Hello Michael, > Hey, > >> On 14 Apr 2020, at 15:36, Peter Müller wrote: >> >> Hello Michael, >> >> possibly, but I consider this as being too important in order to drop it due >> to performance concerns. CONFIG_PAGE_POISONING_NO_SANITY reduces some performance >> overhead of page poisoning, but since this is currently not enabled on i586, >> I did not use in on x86_64, either. > > Hmm, I am really not happy with such inconsistent configurations across multiple architectures. > > This is either a feature that we want or not, but we do not want it on one platform and not on the other. Yes, I am currently trying to clean this mess up as we have quite a bunch of those. Since we probably need to have a look at each in detail, I guess opening bugs makes more sense here... > > Although I would consider the performance overhead on x86_64 much smaller than i586. PAE might have the same advantage than x86_64. Yes, I think so too. > >> As mentioned, this is active on i586 already and I have not heard of IPFire >> being unusable on that architecture. :-) > > Well, let’s say it is not running that well any more. I would be surprised to hear that page poisoning is the sole reason for this. :-) Thanks, and best regards, Peter Müller > > -Michael > >> >> Thanks, and best regards, >> Peter Müller >> >>> Hi, >>> >>> Can you perform any performance benchmarks to see how much this impacts IPsec and IPS throughput? >>> >>> -Michael >>> >>>> On 14 Apr 2020, at 15:32, Peter Müller wrote: >>>> >>>> This is already active on i586 and prevents information leaks from freed >>>> data. >>>> >>>> Cc: Arne Fitzenreiter >>>> Signed-off-by: Peter Müller >>>> --- >>>> config/kernel/kernel.config.x86_64-ipfire | 4 +++- >>>> 1 file changed, 3 insertions(+), 1 deletion(-) >>>> >>>> diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire >>>> index b16d13504..f6819859d 100644 >>>> --- a/config/kernel/kernel.config.x86_64-ipfire >>>> +++ b/config/kernel/kernel.config.x86_64-ipfire >>>> @@ -6387,7 +6387,9 @@ CONFIG_DEBUG_KERNEL=y >>>> # >>>> # CONFIG_PAGE_EXTENSION is not set >>>> # CONFIG_DEBUG_PAGEALLOC is not set >>>> -# CONFIG_PAGE_POISONING is not set >>>> +CONFIG_PAGE_POISONING=y >>>> +# CONFIG_PAGE_POISONING_NO_SANITY is not set >>>> +CONFIG_PAGE_POISONING_ZERO=y >>>> # CONFIG_DEBUG_PAGE_REF is not set >>>> # CONFIG_DEBUG_RODATA_TEST is not set >>>> # CONFIG_DEBUG_OBJECTS is not set >>>> -- >>>> 2.16.4 >>> >