High CPU Usage of core.NewCoffer

Question

High CPU Usage of core.NewCoffer

pzeinlinger opened this issue 5 years ago · 5 comments

Describe the bug
I noticed high cpu usage (0.1 became >2%) of my service after adding memguard.
Although no active memguard.Buffer is in use, the cpu usage is noticably higher.
I guess it has something to do with core.Coffer's Rekey routine.

To Reproduce
You can clone my test repo from gitlab.com/pzeinlinger/memguardcputest
It starts a webserver and only opens the enclave when a request is made.

Screenshots

System (please complete the following information):

OS and Kernel Versions: 4.19.59-1-MANJARO
Memguard Version: 0.17.3

Answer 1 · 2019-07-21T16:58:23.000Z

Thanks for the report.

Those CPU numbers seem reasonable to me but I have pushed a branch with a function allowing the caller to update the interval. The default is 8 milliseconds. I would suggest that you keep your choice below 1000ms.

Could you test with a different interval to see if the change resolves the issue for you?

Answer 2 · 2019-07-21T17:06:46.000Z

Thank you! Much better. Would you consider a higher interval a security risk?

Answer 3 · 2019-07-21T17:14:58.000Z

The choice of the interval value is the classic security/performance trade-off. A lower interval is better but any low value should be sufficient. The original source states a value of 1 second.

By "much better" I assume you mean you've tested the change? What kind of loads are you now getting for what choice of interval value?

Answer 4 · 2019-07-21T17:20:11.000Z

Using 1 second results in no apparent increase of cpu usage compared to a project without memgurad.

Answer 5 · 2019-07-21T17:29:58.000Z

Great. It might be worth looking into the lowest such value that results in no noticeable load.