Documentation
¶
Overview ¶
Package secbenchdef contains struct definitions for secbench benchmarks. All structs in this package need to be JSON-serializable.
Index ¶
Constants ¶
View Source
const ( // NonExistentFD is an FD that is overwhelmingly likely to not exist, // because it would mean that the application has opened 2^31-1 FDs. // Useful to make sure syscalls involving FDs don't actually // do anything serious. NonExistentFD = uintptr(0x7fffffff) // BadFD can be used as an invalid FD in syscall arguments. BadFD = uintptr(0x80000000) )
View Source
const ( // NanosleepZero calls nanosleep(2) to sleep for zero nanoseconds. NanosleepZero = SpecialSyscall("NanosleepZero") // PPollNonExistent calls ppoll(2) with a non-existent FD and a tiny timeout. PPollNonExistent = SpecialSyscall("PPollNonExistent") // RTSigreturn calls a system call that stands in the place of `rt_sigreturn(2)`. RTSigreturn = SpecialSyscall("RTSigreturn") )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Bench ¶
type Bench struct {
// Name is the name of the benchmark.
Name string `json:"name"`
// Profile represents the syscall pattern profile being benchmarked.
Profile Profile `json:"profile"`
// Instructions is the seccomp-bpf program to run the benchmark with.
Instructions []bpf.Instruction `json:"instructions"`
// BuildStats contains information on timing and size of the program.
BuildStats seccomp.BuildStats `json:"buildStats"`
// AllowRejected can be set to true if some sequences in the application
// profile are expected to not be allowed.
// If this is the case, the program's overall performance will not be
// reported.
AllowRejected bool `json:"allowRejected"`
}
Bench represents a benchmark to run.
type BenchRunRequest ¶
type BenchRunRequest struct {
// Bench is the benchmark being run.
Bench Bench `json:"bench"`
// Iterations is the number of iterations to do (b.N).
Iterations uint64 `json:"iterations"`
// RandomSeed is the random seed to use to pick sequences.
RandomSeed int64 `json:"randomSeed"`
// ActiveSequences[i] is true if Bench.Profile.Sequences[i] should be
// run.
ActiveSequences []bool `json:"activeSequences"`
// InstallFilter is true if the seccomp-bpf filter should be actually
// installed. Setting this to false allows measuring the filter-less
// performance, so that it can be subtracted from performance with the
// filter.
InstallFilter bool `json:"installFilter"`
}
BenchRunRequest encodes a request sent to the benchmark runner binary.
type BenchRunResponse ¶
type BenchRunResponse struct {
// TotalNanos is the number of nanoseconds that the whole run took.
TotalNanos uint64 `json:"totalNanos"`
// SequenceMetrics is the per-sequence metrics, mapped by index against
// the sequences in the Profile.
SequenceMetrics []SequenceMetrics `json:"sequenceMetrics"`
}
BenchRunResponse encodes a response from the runner binary.
type Profile ¶
type Profile struct {
// Arch is the architecture of the application.
// Should be an AUDIT_ARCH_* value.
Arch uint32 `json:"arch"`
// Sequences is a set of weighted syscall sequences.
// A benchmark with a given Profile will run these sequences
// picked by weighted random choice.
Sequences []Sequence `json:"sequences"`
}
Profile represents an application's syscall profile.
type Sequence ¶
type Sequence struct {
// Name is the name of the sequence.
Name string `json:"name"`
// Weight is the weight of the sequence relative to all others within the
// same Profile.
Weight int `json:"weight"`
// Syscalls is the set of syscalls of the sequence.
Syscalls []Syscall `json:"syscalls"`
}
Sequence is a syscall sequence that the benchmark will make.
type SequenceMetrics ¶
type SequenceMetrics struct {
Iterations uint64 `json:"iterations"`
TotalNanos uint64 `json:"totalNanos"`
}
SequenceMetrics is the per-sequence part of BenchRunResponse.
type SpecialSyscall ¶
type SpecialSyscall string
SpecialSyscall are syscalls which need special handling. This can be syscalls where the arguments must be valid references to user memory.
func (SpecialSyscall) Call ¶
func (s SpecialSyscall) Call() (r1 uintptr, r2 uintptr, err error)
Call calls this syscall.
func (SpecialSyscall) Data ¶
func (s SpecialSyscall) Data(arch uint32) *linux.SeccompData
Data returns the seccomp data for this syscall.
func (SpecialSyscall) Seq ¶
func (s SpecialSyscall) Seq() []Syscall
Seq returns a one-item slice of the Syscall struct for this special syscall.
func (SpecialSyscall) Sys ¶
func (s SpecialSyscall) Sys() Syscall
Sys returns the Syscall struct for this special syscall.
type Syscall ¶
type Syscall struct {
// Special may be set for syscalls with special handling.
// If set, this takes precedence over the other fields.
Special SpecialSyscall `json:"special,omitempty"`
// Sysno is the syscall number.
Sysno uintptr `json:"sysno"`
// Args is the syscall arguments.
Args [6]uintptr `json:"args"`
}
Syscall is a single syscall within a Sequence.
Source Files
Click to show internal directories.
Click to hide internal directories.