| 1 |
On 8 Aug 2005 at 17:23, Pedro Venda wrote: |
| 2 |
> I've written a small document describing a simple benchmark of the PaX memory |
| 3 |
> protections overhead on different x86 CPUs. There is a theoretical section |
| 4 |
> where I try to explain what do PAGEEXEC and SEGMEXEC actually do, there is |
| 5 |
> the benchmark itself and some notes on the results. |
| 6 |
> |
| 7 |
> http://arrakis.dhis.org/linux/doc/pax-performance/ |
| 8 |
> |
| 9 |
> Hoping to get back some comments but mostly wrong or misleading data reports. |
| 10 |
|
| 11 |
first of all, a big thank you for doing this work, it was badly |
| 12 |
missing from the PaX docs. below i'll comment on a few things: |
| 13 |
|
| 14 |
1. PaX stands for the [Pa]ge E[X]ecute right or PAGE_EXEC, which is |
| 15 |
the symbolic name commonly used on operating systems that offer |
| 16 |
memory protection. of course this is historical now, PaX does more |
| 17 |
than merely create (non)executable memory pages, but that's how it |
| 18 |
started 5 years ago. |
| 19 |
|
| 20 |
2. you talk about preventing 'arbitrary privileges', but it's more |
| 21 |
about preventing exploitation of memory corruption bugs. the |
| 22 |
'arbitrary' part comes from the assumed ability attained by the |
| 23 |
attacker: arbitrary read/write access to the attacked process's |
| 24 |
memory. |
| 25 |
|
| 26 |
3. for the randomization features, PaX has also randomized the brk() |
| 27 |
based heap for like 2 years now, it's just that i didn't get around |
| 28 |
to document it yet. |
| 29 |
|
| 30 |
4. some newer IA-32 CPUs do have NX support, but i haven't prepared |
| 31 |
PaX to use it yet (on amd64 in 64 bit mode it works of course). |
| 32 |
|
| 33 |
5. it's not the writable but the present (readable) bit that makes |
| 34 |
a page executable on IA-32. |
| 35 |
|
| 36 |
6. in general, instead of trying to reword the PaX docs, it's better |
| 37 |
to include the original, you'll avoid the interpretation mistakes |
| 38 |
that i'm in no mood to list here (it's being 2 AM and a performance |
| 39 |
test probably just doesn't need all this extra info anyway...). |
| 40 |
|
| 41 |
7. the PAGEEXEC/i386 performance impact is lower than what it used |
| 42 |
to be because a year ago i implemented a speed-up trick on 2.6 |
| 43 |
(it's not documented yet). you can try to test 2.4 and you'll see |
| 44 |
what i mean, especially on the P4 where the old PAGEEXEC logic |
| 45 |
would cause a huge slowdown, maybe a 100x or on that order (so |
| 46 |
what you observed shows just how effective the speed-up is in |
| 47 |
real life). i don't know why the P4 is so impacted, it's probably |
| 48 |
in part because user/kernel transitions are very slow in general, |
| 49 |
but there must be something else as well (the PaX specific page |
| 50 |
table manipulation maybe). |
| 51 |
|
| 52 |
8. it's interesting that you also found the same small performance |
| 53 |
increase for SEGMEXEC/P3 that i'd observed in the past, it's really |
| 54 |
small but consistent: userland time goes down (unexpected), kernel |
| 55 |
goes up a bit (expected), on the order of a few seconds on a kernel |
| 56 |
compilation. i have no explanation for this, but it's quite |
| 57 |
reproducible (i used to think that randomization causes it but then |
| 58 |
it affects only virtual addresses, not the physical addresses which |
| 59 |
play a role in caching, and you didn't have randomization enabled |
| 60 |
at all, i think). |
| 61 |
|
| 62 |
9. SEGMEXEC/amd64 doesn't exist because the CPU itself doesn't make |
| 63 |
it possible (nor necessary, of course), at least in 64 bit mode. |
| 64 |
in 32 bit mode you can of course boot the normal i386 kernels and |
| 65 |
test both non-exec methods. |
| 66 |
|
| 67 |
so, that's all for now, let me know when you're finished with the |
| 68 |
page and i'll link it from the PaX doc page. |
| 69 |
|
| 70 |
-- |
| 71 |
gentoo-hardened@g.o mailing list |
Archives