From: "Rémi Denis-Courmont" <remi@remlab.net>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: Re: [FFmpeg-devel] [PATCH 4/7] checkasm: use pointers for start/stop functions
Date: Wed, 19 Jul 2023 18:58:33 +0300
Message-ID: <2159496.Icojqenx9y@basile.remlab.net> (raw)
In-Reply-To: <N_esF-u--3-9@lynne.ee>
Le keskiviikkona 19. heinäkuuta 2023, 0.32.26 EEST Lynne a écrit :
> > User-space access to the cycle counter has been deemed a security threat
> > due to the Cycle Drift attack, and is disabled as of OpenSBI 1.3.
> >
> > If FFmpeg does not support Linux perf, FFmpeg will get _no_ performance
> > benchmarks on Linux.
>
> It does support linux perf. I've used it many times.
Yes of course. This MR modifies the Linux perf code, so I can see that it's
there. My point is that *if* Linux perf is *not* enabled (in ./configure),
there will be no benchmarks anymore on newer Linux RISC-V systems. But if it
is enabled it, there will be no benchmarks on existing systems. Hence the need
for the run-time indirection, or some very major PITA for development and
supporting new developers (and we've seen already 3 different people sending
RISC-V patches besides me in the past few months).
> >> This is a development tool first and foremost.
> >
> > A development tool is not a justification for leaving a security whole in
> > the system. I don't make the rules, and you don't either. OpenSBI and
> > Linux make them.
>
> You're not required to leave them on always. It's a development tool.
> You don't disable frequency scaling on all the time on other platforms,
> just when doing benchmarks, which is what the tool is meant for.
There is no need to disable frequency scaling if you use the most _suited_
counter for microbencmarks, that is to say the cycle counter. And then,
disabling frequency scaling is not always feasible.
> For ARM, we routinely use an external kernel module to enable
> the performance timers just so we avoid linux perf.
I don't think an external ARM-specific kernel module is an excuse for breaking
checkasm for _normal_ out-of-the-box kernel setups. Just because checkasm is a
development tool doesn't mean that it only runs on custom development systems.
> Specifically on arm, the linux perf noise is very high, which is where
> my concerns are.
I fail to see how this MR makes this any worse. You can still disable Linux
perf at build time as you could before. Quite the contrary in fact: if the
noise is so high then there are no ways that a single indirect function call
would make any meaningful difference for the worse.
> >> If anyone doesn't want to use rdcycle, they can use linux perf, it still
> >> works, with or without the patch.
> >
> > It does not.
>
> Why not? It works on arm. The same exact code is used on risc-v
> and on any other platform too.
Currently it's disabled by default on RISC-V (really anything but Arm) in
FFmpeg's configure, and hardly anybody has the necessary OpenSBI and Linux
updates for Linux perf to work on RISC-V.
We can't simply assume that Linux perf is supported. We're a few years too
early for that. And by then, Android will have blocked Linux perf, so we will
have the same problem anyway, only for different reasons.
> >> Either way, I don't agree with this patch, not accepting it.
> >
> > The only vaguely valid reason you've given is that this should cache the
> > function pointers locally, which version 2 does.
>
> I disagree with it doing an indirection at all.
I can see that, and you're entitled to your opinion.
But that's neither technical reasoning, nor actionable review feedback.
> It's overhead and a potential source of inaccuracy.
If Linux perf is enabled, it's blatantly obvious that whatever additional
overhead this adds is negligible. Since you insist, on top of my head, Linux
perf already now will do quite a few indirect calls:
- from checkasm's PLT to libc's ioctl(),
- from libc's syscall to kernel exception vector,
- from exception vector to ioctl syscall handler,
- from ioctl handler to PMU framework,
- from PMU framework to PMU backend driver.
And that's grossly over-simplified and glossing over all the other calls and
stuff that happen in-between.
As for the case that Linux perf is disabled at build time, then I can make a
different version that calls AV_READ_TIME directly without indirection if
that's what bothers Gramner and/or you. Though you've noted yourself that that
path is also very noisy as it is so not like adding one indirect call will
matter here :shrug:
> It's up to you to prove it wouldn't affect major platforms.
