From mboxrd@z Thu Jan 1 00:00:00 1970 From: Kei Kebreau Subject: Re: tor with --expensive-hardening is using way too much memory Date: Wed, 19 Jul 2017 22:11:54 -0400 Message-ID: <8760enzwk5.fsf@openmailbox.org> References: <20170719230500.vrbv2qqksjd5g4gh@abyayala> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:53619) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dY0we-0004wt-Ai for guix-devel@gnu.org; Wed, 19 Jul 2017 22:12:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dY0wb-0007Mk-5e for guix-devel@gnu.org; Wed, 19 Jul 2017 22:12:04 -0400 Received: from lb1.openmailbox.org ([5.79.108.160]:54684 helo=mail.openmailbox.org) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dY0wa-0007Lq-Q3 for guix-devel@gnu.org; Wed, 19 Jul 2017 22:12:01 -0400 In-Reply-To: <20170719230500.vrbv2qqksjd5g4gh@abyayala> (ng0@infotropique.org's message of "Wed, 19 Jul 2017 23:05:00 +0000") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable ng0 writes: > I noticed this before the contribution entered master, so this message > is not really a news. > > To quote myself from earlier today: > > I think we should revert one piece of the tor hardened build..= 3 hours > uptime: 684.3 MiB + 753.0 KiB =3D 685.1 MiB tor > > Comparison: my Chromium with 55 tabs open uses 2.2GB. > > Private + Shared =3D RAM used Program > =E2=80=A6=20 > 12.4 MiB + 1.1 MiB =3D 13.4 MiB vim > 15.5 MiB + 959.0 KiB =3D 16.4 MiB Xorg > 17.3 MiB + 5.6 MiB =3D 22.9 MiB guix substitute > 22.8 MiB + 1.3 MiB =3D 24.1 MiB shepherd > 26.7 MiB + 551.5 KiB =3D 27.3 MiB emacs-25.2 > 131.1 MiB + 6.2 MiB =3D 137.3 MiB .guix-real > 732.7 MiB + 932.0 KiB =3D 733.6 MiB tor > =E2=80=A6 > uptime: 6:24h > > Now I wouldn't consider tor to be problematic when this would be the > default for tor. But it isn't, and --enable-expensive-hardening is an > experimental function which is not enabled by default from upstream (as > all our recently added config options for tor (not sure right now if all > are experimental, but they are not standard). > > Comparison, Debian running for a very long time (months) and using the > same config: > > 40.6 MiB + 486.0 KiB =3D 41.1 MiB tor > > > I'm convinced that removing --enable-expensive-hardening will improve > the situation, I have watched an VM with tor without this config switch. > Whoever needs or wants this switch can make use of the easy way to > create custom packages in Guix. > > If someone else can confirm my observations, I'll prepare an patch. The top(1) command tells me that tor is taking up just short of a gigabyte of RAM. I haven't tried disabling the --enable-expensive-hardening flag, yet. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEg7ZwOtzKO2lLzi2m5qXuPBlGeg0FAllwEWoACgkQ5qXuPBlG eg2luQ/9FyFblJSZVYcC0p4dXc9qEYsXoyD6zgb1vUisWHWSCdrGj8PMMa+EN//k FB8V8zult/E17sG2Kym1n8/mU0c/bZoNDNAxmK4rT1SN9ApwT7XrBhoxwgkDOyug au2SfAoBSLrZXcsS+Po6E3AHVXIkMd139dlaBX5uRCwI2nYyNL78BGigj4lwNUwy Cl4wBW+n6+DD8Z2s9pUs02l9maXzWPALkv2gUVFO0qxEL4NoRJhCIM6M7q1HVyYA p1vxzHVPn6m12A67018vybvHmJr4QvLG96umddQm7OTyoqOTx5tTo68dFoXmvXMN sZqBue/jN5ZGCTXa1kPFsecoFXh5NiPIyBbRMOPJKxAxOywHoMWqtXrTjXRY4/2D ruRPzVH+C3Gi8CQLAHwWNpQCz1iwwiW+zaIcJwEzzHbYYQWdnu/bR1KfA6VUMxz7 n/QYbyxzgRgHZettLLgxVl0YxooyfF8h4jNhXtCcg7YDvSKRvFxjnpVP0JysplQ3 MwSHR2IZAtQWT4+oBOVJvmQqoUT9QlTifKyWfdm0uXAJo4YWIUPfnCWJ4IO+dVHM +M9OEz7u1NXOZJehswCh/ZAuCEpQrL3rpBEKLNGLFAbsomXNePTmrHwa/kSp/nCj //a5Bo8Vml4WIQNy0Q95iOW6dkJh+kXSp1LKvsh+MtL0qzSwTbw= =GM3m -----END PGP SIGNATURE----- --=-=-=--