| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+32F8qDvy+vCNtc+Yd0TYWraCUXWRYbRj6PPsdYQnyT9X3CRA@mail.gmail.com> Date: Tue, 22 Jul 2014 11:02:03 +0200 From: Azqa Nadeem <11bscsanadeem@...cs.edu.pk> To: linux-kernel <linux-kernel@...r.kernel.org> Subject: Re: Performance Impact of skb_segment Security Fix Hi, I am a researcher at EPFL, Switzerland. I study software vulnerabilities with the aim of building better tools to protect developers against security bugs. Recently the skb_sgement() was patched (http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1fd819ecb90cc9b822cd84d3056ddba315d3340f) fixing the CVE-2014-0131 vulnerability (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0131) in the Linux Kernel. I am interested in the performance implications of this patch; could you help me answering the following questions: Do you think the bug fix for skb_segment() function can have any performance implications? If so, how much will the added checks add to the run time of the function? Is skb_segment() function part of the core functionality of the software? What fraction of time is expected to be spent in this function? Your answers will help us to better characterize the trade offs between performance and security in popular software. -- Regards, Azqa Nadeem Internee - Dependable Systems Lab EPFL, Switzerland -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists