[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAGXu5jKRC0G9GCQoYfPF9htns=_KU53UTPTSt54BRYmgbGOp5w@mail.gmail.com>
Date: Wed, 19 Jul 2017 12:21:05 -0700
From: Kees Cook <keescook@...omium.org>
To: Christopher Lameter <cl@...ux.com>
Cc: Thomas Garnier <thgarnie@...gle.com>, Herbert Xu <herbert@...dor.apana.org.au>,
"David S . Miller" <davem@...emloft.net>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>,
"H . Peter Anvin" <hpa@...or.com>, Peter Zijlstra <peterz@...radead.org>,
Josh Poimboeuf <jpoimboe@...hat.com>, Arnd Bergmann <arnd@...db.de>,
Matthias Kaehlcke <mka@...omium.org>, Boris Ostrovsky <boris.ostrovsky@...cle.com>,
Juergen Gross <jgross@...e.com>, Paolo Bonzini <pbonzini@...hat.com>,
Radim Krčmář <rkrcmar@...hat.com>,
Joerg Roedel <joro@...tes.org>, Andy Lutomirski <luto@...nel.org>, Borislav Petkov <bp@...en8.de>,
"Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>, Brian Gerst <brgerst@...il.com>,
Borislav Petkov <bp@...e.de>, Christian Borntraeger <borntraeger@...ibm.com>,
"Rafael J . Wysocki" <rjw@...ysocki.net>, Len Brown <len.brown@...el.com>, Pavel Machek <pavel@....cz>,
Tejun Heo <tj@...nel.org>, Paul Gortmaker <paul.gortmaker@...driver.com>,
Chris Metcalf <cmetcalf@...lanox.com>, "Paul E . McKenney" <paulmck@...ux.vnet.ibm.com>,
Andrew Morton <akpm@...ux-foundation.org>, Christopher Li <sparse@...isli.org>,
Dou Liyang <douly.fnst@...fujitsu.com>, Masahiro Yamada <yamada.masahiro@...ionext.com>,
Daniel Borkmann <daniel@...earbox.net>, Markus Trippelsdorf <markus@...ppelsdorf.de>,
Peter Foley <pefoley2@...oley.com>, Steven Rostedt <rostedt@...dmis.org>,
Tim Chen <tim.c.chen@...ux.intel.com>, Ard Biesheuvel <ard.biesheuvel@...aro.org>,
Catalin Marinas <catalin.marinas@....com>, Matthew Wilcox <mawilcox@...rosoft.com>,
Michal Hocko <mhocko@...e.com>, Rob Landley <rob@...dley.net>, Jiri Kosina <jkosina@...e.cz>,
"H . J . Lu" <hjl.tools@...il.com>, Paul Bolle <pebolle@...cali.nl>, Baoquan He <bhe@...hat.com>,
Daniel Micay <danielmicay@...il.com>, "x86@...nel.org" <x86@...nel.org>,
linux-crypto <linux-crypto@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>,
xen-devel@...ts.xenproject.org, KVM <kvm@...r.kernel.org>,
Linux PM list <linux-pm@...r.kernel.org>, linux-arch <linux-arch@...r.kernel.org>,
linux-sparse@...r.kernel.org,
"kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>
Subject: Re: Re: x86: PIE support and option to extend
KASLR randomization
On Wed, Jul 19, 2017 at 7:08 AM, Christopher Lameter <cl@...ux.com> wrote:
> On Tue, 18 Jul 2017, Thomas Garnier wrote:
>
>> Performance/Size impact:
>> Hackbench (50% and 1600% loads):
>> - PIE enabled: 7% to 8% on half load, 10% on heavy load.
>> slab_test (average of 10 runs):
>> - PIE enabled: 3% to 4%
>> Kernbench (average of 10 Half and Optimal runs):
>> - PIE enabled: 5% to 6%
>>
>> Size of vmlinux (Ubuntu configuration):
>> File size:
>> - PIE disabled: 472928672 bytes (-0.000169% from baseline)
>> - PIE enabled: 216878461 bytes (-54.14% from baseline)
>
> Maybe we need something like CONFIG_PARANOIA so that we can determine at
> build time how much performance we want to sacrifice for performance?
>
> Its going to be difficult to understand what all these hardening config
> options do.
This kind of thing got discussed recently, and like
CONFIG_EXPERIMENTAL, a global config doesn't really work. The best
thing to do is to document each config as well as possible and system
builders can decide.
-Kees
--
Kees Cook
Pixel Security
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
