Date: Wed, 28 Feb 2018 09:25:50 +0100 From: Florian Weimer <fweimer@...hat.com> To: Kees Cook <keescook@...omium.org>, Laura Abbott <labbott@...hat.com> Cc: P J P <ppandit@...hat.com>, Kernel Hardening <kernel-hardening@...ts.openwall.com>, P J P <pjp@...oraproject.org> Subject: Re: [PATCH 0/1] Zero initialise kernel stack variables On 02/28/2018 12:38 AM, Kees Cook wrote: > That's a surprisingly small text change! I'd love to see benchmarks > too. When we benchmarked this a while back, we saw a measurable performance hit for processing small packet processing (both UDP and TCP). I assumed this was due to the initialization of the socket address structure. Unfortunately, this was a place where past leaks happened. My feeling at the time was that the return path for the socket address would have to be overhauled, such that returning a partially initialized result would be prevent by the API, without having to clear the entire return buffer. Apart from that, we didn't see any changes in performance. > Are you able to verify this is initializing the > passed-by-reference variables too? Shouldn't the initialization happen in the caller? Thanks, Florian
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.