[sudo-workers] Is there a way to avoid get_net_ifs() when the information won't be used?

Rick Jones rick.jones2 at hp.com
Thu Jan 23 09:41:50 MST 2014 

On 01/22/2014 07:49 PM, Todd C. Miller wrote:
> Can you try the following diff and see if that fixes the slowdown?

Sure.

While the patch did apply with fuzz to the 1.8.3pl1+ubuntu sources I'd 
been using via apt-get source, it didn't compile - didn't like "false" 
and then didn't like debug_return_bool(), so I went ahead and grabbed 
the latest tar.gz from http://www.sudo.ws/sudo/download.html

Here are a couple timings with that  version pre-patch just for the sake 
of pedantry and crossed i's and dotted t's :)

rjones2 at qu-stbaz1-perf0002:~$ time ./sudo-1.8.9p4 sleep 1

real	0m1.314s
user	0m0.036s
sys	0m0.276s
rjones2 at qu-stbaz1-perf0002:~$ time ./sudo-1.8.9p4 sleep 1

real	0m1.319s
user	0m0.032s
sys	0m0.284s
rjones2 at qu-stbaz1-perf0002:~$ time ./sudo-1.8.9p4 sleep 1

real	0m1.319s
user	0m0.040s
sys	0m0.280s

I then applied the patch:

raj at tardy:/tmp/sudo-1.8.9p4$ patch -p 1 < /tmp/sudo.patch
(Stripping trailing CRs from patch.)
patching file plugins/sudoers/match_addr.c

and it built fine.  I put the resulting sudoers.so into place (as a new 
sudo binary was not built I didn't bother bringing that over to my test 
system) and ran again and the run times are virtually unchanged:

rjones2 at qu-stbaz1-perf0002:~$ time ./sudo-1.8.9p4 sleep 1

real	0m1.324s
user	0m0.036s
sys	0m0.284s
rjones2 at qu-stbaz1-perf0002:~$ time ./sudo-1.8.9p4 sleep 1

real	0m1.320s
user	0m0.036s
sys	0m0.280s
rjones2 at qu-stbaz1-perf0002:~$ time ./sudo-1.8.9p4 sleep 1

real	0m1.330s
user	0m0.040s
sys	0m0.292s

 From what I can ascertain, the problem is in making the get_net_ifs() 
call in the main code, which then makes the get_ifaddrs() call.  When 
there are a large number of interfaces, that is going to consume lots 
and lots of time.  Here is a snippet of an strace of that from the 
original 1.8.3+ubuntu version:

sudo strace -f -v -tttT -o /tmp/sudo_time.strace sudo sleep 1
...
63520 1390345686.461245 sendto(3, 
"\24\0\0\0\22\0\1\3\326\375\336R\0\0\0\0\0\0\0\0", 20, 0, 
{sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 <0.205799>
63520 1390345686.667080 recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, 
pid=0, groups=00000000}, msg_iov(1)=[{"\374\3\0\0\20\0\2\0\326\375\336R 
\370\0\0\0\0\1\0\0'\0\0C\24\1\0\0\0\0\0"..., 4096}], msg_controllen=0, 
msg_flags=0}, 0) = 3108 <0.000163>
63520 1390345686.667285 recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, 
pid=0, groups=00000000}, msg_iov(1)=[{"\374\3\0\0\20\0\2\0\326\375\336R 
\370\0\0\0\0\1\0\0\"\0\0C\24\1\0\0\0\0\0"..., 4096}], msg_controllen=0, 
msg_flags=0}, 0) = 3108 <0.000151>
...
63520 1390345687.641022 recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, 
pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\327\375\336R 
\370\0\0\n@\200\375\374\t\0\0\24\0\1\0\376\200\0\0"..., 4096}], 
msg_controllen=0, msg_flags=0}, 0) = 3008 <0.000066>
63520 1390345687.641112 recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, 
pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\327\375\336R 
\370\0\0\0\0\0\0\374\t\0\0\24\0\1\0\376\200\0\0"..., 4096}], 
msg_controllen=0, msg_flags=0}, 0) = 20 <0.000006>

In the conditions under which that was gathered, there were 1600 of 
those recvmsg() calls to get the list of interfaces.

rick

More information about the sudo-workers mailing list