| 1 |
On 03/01/2011 03:08 PM, pageexec@××××××××.hu wrote: |
| 2 |
> On 1 Mar 2011 at 16:52, Marcel Meyer wrote: |
| 3 |
> |
| 4 |
>> On Sunday 27 February 2011 17:20:25 Pavel Labushev wrote: |
| 5 |
>>> 27.02.2011 22:32, "Tóth Attila" : |
| 6 |
>>> http://grsecurity.net/pipermail/grsecurity/2010-April/001024.html - from |
| 7 |
>> here: |
| 8 |
>> |
| 9 |
>> So if I understand pageexec's mail correctly, using a 32-bit hardened domU- |
| 10 |
>> kernel is more performant than the 64-variant when using UDEREF? |
| 11 |
> |
| 12 |
> i believe xen doesn't/cannot support UDEREF in paravirt mode, |
| 13 |
|
| 14 |
Confirmed. |
| 15 |
|
| 16 |
> in HVM mode |
| 17 |
> i386 should be fine, amd64 should be dead slow. |
| 18 |
|
| 19 |
In my experience, both are fine. I run hardened x86, hardened amd64 and |
| 20 |
hardened amd64 nomultilib as domU. The host is OpenSuse 11.3. I have |
| 21 |
both KERNEXEC and UDEREF on, no noticeable problems. |
| 22 |
|
| 23 |
KVM is a different story, and I do see slowdown for amd64. |
| 24 |
|
| 25 |
-- |
| 26 |
Anthony G. Basile, Ph.D. |
| 27 |
Gentoo Developer |
Archives