nitro icon indicating copy to clipboard operation
nitro copied to clipboard
verified publisher icon KVM-VMI

Backend Caching

Open Soft opened this issue 8 years ago • 1 comments

Currently, Nitro backends simply clear all libvmi's caches to avoid possible inconsistencies. However, this has possible performance implications since we need to do more work at each incoming event. I created this issues to analyze the performance penalty that clearing all the caches has and to discuss various alternatives to the current approach. Could we be smarter about what caches to clear and when?

Soft avatar Sep 25 '17 13:09 Soft

We take the assumption that the memory has changed, and invalidate all caches as a consequence.

Looking back at this approach now, i believe we can safely remove self.libvmi.symcache_flush(), because the symbols we are relying on are not moving in the memory. (PsActiveProcessHead, init_task)

Also according to my tests, removing self.libvmi.rvacache_flush() does not break our consistent memory access. It's the opposite of symcache. (rva -> symbol)

Wenzel avatar Oct 05 '17 07:10 Wenzel