Gentoo Archives: gentoo-hardened

From: Alex Efros <powerman@××××××××.name>
To: gentoo-hardened@l.g.o
Subject: [gentoo-hardened] KERNEXEC/bts: 35% slowdown
Date: Mon, 27 Mar 2017 18:27:00
Message-Id: 20170327182637.GA2086@home.power
1 Hi!
2
3 I'm using 4.8.17-hardened-r2, Core i7-2600K @ 4.5GHz, nvidia&virtualbox.
4
5 Because of nvidia-drivers I had to switch off CONFIG_PAX_RAP.
6 Because of virtualbox-modules I had to switch off CONFIG_PAX_RANDKSTACK
7 and CONFIG_PAX_MEMORY_UDEREF.
8 Because of both I can't use KERNEXEC method "or".
9 All other options which increase security without noticeable performance
10 penalty (like memory sanitize) are switched on.
11
12 The question is, while I was expecting SOME slowdown because of enabled
13 KERNEXEC with method "bts", I was surprised to see 35% slowdown - it this
14 expected to be that high, or it is a problem with my configuration?
15
16 The actual numbers for running
17 make distclean && cp ../config.backup .config && time make -j8
18 second time after boot into single-user mode:
19
20 - with KERNEXEC/bts:
21 real 5m46.685s
22 user 36m4.736s
23 sys 3m26.478s
24 - without KERNEXEC:
25 real 4m17.914s
26 user 27m52.945s
27 sys 2m35.560s
28
29 --
30 WBR, Alex.

Attachments

File name MIME type
.config text/plain