Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 14 Feb 2018 14:27:47 -0800
From: Kees Cook <>
To: Tycho Andersen <>
Cc: Laura Abbott <>, Jann Horn <>, 
	Igor Stoppa <>, Boris Lukashev <>, 
	Christopher Lameter <>, Matthew Wilcox <>, Jerome Glisse <>, 
	Michal Hocko <>, Christoph Hellwig <>, 
	linux-security-module <>, Linux-MM <>, 
	kernel list <>, 
	Kernel Hardening <>, 
	linux-arm-kernel <>
Subject: Re: arm64 physmap (was Re: [PATCH 4/6] Protectable Memory)

On Wed, Feb 14, 2018 at 2:13 PM, Tycho Andersen <> wrote:
> On Wed, Feb 14, 2018 at 11:48:38AM -0800, Kees Cook wrote:
>> On Wed, Feb 14, 2018 at 11:06 AM, Laura Abbott <> wrote:
>> > fixed. Modules yes are not fully protected. The conclusion from past
>> > experience has been that we cannot safely break down larger page sizes
>> > at runtime like x86 does. We could theoretically
>> > add support for fixing up the alias if PAGE_POISONING is enabled but
>> > I don't know who would actually use that in production. Performance
>> > is very poor at that point.
>> XPFO forces 4K pages on the physmap[1] for similar reasons. I have no
>> doubt about performance changes, but I'd be curious to see real
>> numbers. Did anyone do benchmarks on just the huge/4K change? (Without
>> also the XPFO overhead?)
>> If this, XPFO, and PAGE_POISONING all need it, I think we have to
>> start a closer investigation. :)
> I haven't but it shouldn't be too hard. What benchmarks are you
> thinking?

Unless I'm looking at some specific micro benchmark, I tend to default
to looking at kernel build benchmarks but that gets pretty noisy.
Laura regularly uses hackbench, IIRC. I'm not finding the pastebin I
had for that, though.

I wonder if we need a benchmark subdirectory in tools/testing/, so we
could collect some of these common tools? All benchmarks are terrible,
but at least we'd have the same terrible benchmarks. :)


Kees Cook
Pixel Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.