm-Message-State: AC+VfDwMGaw1Zoz79qd5t3r6ao2ZdARWO9Ygfr3IUy1GijIC4CRqjCsu
	LG3+ETraazeNCmAD4TwxBcDdXg==
X-Google-Smtp-Source: ACHHUZ4b34bw7rZc9L7px3h6EUsiEBtUzLuZldpOt5NSLbXfKgtYiPS99hwUcfBulL/R+vof/etEuQ==
X-Received: by 2002:a05:6a00:3a14:b0:668:82fe:16e2 with SMTP id fj20-20020a056a003a1400b0066882fe16e2mr22096409pfb.16.1687985975628;
        Wed, 28 Jun 2023 13:59:35 -0700 (PDT)
Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241])
        by smtp.gmail.com with ESMTPSA id u23-20020aa78497000000b0067aa2a70179sm4146384pfn.46.2023.06.28.13.59.34
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 28 Jun 2023 13:59:34 -0700 (PDT)
Date: Wed, 28 Jun 2023 13:59:34 -0700
From: Kees Cook <keescook@chromium.org>
To: Julian Pidancet <julian.pidancet@oracle.com>
Cc: Christoph Lameter <cl@linux.com>, Pekka Enberg <penberg@kernel.org>,
	David Rientjes <rientjes@google.com>,
	Joonsoo Kim <iamjoonsoo.kim@lge.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Vlastimil Babka <vbabka@suse.cz>,
	Roman Gushchin <roman.gushchin@linux.dev>,
	Hyeonggon Yoo <42.hyeyoo@gmail.com>, linux-mm@kvack.org,
	Jonathan Corbet <corbet@lwn.net>, linux-doc@vger.kernel.org,
	linux-kernel@vger.kernel.org, Matthew Wilcox <willy@infradead.org>,
	Rafael Aquini <aquini@redhat.com>
Subject: Re: [PATCH] mm/slub: disable slab merging in the default
 configuration
Message-ID: <202306281358.E6E6C2759@keescook>
References: <20230627132131.214475-1-julian.pidancet@oracle.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20230627132131.214475-1-julian.pidancet@oracle.com>
X-Rspamd-Queue-Id: F02A614000A
X-Rspam-User: 
X-Stat-Signature: sh3huhu9cnnx5bt6cmus5ftor85fciq7
X-Rspamd-Server: rspam01
X-HE-Tag: 1687985976-255887
X-HE-Meta: U2FsdGVkX19xb4WZb3qcuM78GswZ85qQs0FAqMxbgAEGB8L9HDrFAdYdnUQkKGJr2OOrlB/bzRmgHyzC03NfoRLM9G0HIRvcEesljVnbvan0R8xLYcmwN7fVgRPsZDq66VqD4bSovrtZbWqZRdqMTn0UFoALNt8S4dMM79A/l9Xhe3njg3sOX8da3/mE1eLNv750esJ8Eb6A8cvG26b/jGS2aukTXgbVJ9WxBezUFcJ8SoxXj8Pji5/8Bv4/CqWGtzESgkjKKf/yslRAcAQp8NbuWbsjCDfeAE4kQ8aeJF3tHPOrszEiF+WvWqRt4+ZoI3IwJJkRZVCiCQ3Jbrav00Ru7zElZsLSQAIgzdfawKjcKa8/NxvuDbYwuL/Wxh+smntFa5c3tJkxuoBZZOaCF5d6z7VHq1ofdFggqdU2an4dPP+JZPbI+VUstI7baomeurCUIiWqvh8a+48TqAZNAFSRP48kYMX8kvxAwP2gOL0xfTw4nQzERdeIomJZTZUqABR6nsLglFiNRSHV5VuMCm5tVF4aiSAKpVya9q3dR0KoXy7t9X+xHKbNVcYj+jQ2Htb7gc1DiqlAchmr0wkdMGCUairumrRy5obCzVlSs1IcWaaXnrp/PTlF02gCHUv7swcZnAODxot8gVhFNbv5sDBu1fZOuIswMu1pm6857xqbtDXNHJ3IjXF8zn0RHuLp2vr5elRChoSvkPT7XCQL1xRmulPF7JrizvARZxR/X9KHkEH+mgcyPUFyMvToxBHKEtzWv9GkQhhJlJdU8o2av4mZPmcIYRCAgC+kVEEqjjRdAnKxKeWa/+ahOm30ohR876eUJFzSPEjCB26xIAJY5kQvzfZBIjGZBU5RJ8ivfOiBFB/uPGvQQSbBHkD/jDcbgB9fNAykCAKAvS1i64mcPRB/ZDV31P8qOL2mgNuVsh0faZ5APo7wnUO2GP71xFsNFLIdRJfXi0REThm1qGj
