From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] kernel: enable page poisoning on x86_64
Date: Tue, 14 Apr 2020 16:36:49 +0200
Message-ID: <bbc1a44e-fc2c-944d-316a-6ed4af8ddca6@ipfire.org>
In-Reply-To: <2913F6C2-3EE3-4E50-9F4D-BBC4136519CB@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5873662293072129278=="
List-Id: <development.lists.ipfire.org>

--===============5873662293072129278==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hello Michael,

possibly, but I consider this as being too important in order to drop it due
to performance concerns. CONFIG_PAGE_POISONING_NO_SANITY reduces some perform=
ance
overhead of page poisoning, but since this is currently not enabled on i586,
I did not use in on x86_64, either.

As mentioned, this is active on i586 already and I have not heard of IPFire
being unusable on that architecture. :-)

Thanks, and best regards,
Peter M=C3=BCller

> Hi,
>=20
> Can you perform any performance benchmarks to see how much this impacts IPs=
ec and IPS throughput?
>=20
> -Michael
>=20
>> On 14 Apr 2020, at 15:32, Peter M=C3=BCller <peter.mueller(a)ipfire.org> w=
rote:
>>
>> This is already active on i586 and prevents information leaks from freed
>> data.
>>
>> Cc: Arne Fitzenreiter <arne.fitzenreiter(a)ipfire.org>
>> Signed-off-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
>> ---
>> config/kernel/kernel.config.x86_64-ipfire | 4 +++-
>> 1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/ker=
nel.config.x86_64-ipfire
>> index b16d13504..f6819859d 100644
>> --- a/config/kernel/kernel.config.x86_64-ipfire
>> +++ b/config/kernel/kernel.config.x86_64-ipfire
>> @@ -6387,7 +6387,9 @@ CONFIG_DEBUG_KERNEL=3Dy
>> #
>> # CONFIG_PAGE_EXTENSION is not set
>> # CONFIG_DEBUG_PAGEALLOC is not set
>> -# CONFIG_PAGE_POISONING is not set
>> +CONFIG_PAGE_POISONING=3Dy
>> +# CONFIG_PAGE_POISONING_NO_SANITY is not set
>> +CONFIG_PAGE_POISONING_ZERO=3Dy
>> # CONFIG_DEBUG_PAGE_REF is not set
>> # CONFIG_DEBUG_RODATA_TEST is not set
>> # CONFIG_DEBUG_OBJECTS is not set
>> --=20
>> 2.16.4
>=20

--===============5873662293072129278==--