Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 28 Feb 2018 09:25:50 +0100
From: Florian Weimer <fweimer@...hat.com>
To: Kees Cook <keescook@...omium.org>, Laura Abbott <labbott@...hat.com>
Cc: P J P <ppandit@...hat.com>,
 Kernel Hardening <kernel-hardening@...ts.openwall.com>,
 P J P <pjp@...oraproject.org>
Subject: Re: [PATCH 0/1] Zero initialise kernel stack variables

On 02/28/2018 12:38 AM, Kees Cook wrote:
> That's a surprisingly small text change! I'd love to see benchmarks
> too.

When we benchmarked this a while back, we saw a measurable performance 
hit for processing small packet processing (both UDP and TCP).  I 
assumed this was due to the initialization of the socket address 
structure.  Unfortunately, this was a place where past leaks happened.

My feeling at the time was that the return path for the socket address 
would have to be overhauled, such that returning a partially initialized 
result would be prevent by the API, without having to clear the entire 
return buffer.

Apart from that, we didn't see any changes in performance.

> Are you able to verify this is initializing the
> passed-by-reference variables too?

Shouldn't the initialization happen in the caller?

Thanks,
Florian

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.