lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Thu,  4 Apr 2019 20:44:11 +0200
From:   Miroslav Benes <mbenes@...e.cz>
To:     yamada.masahiro@...ionext.com, michal.lkml@...kovi.net,
        jpoimboe@...hat.com, pmladek@...e.com, jikos@...nel.org
Cc:     joe.lawrence@...hat.com, ggherdovich@...e.cz,
        linux-kbuild@...r.kernel.org, live-patching@...r.kernel.org,
        linux-kernel@...r.kernel.org, Miroslav Benes <mbenes@...e.cz>
Subject: [PATCH v2] kbuild: use -flive-patching when CONFIG_LIVEPATCH is enabled

GCC 9 introduces a new option, -flive-patching. It disables certain
optimizations which could make a compilation unsafe for later live
patching of the running kernel.

The option is used only if CONFIG_LIVEPATCH is enabled and $(CC)
supports it.

Performance impact of the option was measured on three different
Intel machines - two bigger NUMA boxes and one smaller UMA box. Kernel
intensive (IO, scheduling, networking) benchmarks were selected, plus a
set of HPC workloads from NAS Parallel Benchmark. The tests were done on
upstream kernel 5.0-rc8 with openSUSE Leap 15.0 userspace.

The majority of the tests is unaffected. The only significant exception
is the scheduler section which suffers 1-3% degradation.

Evaluated-by: Giovanni Gherdovich <ggherdovich@...e.cz>
Signed-off-by: Miroslav Benes <mbenes@...e.cz>
---
The patch is based on master branch of the livepatching tree on
git.kernel.org.

Many thanks to Giovanni who ran the whole testing campaign and analyzed
the results. I archived the dashboard and detailed data. If anyone is
interested, we could probably set up a public website somewhere.

 Makefile | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Makefile b/Makefile
index f070e0d65186..464a693a22e9 100644
--- a/Makefile
+++ b/Makefile
@@ -789,6 +789,10 @@ KBUILD_CFLAGS_KERNEL += -ffunction-sections -fdata-sections
 LDFLAGS_vmlinux += --gc-sections
 endif
 
+ifdef CONFIG_LIVEPATCH
+KBUILD_CFLAGS += $(call cc-option, -flive-patching=inline-clone)
+endif
+
 # arch Makefile may override CC so keep this after arch Makefile is included
 NOSTDINC_FLAGS += -nostdinc -isystem $(shell $(CC) -print-file-name=include)
 
-- 
2.21.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