From owner-freebsd-arch@FreeBSD.ORG Fri Jul 25 08:50:20 2014 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2DBCE7FE; Fri, 25 Jul 2014 08:50:20 +0000 (UTC) Received: from r00tworld.com (r00tworld.com [212.85.137.150]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id AC5992536; Fri, 25 Jul 2014 08:50:18 +0000 (UTC) Received: from localhost (localhost.localdomain [127.0.0.1]) by r00tworld.com (8.13.1/8.13.1) with ESMTP id s6P8XnPr029277; Fri, 25 Jul 2014 10:33:49 +0200 Received: from r00tworld.com ([127.0.0.1]) by localhost (r00tworld.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 13915-09; Fri, 25 Jul 2014 10:33:43 +0200 (CEST) Received: from [192.168.111.1] (x.r00tworld.com [212.85.137.150]) by r00tworld.com (8.13.1/8.13.1) with ESMTP id s6P8Xbd5029260 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 25 Jul 2014 10:33:39 +0200 From: "PaX Team" To: Shawn Webb , "Robert N. M. Watson" Date: Fri, 25 Jul 2014 10:33:34 +0200 MIME-Version: 1.0 Subject: Re: [RFC] ASLR Whitepaper and Candidate Final Patch Reply-to: pageexec@freemail.hu Message-ID: <53D2165E.6871.5524D050@pageexec.freemail.hu> Priority: normal In-reply-to: References: <96C72773-3239-427E-A90B-D05FF0F5B782@freebsd.org>, <20140724175704.GT29618@pwnie.vrt.sourcefire.com>, X-mailer: Pegasus Mail for Windows (4.70) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.1.12 (r00tworld.com [212.85.137.150]); Fri, 25 Jul 2014 10:33:39 +0200 (CEST) X-Virus-Scanned: r00tworld Anti-Virus System Cc: Pedro Giffuni , Oliver Pinter , Bryan Drewery , freebsd-arch@freebsd.org X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Jul 2014 08:50:20 -0000 On 25 Jul 2014 at 8:17, Robert N. M. Watson wrote: > > The unixbench results are in. The overall scores are below. > > > > ASLR Disabled: 456.33 > > ASLR Enabled: 357.05 > > No ASLR: 474.03 > > > > I've uploaded the raw results to > > http://0xfeedface.org/~shawn/aslr/2014-07-24_benchmark.tar.gz > > > > Take these results with a grain of salt, given that some of unixbench's > > test are filesystem-related and I'm running ZFS on an old laptop with > > little RAM. It does show that there is a performance impact when ASLR is > > enabled. > > Just in case you've not spotted it, there's some useful benchmarking advice here: > > https://wiki.freebsd.org/BenchmarkAdvice > > Unfortunately, the numbers above are a bit opaque, as it's not clear > whether the differences/non-differences are statistically significant. I'm also wondering how stuff like power management was taken into account. Unixbench seems to run various programs for a fixed period of time but that doesn't mean much if thermal throttling, turbo modes, etc kick on and off at random points in the meantime. My suggestion would be to benchmark something that does a fixed amount of work instead (say compile a smaller package) *and* use the CPU's own performance counters (i.e., something like 'perf' on linux). In my experience a good ASLR implementation would not have a measurable impact at all, if there's anything then it's usually due to the too heavyweight entropy extraction method during execve on execve dominated loads (e.g., compiling something or apache forking for each request, etc). cheers, PaX Team