[systemd-devel] SELinux support takes up ~15MB of memory?
Ran Benita
ran234 at gmail.com
Sat Dec 4 12:57:49 PST 2010
I tested systemd today on Fedora rawhide (I usually use Arch), and
looking at top I noticed systemd taking up the first place prominently
with some 20MB RSS. This is because of the selinux support; with
--disable-selinux, it uses way less. Since systemd is going to be on a
lot of machines hopefully, it seems worthy to investigate. Do note
however that I don't use selinux and therefore know anything about it.
pmap -x 1 shows the memory is taken up by the heap, so I took the
opportunity to get familiar with tcmalloc, which also contains a heap
profiler. Since I'm not sure I had done everything correctly, I'll
briefly describe the steps to set it up.
To link /bin/systemd and friends against tcmalloc, I simply added the
following line somewhere in configure.ac:
AC_CHECK_LIB([tcmalloc], [malloc])
and it complied and ran just fine.
To activate the heap profiler, I created a shell script with the
following line and used it as init= in grub:
exec env HEAPPROFILE=/systemd HEAP_PROFILE_ALLOCATION_INTERVAL=1048576
/bin/systemd
After booting, there are some couple dozen profile files in the root
directory. The results are from the last relevant one (e.g.
systemd_1.0039.heap or similiar).
Here are some raw results (the first line might wrap -- sorry):
[root at rawhide]# pprof --text --inuse_space /bin/systemd
systemd_1.0039.heap | head -n30
Using local file /bin/systemd.
Using local file systemd_1.0039.heap.
Total: 16.1 MB
9.6 59.6% 59.6% 10.2 62.9% build_trtable
1.5 9.5% 69.1% 3.6 22.6% re_compile_internal
1.2 7.5% 76.6% 1.2 7.5% re_dfa_add_node
1.1 6.6% 83.2% 1.2 7.7% re_acquire_state_context
0.9 5.3% 88.5% 0.9 5.3% hashmap_new
0.5 3.0% 91.5% 0.7 4.4% init
0.3 2.0% 93.5% 4.0 24.6% regcomp
0.2 1.5% 94.9% 0.2 1.5% _IO_vfscanf
0.2 1.2% 96.2% 0.4 2.3% unit_new
0.2 1.2% 97.4% 0.2 1.2% register_state
0.1 0.7% 98.0% 1.4 8.5% calc_eclosure_iter
0.1 0.7% 98.7% 0.1 0.7% hashmap_put
0.1 0.3% 99.0% 0.1 0.3% re_node_set_merge
0.0 0.2% 99.2% 0.0 0.2% __alloc_dir
0.0 0.1% 99.3% 0.0 0.1% link_nfa_nodes
0.0 0.1% 99.5% 0.0 0.1% strdup
0.0 0.1% 99.6% 0.0 0.1% realpath@@GLIBC_2.3
0.0 0.1% 99.6% 0.0 0.1% vasprintf
0.0 0.1% 99.7% 0.0 0.1% unit_add_one_default_cgroup
0.0 0.1% 99.7% 0.0 0.1% config_parse_exec
0.0 0.0% 99.8% 0.0 0.0% 0x00007fd33920f4a1
0.0 0.0% 99.8% 0.0 0.0% dbus_message_contains_unix_fds
0.0 0.0% 99.8% 0.0 0.0% allocate
0.0 0.0% 99.8% 0.0 0.0% 0x00007fd33920f31a
0.0 0.0% 99.9% 0.0 0.0% parse_expression
0.0 0.0% 99.9% 0.0 0.0% cunescape_length
0.0 0.0% 99.9% 0.0 0.0% specifier_printf
0.0 0.0% 99.9% 0.0 0.0% discover_class
0.0 0.0% 99.9% 0.0 0.0% __tzfile_read
I also attached a couple of call graphs created with pprof --ps, one
with selinux enabled and one with selinux disabled. It shows it all quite
nicely.
The culprit seems to be selabel_lookup_raw which gets called by
several functions in label.c (mostly label_mkdir and label_fix).
These, in turn, seem to compile a great amount of regexes and store
them in an array in an selabel_handle struct. systemd keeps around
one called label_hnd (in label.c) in a static global variable for the
duration of the program.
This is what I observed from reading label.c in systemd, label_file.c
in libselinux, and some gdb. But I may have got it completely wrong;
It seems to keep the entire policy in memory, or something of the
sort, but I really don't know how it's _supposed_ to work.
Thanks,
Ran
-------------- next part --------------
A non-text attachment was scrubbed...
Name: systemd-hprof-no-selinux.ps
Type: application/postscript
Size: 94339 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20101204/90f4fb72/attachment-0002.ps>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: systemd-hprof-selinux.ps
Type: application/postscript
Size: 79999 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20101204/90f4fb72/attachment-0003.ps>
More information about the systemd-devel
mailing list