Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 11 Feb 2018 13:35:58 -0800
From: Kees Cook <>
To: Alexander Popov <>
Cc:, PaX Team <>, 
	Brad Spengler <>, Ingo Molnar <>, 
	Andy Lutomirski <>, Tycho Andersen <>, Laura Abbott <>, 
	Mark Rutland <>, Ard Biesheuvel <>, 
	Borislav Petkov <>, Thomas Gleixner <>, "H . Peter Anvin" <>, 
	Peter Zijlstra <>, "Dmitry V . Levin" <>, X86 ML <>
Subject: Re: [PATCH RFC v7 0/6] Introduce the STACKLEAK feature and a test for it

On Thu, Jan 25, 2018 at 7:13 AM, Alexander Popov <> wrote:
> On 20.01.2018 13:13, Alexander Popov wrote:
>> On 19.01.2018 00:13, Kees Cook wrote:
>>> On Thu, Jan 18, 2018 at 5:09 AM, Alexander Popov <> wrote:
>>>> So I don't think that (1) without (2) is actually a good feature. I would
>>>> propose to refrain from separating the stack erasing and the lowest_stack tracking.
>>> How about an option to clear the _entire_ stack, then, when the plugin
>>> isn't available? That gives us a range of options and provides an easy
>>> way to compare the performance of the tracking. i.e. can compare off,
>>> full, and smart.
>> Yes, I should try it. I'll return with the results of the performance tests.
>> We'll discuss them; if full stack erasing is not too slow, I'll introduce it in
>> the 8'th version of the patch series.
> I've made a brief performance test on x86_64 (similar to the test described in
> the cover letter). I guess there might be workloads with higher performance penalty.
> Hardware: Intel Core i7-4770, 16 GB RAM
> Test: hackbench -s 4096 -l 2000 -g 15 -f 25 -P
> Average time on v4.14.15: 9.194s
> Average time on v4.14.15-stackleak-with-plugin: 9.490 (+3.22%)
> Average time on v4.14.15-stackleak-full-erasing: 12.149 (+32.14%)

Yeeeowch. Okay, I'm convinced. :)

> Honestly, I think, it is not worth having this full stack erasing as a separate
> feature. Moreover, it brings some #ifdef conditionals to the erase_kstack()
> code, which don't look nice.
> May I ask for your opinion?
> Best regards,
> Alexander


Kees Cook
Pixel Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.