Announcement

Collapse
No announcement yet.

Benchmarking The Performance Overhead To Linux's Proposed FGKASLR Security Feature

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Benchmarking The Performance Overhead To Linux's Proposed FGKASLR Security Feature

    Phoronix: Benchmarking The Performance Overhead To Linux's Proposed FGKASLR Security Feature

    One of the security improvements being worked on in recent months by Intel's open-source team has been FGKASLR. But how is the performance overhead compared to just traditional KASLR? Here are benchmarks looking at the performance impact of FGKASLR on top, just KASLR, and then no address space layout randomization.

    http://www.phoronix.com/vr.php?view=29345

  • #2
    4% isn't that bad if the security resilience of the kernel is significantly improved.

    Comment


    • #3
      Michael, do you still have a Bulldozer/Piledriver Chip flying around to re-test with something like a FX-8350 vs the comparing Intel equivalent from these times (Ivy Bridge) and compare those? It would be... interesting to see, how bad Bulldozer really was compared to a fully mitigated Intel chip.

      (And before the gates of Moria open: I know its hardly relevant *today*, but it would be very interesting to see)

      Comment


      • #4
        Originally posted by Shevchen View Post
        Michael, do you still have a Bulldozer/Piledriver Chip flying around to re-test with something like a FX-8350 vs the comparing Intel equivalent from these times (Ivy Bridge) and compare those? It would be... interesting to see, how bad Bulldozer really was compared to a fully mitigated Intel chip.

        (And before the gates of Moria open: I know its hardly relevant *today*, but it would be very interesting to see)
        Probably just in boxes, I don't think anything in the racks anymore. If I see a Bulldozer system still in a rack, will run some tests as I think I have a 3770K still in the racks, but otherwise not worth the time/energy digging them out of boxes.
        Michael Larabel
        http://www.michaellarabel.com/

        Comment


        • #5
          Originally posted by Shevchen View Post
          Michael, do you still have a Bulldozer/Piledriver Chip flying around to re-test with something like a FX-8350 vs the comparing Intel equivalent from these times (Ivy Bridge) and compare those? It would be... interesting to see, how bad Bulldozer really was compared to a fully mitigated Intel chip.

          (And before the gates of Moria open: I know its hardly relevant *today*, but it would be very interesting to see)
          Hehe you want to see if it is still "that bad" with all the mitigation? That is really interesting question.

          Comment


          • #6
            Originally posted by CochainComplex View Post

            Hehe you want to see if it is still "that bad" with all the mitigation? That is really interesting question.
            We know the marketing from both sides. An more neutral way of revisiting the past could offer us some insight on "why was AMD too early", "was the core µArch really that good" or did Intel just play on time?

            Back in the days, Intel was better and AMD had nothing to throw against them. Intels timing was perfect, AMDs chip not competitive (aside from the price for low- to mid-end systems) and Intel was able to throw massive amounts of money into marketing and exclusive constracts to boot out AMD.

            But from todays perspective, we all bought trash - and as human nature is - we are in denial of sorts. I want to see this broken down, so that I have a somewhat educated point of view of why I was so stupid to believe the marketing back in the days so that it doesn't happen again. (It will, cause I'm just a human - but maybe it helps to at least venture around the shipbreaking cliffs)

            I'm pretty much done with Intel after seeing all those issues. I'm also done with Nvidia with their all-around bad behavior. But this puts me into a biased position of only having AMD as "savior" and I may fall into the "Apple cult" trap with this.

            Logic tells me "Doesn't matter, if AMD is the only choice left, who cares?" - and that doesn't sit... well with me.

            (PS: Not that I don't see how AMD pulled themselves out - +1 to all the engineers. But as always, if marketing/management fucks it all up again...)
            Last edited by Shevchen; 06-30-2020, 12:58 PM.

            Comment


            • #7
              It would be interesting to see how much performance impact this causes in the new AMD Ryzen vs Intel.

              Comment


              • #8
                Originally posted by Michael View Post

                Probably just in boxes, I don't think anything in the racks anymore. If I see a Bulldozer system still in a rack, will run some tests as I think I have a 3770K still in the racks, but otherwise not worth the time/energy digging them out of boxes.
                bulldozer vs 3770K or 2700K would be interesting for me to i still know people who use it.
                there are still people who buy cheap used stuff on ebay... and some hardware get new patches in the linux kernel like the HD7970
                Phantom circuit Sequence Reducer Dyslexia

                Comment


                • #9
                  I'm surprised KASLR has any impact whatsoever on performance.
                  I'm curious if this is test variability since KASLR actually does randomize stuff or if it is actually slower all the time?

                  Comment


                  • #10
                    Originally posted by Shevchen View Post

                    We know the marketing from both sides. An more neutral way of revisiting the past could offer us some insight on "why was AMD too early", "was the core µArch really that good" or did Intel just play on time?

                    Back in the days, Intel was better and AMD had nothing to throw against them. Intels timing was perfect, AMDs chip not competitive (aside from the price for low- to mid-end systems) and Intel was able to throw massive amounts of money into marketing and exclusive constracts to boot out AMD.

                    But from todays perspective, we all bought trash - and as human nature is - we are in denial of sorts. I want to see this broken down, so that I have a somewhat educated point of view of why I was so stupid to believe the marketing back in the days so that it doesn't happen again. (It will, cause I'm just a human - but maybe it helps to at least venture around the shipbreaking cliffs)

                    I'm pretty much done with Intel after seeing all those issues. I'm also done with Nvidia with their all-around bad behavior. But this puts me into a biased position of only having AMD as "savior" and I may fall into the "Apple cult" trap with this.

                    Logic tells me "Doesn't matter, if AMD is the only choice left, who cares?" - and that doesn't sit... well with me.

                    (PS: Not that I don't see how AMD pulled themselves out - +1 to all the engineers. But as always, if marketing/management fucks it all up again...)
                    well i have bought this chip back then (ok vishera 8350) and I was and I m still convinced it was the right choice. my main buying point was single core is not the future and yes compiling on linux was better then the 3770k or how it is called if I m using all cores. gaming was " bad" but only because multithreading was not a thing like it is now. at that time i was beliving that the change will be soon. turned out the change was to late and is just happening now with (mantle), dx12 and vulkan. besides shadow of the tombraider runs quite nicely.

                    i was usually choosing the underdogs since i felt betrayed by ms. i have joined the apple train before it was a cult because of hugh win xp dissatisfaction . and left it when i have noticed it is going to be fishy (around 2009) early signs of vendor lock in.

                    my advice and im not sure if i will always be able to follow it myself. try to see if there is real innovation. make a sience project out of it - try to find proof for claims or counterexamples thats true for everything.

                    for now i have left pure ubuntu - i still like the community and userbase but i really dislike snaps and the amazon spyware...so i have switched to popos. there is no amazon, no snaps and no mir etc but the good stuff of ubuntu with autotilling, good hybrid gfx support and flatpak ..

                    p.s. the problem of intel was that after fx they where arrogant and havent try to push it they just sold what they had without changing it...remember just a few years ago 4cores have been premium for almost a decade now it is budget maybe low mid range.

                    Comment

                    Working...
                    X