Re: [PATCH v3 10/10] x86-64: Add CONFIG_UNSAFE_VSYSCALLS to feature-removal-schedule

From: Valdis . Kletnieks
Date: Wed Jun 01 2011 - 14:30:36 EST

Next message: Dmitry Eremin-Solenikov: "Re: [PATCH] Make GFP_DMA allocations w/o ZONE_DMA emit a warninginstead of failing"
Previous message: Mark Brown: "Re: [PATCH 2/10] sound/soc/nuc900/nuc900-ac97.c: add missing clk_put"
In reply to: Andrew Lutomirski: "Re: [PATCH v3 10/10] x86-64: Add CONFIG_UNSAFE_VSYSCALLS to feature-removal-schedule"
Next in thread: Ingo Molnar: "Re: [PATCH v3 10/10] x86-64: Add CONFIG_UNSAFE_VSYSCALLS tofeature-removal-schedule"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 01 Jun 2011 13:41:56 EDT, Andrew Lutomirski said:

>> + On a system with recent enough glibc (probably 2.14 or
>> + newer) and no static binaries, you can say N without a
>> + performance penalty to improve security
>>
>> So I checked my laptop (Fedora 16 Rawhide), and found a bunch of static binaries. The ones
>> that look like people may care:

> The binaries will still work -- they'll just take a small performance
> hit (~220ns on Sandy Bridge) every time they call time().

Ah. I misparsed the Kconfig help - I read it as "If you have no static binaries,
setting this to N doesn't introduce a performance hit" (with an implied "if you
have static binaries, this will hose you"). Adding "Static binaries will continue
to work at a very small performance penalty" would probably help.

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Dmitry Eremin-Solenikov: "Re: [PATCH] Make GFP_DMA allocations w/o ZONE_DMA emit a warninginstead of failing"
Previous message: Mark Brown: "Re: [PATCH 2/10] sound/soc/nuc900/nuc900-ac97.c: add missing clk_put"
In reply to: Andrew Lutomirski: "Re: [PATCH v3 10/10] x86-64: Add CONFIG_UNSAFE_VSYSCALLS to feature-removal-schedule"
Next in thread: Ingo Molnar: "Re: [PATCH v3 10/10] x86-64: Add CONFIG_UNSAFE_VSYSCALLS tofeature-removal-schedule"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]