diff mbox series

[meta-arago,master] arm-benchmarks: Disable security hardening for accurate performance measurement

Message ID 20260317183932.327935-1-j-sahu@ti.com
State Accepted
Delegated to: Ryan Eatmon
Headers show
Series [meta-arago,master] arm-benchmarks: Disable security hardening for accurate performance measurement | expand

Commit Message

Telukula Jeevan Kumar Sahu March 17, 2026, 6:39 p.m. UTC 
In oe-core scarthgap, security_flags.inc[0] was NOT loaded by default
in defaultsetup.conf, allowing benchmarks to run with minimal overhead.

In oe-core master, security_flags.inc is NOW loaded by default[1], enabling
all security hardening flags during arm-benchmarks compilation, causing
significant performance degradation.

Add distro-level override to disable security flags for arm-benchmarks,
restoring benchmark accuracy for industry-standard fair comparison while
maintaining full security hardening for all production binaries

[0]: https://git.openembedded.org/openembedded-core/tree/meta/conf/distro/include/security_flags.inc
[1]: https://git.openembedded.org/openembedded-core/commit/meta/conf/distro/defaultsetup.conf?id=4c2d64c10a5b0437ab1ea04df22386f0f95124d1

Signed-off-by: Telukula Jeevan Kumar Sahu <j-sahu@ti.com>
---
 meta-arago-distro/conf/distro/arago.conf                 | 1 +
 meta-arago-distro/conf/distro/include/arago-security.inc | 3 +++
 2 files changed, 4 insertions(+)
 create mode 100644 meta-arago-distro/conf/distro/include/arago-security.inc

Comments

PRC Automation March 17, 2026, 6:43 p.m. UTC | #1 
meta-arago / na / 20260317183932.327935-1-j-sahu

PRC Results: FAIL

=========================================================
  check-yocto-patches: PASS
=========================================================
Patches
----------------------------------------
WARN - [meta-arago][master][PATCH] arm-benchmarks: Disable security hardening for accurate performance measurement
    WARN: Commit message does not include file/recipe name: arm-benchmarks: Disable security hardening for accurate performance measurement. (COMMIT-MESSAGE-2)
        patch
    
    For details on the above errors/warnings visit: https://lists.yoctoproject.org/g/meta-ti/wiki/40887



=========================================================
  apply-yocto-patch: PASS
=========================================================
master
=====================
Summary:
- Patch Series: [meta-arago][master][PATCH] arm-benchmarks: Disable security hardening for accurate performance measurement
- Submitter: From: Telukula Jeevan Kumar Sahu <j-sahu@ti.com>
- Date: Date: Wed, 18 Mar 2026 00:09:32 +0530
- Num Patches: 1
- Mailing List (public inbox) Commit SHA: b5e12dfe7c646868a3de71645865cacaca13077c

Applied to:
- Repository: lcpd-prc-meta-arago
- Base Branch: master-wip
- Commit Author: Aksh Garg <a-garg7@ti.com>
- Commit Subject: kernel-selftest: Add the pci_endpoint selftest application
- Commit SHA: 4f82ec14f99f171de7298eecf527235e5f29e57d

Patches
----------------------------------------
All patches applied



=========================================================
  check-yocto-repo: PASS
=========================================================
master
=====================
PASS



=========================================================
  yocto-check-layers: FAIL
=========================================================
master - FAIL
=====================
ERROR: Nothing PROVIDES 'gstreamer1.0-vaapi' (but <build-dir>/sources/meta-openembedded/meta-networking/recipes-support/spice/spice-gtk_0.42.bb DEPENDS on or otherwise requires it). Close matches:
ERROR: Required build target 'meta-world-pkgdata' has no buildable providers.
Andrew Davis March 17, 2026, 7:39 p.m. UTC | #2 
On 3/17/26 1:39 PM, Jeevan via lists.yoctoproject.org wrote:
> In oe-core scarthgap, security_flags.inc[0] was NOT loaded by default
> in defaultsetup.conf, allowing benchmarks to run with minimal overhead.
> 
> In oe-core master, security_flags.inc is NOW loaded by default[1], enabling
> all security hardening flags during arm-benchmarks compilation, causing
> significant performance degradation.
> 
> Add distro-level override to disable security flags for arm-benchmarks,
> restoring benchmark accuracy for industry-standard fair comparison while
> maintaining full security hardening for all production binaries

The versions of these benchmarks in `arm-benchmarks` are still forks. If
you want a "fair" industry-standard comparison, we should drop `arm-benchmarks`
and use the versions others are using already provided by meta-oe.

Andrew

> 
> [0]: https://git.openembedded.org/openembedded-core/tree/meta/conf/distro/include/security_flags.inc
> [1]: https://git.openembedded.org/openembedded-core/commit/meta/conf/distro/defaultsetup.conf?id=4c2d64c10a5b0437ab1ea04df22386f0f95124d1
> 
> Signed-off-by: Telukula Jeevan Kumar Sahu <j-sahu@ti.com>
> ---
>   meta-arago-distro/conf/distro/arago.conf                 | 1 +
>   meta-arago-distro/conf/distro/include/arago-security.inc | 3 +++
>   2 files changed, 4 insertions(+)
>   create mode 100644 meta-arago-distro/conf/distro/include/arago-security.inc
> 
> diff --git a/meta-arago-distro/conf/distro/arago.conf b/meta-arago-distro/conf/distro/arago.conf
> index 43d4db53..6987d0dd 100644
> --- a/meta-arago-distro/conf/distro/arago.conf
> +++ b/meta-arago-distro/conf/distro/arago.conf
> @@ -137,6 +137,7 @@ ARAGO_IMAGE_SUFFIX:append = "${@oe.utils.conditional("ARAGO_RT_ENABLE", "1", "-r
>   
>   # Load default preferences
>   require conf/distro/include/arago-prefs.inc
> +require conf/distro/include/arago-security.inc
>   
>   # Allow branding on top of Arago Distro and Core TI-SDK
>   # If ARAGO_BRAND is not set in local.conf, default to core
> diff --git a/meta-arago-distro/conf/distro/include/arago-security.inc b/meta-arago-distro/conf/distro/include/arago-security.inc
> new file mode 100644
> index 00000000..65107430
> --- /dev/null
> +++ b/meta-arago-distro/conf/distro/include/arago-security.inc
> @@ -0,0 +1,3 @@
> +# Override security hardening for performance benchmarks
> +SECURITY_CFLAGS:pn-arm-benchmarks = ""
> +SECURITY_STACK_PROTECTOR:pn-arm-benchmarks = ""
diff mbox series

Patch

diff --git a/meta-arago-distro/conf/distro/arago.conf b/meta-arago-distro/conf/distro/arago.conf
index 43d4db53..6987d0dd 100644
--- a/meta-arago-distro/conf/distro/arago.conf
+++ b/meta-arago-distro/conf/distro/arago.conf
@@ -137,6 +137,7 @@  ARAGO_IMAGE_SUFFIX:append = "${@oe.utils.conditional("ARAGO_RT_ENABLE", "1", "-r
 
 # Load default preferences
 require conf/distro/include/arago-prefs.inc
+require conf/distro/include/arago-security.inc
 
 # Allow branding on top of Arago Distro and Core TI-SDK
 # If ARAGO_BRAND is not set in local.conf, default to core
diff --git a/meta-arago-distro/conf/distro/include/arago-security.inc b/meta-arago-distro/conf/distro/include/arago-security.inc
new file mode 100644
index 00000000..65107430
--- /dev/null
+++ b/meta-arago-distro/conf/distro/include/arago-security.inc
@@ -0,0 +1,3 @@ 
+# Override security hardening for performance benchmarks
+SECURITY_CFLAGS:pn-arm-benchmarks = ""
+SECURITY_STACK_PROTECTOR:pn-arm-benchmarks = ""