Date: Fri, 25 Jul 2014 10:33:34 +0200 From: "PaX Team" <pageexec@freemail.hu> To: Shawn Webb <lattera@gmail.com>, "Robert N. M. Watson" <rwatson@FreeBSD.org> Cc: Pedro Giffuni <pfg@freebsd.org>, Oliver Pinter <oliver.pntr@gmail.com>, Bryan Drewery <bdrewery@FreeBSD.org>, freebsd-arch@freebsd.org Subject: Re: [RFC] ASLR Whitepaper and Candidate Final Patch Message-ID: <53D2165E.6871.5524D050@pageexec.freemail.hu> In-Reply-To: <F0959F48-53D2-4F9B-9FC2-641F8BD6A5EC@FreeBSD.org> References: <96C72773-3239-427E-A90B-D05FF0F5B782@freebsd.org>, <20140724175704.GT29618@pwnie.vrt.sourcefire.com>, <F0959F48-53D2-4F9B-9FC2-641F8BD6A5EC@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 25 Jul 2014 at 8:17, Robert N. M. Watson wrote: > > The unixbench results are in. The overall scores are below. > > > > ASLR Disabled: 456.33 > > ASLR Enabled: 357.05 > > No ASLR: 474.03 > > > > I've uploaded the raw results to > > http://0xfeedface.org/~shawn/aslr/2014-07-24_benchmark.tar.gz > > > > Take these results with a grain of salt, given that some of unixbench's > > test are filesystem-related and I'm running ZFS on an old laptop with > > little RAM. It does show that there is a performance impact when ASLR is > > enabled. > > Just in case you've not spotted it, there's some useful benchmarking advice here: > > https://wiki.freebsd.org/BenchmarkAdvice > > Unfortunately, the numbers above are a bit opaque, as it's not clear > whether the differences/non-differences are statistically significant. I'm also wondering how stuff like power management was taken into account. Unixbench seems to run various programs for a fixed period of time but that doesn't mean much if thermal throttling, turbo modes, etc kick on and off at random points in the meantime. My suggestion would be to benchmark something that does a fixed amount of work instead (say compile a smaller package) *and* use the CPU's own performance counters (i.e., something like 'perf' on linux). In my experience a good ASLR implementation would not have a measurable impact at all, if there's anything then it's usually due to the too heavyweight entropy extraction method during execve on execve dominated loads (e.g., compiling something or apache forking for each request, etc). cheers, PaX Team
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53D2165E.6871.5524D050>