 apFXgg66
 /mlsRGML65xCiuBj3MkGr3lwq6ZNM4uU/DqshJQ8taKVEnFIoAWluVAakidwk5X+yx/6+LFOEu4oc2IRQyG8flUycB0MMyIg6VPanzwZIywS3A7BtDHI0OXZUalni7579qD8aKC4xCLUKjhlLA/IG1+O3tt2zz3EdYT5EpLK2XwOZdg79YKYV7/kg5Hu+MfuxyX19SRXcUoux929U0IF6bbqIXDRGepqfd6OvtOkmlTnOtCpjk9j/8ZOGTmG0NWB6+fcXs94C6MYifgxPWeOZ+VGUyaCluvp1WypOnpx9+FWFSWLsvbpgBKSJxg92iiBML0csaxWtRzEPMlAGmYLQmHOcsAUIxnV77XvA6O+VWsDyF+dGflOTLrgbJJmnRADH4EUOXnC4q3y0prEeoHXPgdE4O6sqyhtqJv6z3LnRkoSq9B1dapohovdmOPpv20TtDzxGTqBnR/aK4YBCovBigX2Yw9oHKc4q5AO4KHmydKbm2ldPLqazkNsLMSjeZ9uRz5Y+
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Tue, Jun 27, 2023 at 03:21:31PM +0200, Julian Pidancet wrote:
> Make CONFIG_SLAB_MERGE_DEFAULT default to n unless CONFIG_SLUB_TINY is
> enabled. Benefits of slab merging is limited on systems that are not
> memory constrained: the overhead is negligible and evidence of its
> effect on cache hotness is hard to come by.
> 
> On the other hand, distinguishing allocations into different slabs will
> make attacks that rely on "heap spraying" more difficult to carry out
> with success.
> 
> Take sides with security in the default kernel configuration over
> questionnable performance benefits/memory efficiency.
> 
> Signed-off-by: Julian Pidancet <julian.pidancet@oracle.com>
> ---
> In an attempt to assess the performance impact of disabling slab
> merging, a timed linux kernel compilation test has been conducted first
> using slab_merge, then using slab_nomerge. Both tests started in an
> identical state.  Commodity hardware was used: a laptop with an AMD Ryzen
> 5 3500U CPU, and 16GiB of RAM. The kernel source files were placed on
> an XFS partition because of the extensive use of slab caches in XFS.
> 
> The results are as follows:
> 
>       | slab_merge       | slab_nomerge     |
> ------+------------------+------------------|
> Time  | 489.074 ± 10.334 | 489.975 ± 10.350 |
> Min   |          459.688 |          460.554 |
> Max   |          493.126 |          494.282 |
> 
> The benchmark favors the configuration where merging is disabled, but the
> difference is only ~0.18%, well under statistical significance.

As mentioned, please include these kinds of perf notes in the commit
log; it's useful to see later. :)

Regardless, yes, please. I have been running slab_nomerge on all my
systems for years and years now.

With the typo fixed and commit log updated, please consider this:

Reviewed-by: Kees Cook <keescook@chromium.org>

-Kees

-- 
Kees Cook