| 1 |
On Mon, Nov 19, 2012 at 2:25 AM, Matthew Thode |
| 2 |
<prometheanfire@g.o> wrote: |
| 3 |
> Originally virtualization was slow on grsec/pax with either uderef or |
| 4 |
> kernexec enabled. |
| 5 |
|
| 6 |
My impression was that UDEREF/KERNEXEC were slow in guest. Is it |
| 7 |
wrong, or did these settings affect host as well? |
| 8 |
|
| 9 |
> Pipacs overcame this limitation in 3.5.4-r1 and |
| 10 |
> overcame a memory commit issue kvm was having in 3.5.4-r2. He overcame |
| 11 |
> it using nested page tables on newer CPUs, which means older CPUs will |
| 12 |
> likely still be slow. |
| 13 |
|
| 14 |
So one needs at least 3.5.4-r2 in both hardened guest and host, and |
| 15 |
nested page tables support in CPU? |
| 16 |
|
| 17 |
-- |
| 18 |
Maxim Kammerer |
| 19 |
Liberté Linux: http://dee.su/liberte |
Archives