I think that I have supplied plenty of technical arguments that there
shouldn't be a problem with this MR. And in the unlikely event that there
would be an unexpected problem, I'm sure somebody would revert it; it's not an
irreversible situation. Not to mention that, in the mean time, Martin did
indeed verify that the overhead is small and stable (on Arm).
> > Since you're giving zero valid reasons, I'm invoking the TC.
>
> What, you expect them to materialize an opinion out of thin air?
I think that they already have plenty to materialise an opinion from, between
the MR, this thread, Martin's benchmarks, and their experience. Otherwise,
they always have the possibility to ask for clarifications (it's even in the
community rulebook).
> You could've asked the actual maintainer, and one who knows the
> most about the code, Gramner.
Henrik was and still is welcome to review and comment. I am not in the habit
of asking permission to send code for review.
> But you're focusing too hard on arguing about irrelevant issues, even
> bringing up security, rather than using reasoning or clearly describing the
> need for the patch.
Security is the reason why RDCYCLE will stop working, and that in turn is the
motivation for this set. I believe it's well described in the commit message
(notably patch 6/7), and this is the first time in this thread that you state
otherwise. You don't like the security restriction and you don't have to. But
that does not make it "irrelevant".
And if you want to argue against the change and/or its security motivation,
you need to make your case on Linux RISC-V, Linux pref and Linux kernel
mailing lists, not here.
> By the way, if you're going to start doing personal attacks,
Quoting somebody is not attacking them. I didn't even slice or edit the quote
or otherwise attempt to distort it.
> right down to bringing up random quotes from the IRC,
> unrelated to you,
It looked very much like it was related to the *MR*. Maybe it was just a
"random" coincidence, and I am sorry that you apparently took so badly to
being quoted.
> I would ask the community committee to step in.
> Those, on the other hand, are well-known figures.
--
レミ・デニ-クールモン
http://www.remlab.net/
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
next prev parent reply other threads:[~2023-07-19 15:58 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-14 18:26 [FFmpeg-devel] [PATCH 0/7] checkasm RISC-V Linux perf enablement Rémi Denis-Courmont
2023-07-14 18:28 ` [FFmpeg-devel] [PATCH 1/7] checkasm: fix Linux perf cleanup Rémi Denis-Courmont
2023-07-14 18:28 ` [FFmpeg-devel] [PATCH 2/7] checkasm: improve Linux perf error message Rémi Denis-Courmont
2023-07-14 18:28 ` [FFmpeg-devel] [PATCH 3/7] checkasm: make perf macros functional Rémi Denis-Courmont
2023-07-14 18:28 ` [FFmpeg-devel] [PATCH 4/7] checkasm: use pointers for start/stop functions Rémi Denis-Courmont
2023-07-15 8:05 ` Lynne
2023-07-15 8:25 ` Rémi Denis-Courmont
2023-07-15 17:43 ` Lynne
2023-07-15 20:13 ` Rémi Denis-Courmont
2023-07-16 20:32 ` Lynne
2023-07-17 5:18 ` Rémi Denis-Courmont
2023-07-17 17:48 ` Lynne
2023-07-17 18:09 ` Rémi Denis-Courmont
2023-07-18 21:32 ` Lynne
2023-07-19 15:58 ` Rémi Denis-Courmont [this message]
2023-07-24 21:26 ` [FFmpeg-devel] [TC] " Martin Storsjö
2023-07-24 21:33 ` Nicolas George
2023-07-24 22:19 ` Lynne
2023-07-24 22:57 ` Kieran Kunhya
2023-07-25 6:44 ` Martin Storsjö
2023-07-14 18:28 ` [FFmpeg-devel] [PATCH 5/7] checkasm: remove unused variable Rémi Denis-Courmont
2023-07-14 18:28 ` [FFmpeg-devel] [PATCH 6/7] checkasm: allow run-time fallback to AV_READ_TIME Rémi Denis-Courmont
2023-07-14 18:28 ` [FFmpeg-devel] [PATCH 7/7] configure: enable Linux perf on RISC-V by default Rémi Denis-Courmont
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2159496.Icojqenx9y@basile.remlab.net \
--to=remi@remlab.net \
--cc=ffmpeg-devel@ffmpeg.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git