[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAGXu5jK1taW5JccCTdi6EzfD7RNnFrRyoJQMtLLi5CwT-8eJkQ@mail.gmail.com>
Date: Wed, 14 Feb 2018 14:27:47 -0800
From: Kees Cook <keescook@...omium.org>
To: Tycho Andersen <tycho@...ho.ws>
Cc: Laura Abbott <labbott@...hat.com>, Jann Horn <jannh@...gle.com>,
Igor Stoppa <igor.stoppa@...wei.com>,
Boris Lukashev <blukashev@...pervictus.com>,
Christopher Lameter <cl@...ux.com>,
Matthew Wilcox <willy@...radead.org>,
Jerome Glisse <jglisse@...hat.com>,
Michal Hocko <mhocko@...nel.org>,
Christoph Hellwig <hch@...radead.org>,
linux-security-module <linux-security-module@...r.kernel.org>,
Linux-MM <linux-mm@...ck.org>,
kernel list <linux-kernel@...r.kernel.org>,
Kernel Hardening <kernel-hardening@...ts.openwall.com>,
linux-arm-kernel <linux-arm-kernel@...ts.infradead.org>
Subject: Re: arm64 physmap (was Re: [kernel-hardening] [PATCH 4/6] Protectable Memory)
On Wed, Feb 14, 2018 at 2:13 PM, Tycho Andersen <tycho@...ho.ws> wrote:
> On Wed, Feb 14, 2018 at 11:48:38AM -0800, Kees Cook wrote:
>> On Wed, Feb 14, 2018 at 11:06 AM, Laura Abbott <labbott@...hat.com> wrote:
>> > fixed. Modules yes are not fully protected. The conclusion from past
>> > experience has been that we cannot safely break down larger page sizes
>> > at runtime like x86 does. We could theoretically
>> > add support for fixing up the alias if PAGE_POISONING is enabled but
>> > I don't know who would actually use that in production. Performance
>> > is very poor at that point.
>>
>> XPFO forces 4K pages on the physmap[1] for similar reasons. I have no
>> doubt about performance changes, but I'd be curious to see real
>> numbers. Did anyone do benchmarks on just the huge/4K change? (Without
>> also the XPFO overhead?)
>>
>> If this, XPFO, and PAGE_POISONING all need it, I think we have to
>> start a closer investigation. :)
>
> I haven't but it shouldn't be too hard. What benchmarks are you
> thinking?
Unless I'm looking at some specific micro benchmark, I tend to default
to looking at kernel build benchmarks but that gets pretty noisy.
Laura regularly uses hackbench, IIRC. I'm not finding the pastebin I
had for that, though.
I wonder if we need a benchmark subdirectory in tools/testing/, so we
could collect some of these common tools? All benchmarks are terrible,
but at least we'd have the same terrible benchmarks. :)
-Kees
--
Kees Cook
Pixel Security
Powered by blists - more mailing lists