Date: Sun, 11 Feb 2018 13:35:58 -0800 From: Kees Cook <keescook@...omium.org> To: Alexander Popov <alex.popov@...ux.com> Cc: kernel-hardening@...ts.openwall.com, PaX Team <pageexec@...email.hu>, Brad Spengler <spender@...ecurity.net>, Ingo Molnar <mingo@...nel.org>, Andy Lutomirski <luto@...nel.org>, Tycho Andersen <tycho@...ho.ws>, Laura Abbott <labbott@...hat.com>, Mark Rutland <mark.rutland@....com>, Ard Biesheuvel <ard.biesheuvel@...aro.org>, Borislav Petkov <bp@...en8.de>, Thomas Gleixner <tglx@...utronix.de>, "H . Peter Anvin" <hpa@...or.com>, Peter Zijlstra <a.p.zijlstra@...llo.nl>, "Dmitry V . Levin" <ldv@...linux.org>, X86 ML <x86@...nel.org> Subject: Re: [PATCH RFC v7 0/6] Introduce the STACKLEAK feature and a test for it On Thu, Jan 25, 2018 at 7:13 AM, Alexander Popov <alex.popov@...ux.com> wrote: > On 20.01.2018 13:13, Alexander Popov wrote: >> On 19.01.2018 00:13, Kees Cook wrote: >>> On Thu, Jan 18, 2018 at 5:09 AM, Alexander Popov <alex.popov@...ux.com> wrote: >>>> So I don't think that (1) without (2) is actually a good feature. I would >>>> propose to refrain from separating the stack erasing and the lowest_stack tracking. >>> >>> How about an option to clear the _entire_ stack, then, when the plugin >>> isn't available? That gives us a range of options and provides an easy >>> way to compare the performance of the tracking. i.e. can compare off, >>> full, and smart. >> >> Yes, I should try it. I'll return with the results of the performance tests. >> We'll discuss them; if full stack erasing is not too slow, I'll introduce it in >> the 8'th version of the patch series. > > I've made a brief performance test on x86_64 (similar to the test described in > the cover letter). I guess there might be workloads with higher performance penalty. > > Hardware: Intel Core i7-4770, 16 GB RAM > Test: hackbench -s 4096 -l 2000 -g 15 -f 25 -P > > Average time on v4.14.15: 9.194s > Average time on v4.14.15-stackleak-with-plugin: 9.490 (+3.22%) > Average time on v4.14.15-stackleak-full-erasing: 12.149 (+32.14%) Yeeeowch. Okay, I'm convinced. :) > Honestly, I think, it is not worth having this full stack erasing as a separate > feature. Moreover, it brings some #ifdef conditionals to the erase_kstack() > code, which don't look nice. > > May I ask for your opinion? > > Best regards, > Alexander -Kees -- Kees Cook Pixel Security
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.