From owner-freebsd-security@FreeBSD.ORG Sun Apr 15 20:00:53 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 41BA4106566B; Sun, 15 Apr 2012 20:00:53 +0000 (UTC) (envelope-from yanegomi@gmail.com) Received: from mail-ob0-f182.google.com (mail-ob0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id D87438FC15; Sun, 15 Apr 2012 20:00:52 +0000 (UTC) Received: by obqv19 with SMTP id v19so5391943obq.13 for ; Sun, 15 Apr 2012 13:00:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; bh=mnralVivXlJvciH+6DBucC8H6Pz/CSSQecoxTjyy138=; b=mYjK1C+WkQoFoDi4ma0qJyO2g4WkuiBMHGUMR/QeIAgxz5mWH8LCvsi3RdNguBPWOX TgEezvSScz+pDZUXJII2xzXBqfRMlOPEnKRsB8LsR/lv1N0qCGsF8OeQOjvUDeC59b45 wgNeTfctmtK9kBIkRZCGtS5ySQCu7CMGLY5XFMCxnpTH3c5FhGHqvhbHwBdQAc1uAbMO IHaqKRV++pbYUI0w7xJwwBXTK9yDuy+W1DWDz7s+a4Dreb2NC4QUVEZeCiAIEnj+CKu9 F3qMHaRjLADyvMtKsRgaK2n03pKYYJGSEtqOqByQ/A0rjjW/lqkRATGqMoYtuXU8SzkM 79ow== Received: by 10.182.169.68 with SMTP id ac4mr12587579obc.19.1334520052529; Sun, 15 Apr 2012 13:00:52 -0700 (PDT) Received: from [192.168.2.5] (dpc691939029.direcpc.com. [69.19.39.29]) by mx.google.com with ESMTPS id by5sm17138512obb.19.2012.04.15.13.00.39 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 15 Apr 2012 13:00:51 -0700 (PDT) Mime-Version: 1.0 (Apple Message framework v1257) Content-Type: text/plain; charset=iso-8859-1 From: Garrett Cooper In-Reply-To: <4F8B21D2.4080008@zedat.fu-berlin.de> Date: Sun, 15 Apr 2012 13:00:25 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: <951B1A8C-A216-420A-BA17-316B8D9C2B0E@gmail.com> References: <4F8AAEF7.3090800@zedat.fu-berlin.de> <4F8B21D2.4080008@zedat.fu-berlin.de> To: O. Hartmann X-Mailer: Apple Mail (2.1257) X-Mailman-Approved-At: Sun, 15 Apr 2012 20:59:04 +0000 Cc: freebsd-security@freebsd.org, Richard Kojedzinszky , Current FreeBSD , freebsd-performance@freebsd.org Subject: Re: ufs multilabel performance (fwd) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Apr 2012 20:00:53 -0000 On Apr 15, 2012, at 12:30 PM, O. Hartmann wrote: > Am 04/15/12 15:59, schrieb Richard Kojedzinszky: >> Thank you for the reply. >>=20 >> Unfortunately, dont know why, but on my xen virtualised environment, >> fbsd amd64 domU performs much slower, not only 30 times. Without >> multilabel, file creation speed is around 2500/s, but with = multilabels >> enabled, it is only 15/s (!). so it is more than 100 times slower. >>=20 >> And anyway freebsd is known to be fast as well, as functional. The = power >> to serve. :) >>=20 >> But in my environment, 15/s file creation is very-very slow. The >> hardware is a q6700 cpu with 4G ram, 2x1T sata disks in raid1, the = host >> runs linux. I think with this hw the mentioned speed is really slow. >>=20 >> Regards, >>=20 >>=20 >> Kojedzinszky Richard >> Euronet Magyarorszag Informatikai Zrt. >>=20 >> On Sun, 15 Apr 2012, O. Hartmann wrote: >>=20 >>> Date: Sun, 15 Apr 2012 13:20:23 +0200 >>> From: O. Hartmann >>> To: Richard Kojedzinszky >>> Cc: freebsd-security@freebsd.org >>> Subject: Re: ufs multilabel performance (fwd) >>>=20 >>> Am 04/14/12 21:37, schrieb Richard Kojedzinszky: >>>> Dear list, >>>>=20 >>>> Although it is not only security-related question, I did not get = any >>>> answer from freebsd-performance. The original question is below. >>>>=20 >>>> Can someone give some advice? >>>>=20 >>>> Thanks in advance, >>>>=20 >>>>=20 >>>> Kojedzinszky Richard >>>> Euronet Magyarorszag Informatikai Zrt. >>>>=20 >>>> ---------- Forwarded message ---------- >>>> Date: Thu, 10 Nov 2011 06:16:57 +0100 (CET) >>>> From: Richard Kojedzinszky >>>> To: freebsd-performance@freebsd.org >>>> Subject: ufs multilabel performance >>>>=20 >>>> Dear List, >>>>=20 >>>> I've noticed that when I enable multilabel on an fs, a file = creation >>>> gets around 20-30 times slower than without multilabel set. >>>>=20 >>>> This one-liner can be used to test the differences: >>>> $ truss -D perl -e 'open(F, ">$_.file") for 1 .. 1000' >>>=20 >>> Same here, creating files seems to be 10 - 30 times slower with >>> multilabels as it is without. >>>=20 >>> But as several posts and discussions reflects, FreeBSD isn't = supposed to >>> be fast although it is claimed that writing is the major than = reading; >>> FBSD should serve functionality. >>>>=20 >>>> And one can see that the open call takes much more when multilabel = is >>>> set on an fs. It seems that only file creation needs that many = time, >>>> when a file exists it is opened much faster. >>>>=20 >>>> Could someone acknowledge this, and have some suggestions how to = make it >>>> faster? >>>>=20 >>>> Regards, >>>>=20 >>>>=20 >>>> Kojedzinszky Richard >>>> TvNetWork Nyrt. >>>> E-mail: krichy (at) tvnetwork [dot] hu >>>> PGP: 0x54B2BF0C8F59B1B7 >>>> Fingerprint =3D F6D4 3FFE AF03 CACF 0DCB 46A1 54B2 BF0C 8F59 B1B7 >=20 > At the moment, I'm troubled with a nasty kernel bug on all FreeBSD 10 > boxes I have spare to test. >=20 > I just tried to reproduce your observation and as far as I can go with > my experience, I can confirm that by using your perl script. >=20 > I'd like to test this again with a small C program. >=20 > I can only test the issue (test is too far optimistic, it's simply a > reproduction of your observation) on FreeBSD 10, the only remaining > FreeBSD server at our department is running FBSD 9-STABLE/amd64 and = "in > production", so changing multilabel support is a bit harsh at the = moment. >=20 >=20 > Sorry about crossposting, but I think this belongs more to CURRENT and > PERFORMANCE than SECURITY. My suggestion is completely take perl out of the equation because the = way you're invoking it above uses stdio and a few other things that add = unnecessary overhead. Try the attached C program/bourne shell snippet instead. Cheers, -Garrett #!/bin/sh set -e tmp=3D$(mktemp -d tmp.XXXXXX) trap "cd /; rm -Rf $tmp" EXIT cd $tmp cat > test_open.c < #include #include int main(void) { char buf[20]; int i; for (i =3D 0; i < 1000; i++) { sprintf(buf, "%d", i); close(open(buf, O_WRONLY|O_CREAT, 0600)); } return (0); } EOF gcc -o test_open test_open.c time ./test_open=