| 1 |
Are there any numbers (benchmarks) about the performance penalty of |
| 2 |
pageexec and/or segmexec on intel x86 machines? |
| 3 |
|
| 4 |
The idea that I have is that page-exec on x86 involves a page-fault |
| 5 |
for every (execute) access to a new page that will be treated by |
| 6 |
pax... and that is performance-wise .. bad.. |
| 7 |
|
| 8 |
And that segmexec is a diferent approach that involves, mirroring the |
| 9 |
process address space on two segments with diferent "write" |
| 10 |
permissions, and compairing those two, to check if there was any |
| 11 |
overwrite of the code segment. |
| 12 |
This would mean doubling the mem-usage, at least for the code-segment |
| 13 |
in segmexec mode. |
| 14 |
|
| 15 |
I have the idea that segmexec is advised for being faster (on x86), |
| 16 |
but I don't have any numbers, and I was trying to understand the |
| 17 |
performance-wise consequences of each implementation. |
| 18 |
|
| 19 |
And in arches that suport no-exec pages (has sparc or amd64), what are |
| 20 |
the performance penalties? Anyone can give me some pointers? |
| 21 |
|
| 22 |
stuff like: kernel compiles, mysql benches, or... any other benchmark |
| 23 |
is good for me.. just to "grasp" a idea.. |
| 24 |
|
| 25 |
|
| 26 |
Best regards, |
| 27 |
|
| 28 |
|
| 29 |
-- |
| 30 |
Miguel Sousa Filipe |
| 31 |
|
| 32 |
-- |
| 33 |
gentoo-hardened@g.o mailing list |
Archives