[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SE/Linux] status / progress report 13jun2004

On Mon, Jun 14, 2004 at 09:59:21AM -0400, James Morris wrote:
> > > It's actually disabled again (compiled in but disabled) in SuSE because
> > > the performance hit was much much worse.  And I remember benchmark
> > > numbers where the lsm hooks alone decreased the SpecWeb numbers on ia64
> > > by more than 10%.  I'd vote strongy against enabling LSM in the Debian
> > > kernel images.
> 
> When did you see these figures?  They are not consistent with the 
> performance data I've seen.
> 
> When I ran Webstone tests on x86 for the Usenix paper, there was a 5-7%
> performance hit for LSM, which dropped to 1-2% once the Netfilter hooks
> were disabled.  LSM was reworked considerably before submission to the
> upstream kernel, which included dropping the Netfilter hooks, as well as
> many other hooks in the networking, and the hooking mechanism itself was
> redesigned for efficiency.  LSM should have significantly less overhead 
> than the 1-2% figure for web performance.

They're from a hardware vendor doing benchmarking on one of the
commercial distros.  Note that this is on IA64 where gcc is particularly
bad when lots of indirect function calls are used.
Reply to: