Hi!
I'm using 4.8.17-hardened-r2, Core i7-2600K @ 4.5GHz, nvidia&virtualbox.
Because of nvidia-drivers I had to switch off CONFIG_PAX_RAP.
Because of virtualbox-modules I had to switch off CONFIG_PAX_RANDKSTACK
and CONFIG_PAX_MEMORY_UDEREF.
Because of both I can't use KERNEXEC method "or".
All other options which increase security without noticeable performance
penalty (like memory sanitize) are switched on.
The question is, while I was expecting SOME slowdown because of enabled
KERNEXEC with method "bts", I was surprised to see 35% slowdown - it this
expected to be that high, or it is a problem with my configuration?
The actual numbers for running
make distclean && cp ../config.backup .config && time make -j8
second time after boot into single-user mode:
- with KERNEXEC/bts:
real 5m46.685s
user 36m4.736s
sys 3m26.478s
- without KERNEXEC:
real 4m17.914s
user 27m52.945s
sys 2m35.560s
--
WBR, Alex.
I'm using 4.8.17-hardened-r2, Core i7-2600K @ 4.5GHz, nvidia&virtualbox.
Because of nvidia-drivers I had to switch off CONFIG_PAX_RAP.
Because of virtualbox-modules I had to switch off CONFIG_PAX_RANDKSTACK
and CONFIG_PAX_MEMORY_UDEREF.
Because of both I can't use KERNEXEC method "or".
All other options which increase security without noticeable performance
penalty (like memory sanitize) are switched on.
The question is, while I was expecting SOME slowdown because of enabled
KERNEXEC with method "bts", I was surprised to see 35% slowdown - it this
expected to be that high, or it is a problem with my configuration?
The actual numbers for running
make distclean && cp ../config.backup .config && time make -j8
second time after boot into single-user mode:
- with KERNEXEC/bts:
real 5m46.685s
user 36m4.736s
sys 3m26.478s
- without KERNEXEC:
real 4m17.914s
user 27m52.945s
sys 2m35.560s
--
WBR, Alex.
Attached Files:
-
.config (119 KB)