GrSecurity Linux Kernel To Focus More On Performance This Year

The GrSecurity patches to the Linux kernel have long focused on security enhancements but this year they are said to be taking on a larger focus of performance optimizations.

GrSecurity patches include PaX and various other security-based features, some of which items have ended up in the mainline Linux kernel years later in varying forms. In recent years, however, GrSecurity has just made their kernel patches and binaries only available to paying customers.

So while the matter of GrSecurity taking up a focus on kernel performance is interesting, the overall benefit may be limited but will be interesting to at least follow along with their progress via their frequent tweets. In announcing performance becoming a major focus this year, they say their initial work on a PaX-patched kernel can yield around 2% faster iPerf network performance compared to upstream.

Performance is a major focus of ours for this year. We're finding avenues for improvement at all levels, down to plugins that generate better code for common kernel constructs. As a result of this initial work, a PaX kernel with KERNEXEC on is 2% faster than upstream on iperf

— grsecurity (@grsecurity) March 17, 2020

They are said to be evaluating "all levels" of the kernel for better performance, including plug-ins for faster generated code of common kernel constructs.

Intel's Clear Linux kernel build has already shown there is much potential for the upstream Linux kernel to run faster as well as boot faster when trimming out the fat, applying various optimizations, and carrying extra patches.