Benchmarking The Performance Overhead To Linux's Proposed FGKASLR Security Feature
Written by Michael Larabel in Software on 30 June 2020. Page 4 of 4. 14 Comments

The Apache web server performance didn't change much compared to the hit taken by KASLR.

When benchmarking various operating system primitives were some minor costs involved with KASLR/FGKASLR.

When taking the geometric mean for the 27 tests run in the three configurations, having just KASLR (as is common among most Linux kernel builds right now) the performance overhead was just about 1% with the different tests carried out. However, with the proposed Function Granular Kernel Address Space Layout Randomization (FGKASLR), the patched kernel was running at 95% the original speed, or around a 4% performance hit on top of KASLR for this added protection of fending off potential attacks/exploits that rely on being able to predict given memory addresses of kernel functions. As of writing with Linux 5.8, FGKASLR hasn't been mainlined but we'll see where these proposed patches out of the open-source Intel Linux kernel team go over the weeks/months ahead.

If you enjoyed this article consider joining Phoronix Premium to view this site ad-free, multi-page articles on a single page, and other benefits. PayPal tips are also graciously accepted. Thanks for your support.


Related Articles
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.


Trending Linux News