Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 19 Jul 2017 09:08:55 -0500 (CDT)
From: Christopher Lameter <cl@...ux.com>
To: Thomas Garnier <thgarnie@...gle.com>
cc: Herbert Xu <herbert@...dor.apana.org.au>, 
    "David S . Miller" <davem@...emloft.net>, 
    Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, 
    "H . Peter Anvin" <hpa@...or.com>, Peter Zijlstra <peterz@...radead.org>, 
    Josh Poimboeuf <jpoimboe@...hat.com>, Arnd Bergmann <arnd@...db.de>, 
    Matthias Kaehlcke <mka@...omium.org>, 
    Boris Ostrovsky <boris.ostrovsky@...cle.com>, 
    Juergen Gross <jgross@...e.com>, Paolo Bonzini <pbonzini@...hat.com>, 
    Radim Krčmář <rkrcmar@...hat.com>, 
    Joerg Roedel <joro@...tes.org>, Andy Lutomirski <luto@...nel.org>, 
    Borislav Petkov <bp@...en8.de>, 
    "Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>, 
    Brian Gerst <brgerst@...il.com>, Borislav Petkov <bp@...e.de>, 
    Christian Borntraeger <borntraeger@...ibm.com>, 
    "Rafael J . Wysocki" <rjw@...ysocki.net>, Len Brown <len.brown@...el.com>, 
    Pavel Machek <pavel@....cz>, Tejun Heo <tj@...nel.org>, 
    Kees Cook <keescook@...omium.org>, 
    Paul Gortmaker <paul.gortmaker@...driver.com>, 
    Chris Metcalf <cmetcalf@...lanox.com>, 
    "Paul E . McKenney" <paulmck@...ux.vnet.ibm.com>, 
    Andrew Morton <akpm@...ux-foundation.org>, 
    Christopher Li <sparse@...isli.org>, 
    Dou Liyang <douly.fnst@...fujitsu.com>, 
    Masahiro Yamada <yamada.masahiro@...ionext.com>, 
    Daniel Borkmann <daniel@...earbox.net>, 
    Markus Trippelsdorf <markus@...ppelsdorf.de>, 
    Peter Foley <pefoley2@...oley.com>, Steven Rostedt <rostedt@...dmis.org>, 
    Tim Chen <tim.c.chen@...ux.intel.com>, 
    Ard Biesheuvel <ard.biesheuvel@...aro.org>, 
    Catalin Marinas <catalin.marinas@....com>, 
    Matthew Wilcox <mawilcox@...rosoft.com>, Michal Hocko <mhocko@...e.com>, 
    Rob Landley <rob@...dley.net>, Jiri Kosina <jkosina@...e.cz>, 
    "H . J . Lu" <hjl.tools@...il.com>, Paul Bolle <pebolle@...cali.nl>, 
    Baoquan He <bhe@...hat.com>, Daniel Micay <danielmicay@...il.com>, 
    x86@...nel.org, linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org, 
    xen-devel@...ts.xenproject.org, kvm@...r.kernel.org, 
    linux-pm@...r.kernel.org, linux-arch@...r.kernel.org, 
    linux-sparse@...r.kernel.org, kernel-hardening@...ts.openwall.com
Subject: Re: x86: PIE support and option to extend KASLR randomization

On Tue, 18 Jul 2017, Thomas Garnier wrote:

> Performance/Size impact:
> Hackbench (50% and 1600% loads):
>  - PIE enabled: 7% to 8% on half load, 10% on heavy load.
> slab_test (average of 10 runs):
>  - PIE enabled: 3% to 4%
> Kernbench (average of 10 Half and Optimal runs):
>  - PIE enabled: 5% to 6%
>
> Size of vmlinux (Ubuntu configuration):
>  File size:
>  - PIE disabled: 472928672 bytes (-0.000169% from baseline)
>  - PIE enabled: 216878461 bytes (-54.14% from baseline)

Maybe we need something like CONFIG_PARANOIA so that we can determine at
build time how much performance we want to sacrifice for performance?

Its going to be difficult to understand what all these hardening config
options do.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.