Re: Expanding the list of "Hardened Packages"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2013-03-29 at 10:48 -0700, John Reiser wrote:

> -fPIE code is larger and takes longer to execute.  The cost varies from
> minimal (< 2%) in many cases to 10% or more for "non-dynamic" arrays on i686.

Citation needed.

> -fPIE for Thumb mode on ARM is particularly painful.

Citation needed.

> RELRO can cost one extra page of physical RAM per process because the placement
> of the RELRO region tends to increase fragmentation and decrease sharability.

Almost true, but wildly misleading.

RELRO adds a class of variables that are "read-only after relocation
processing".  These are variables that _could not be shared anyway_
since their runtime value depends on where ld.so loads the process,
which is randomized.  They do have to be mapped to a different page, but
that's because you can't map less than a page.  And there's no
fragmentation cost, because the relro section is mapped immediately
after the normal rodata section.

I appreciate the concern for the extra page of dirty data per process
(actually per relro'd ELF object in the link map, including DSOs, but
let's not split hairs), but if we were concerned about 4k here and there
I assure you there are more deserving targets for that wrath than relro.

- ajax


-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux