Expanding the list of "Hardened Packages"
Adam Jackson
ajax at redhat.com
Mon Apr 1 11:58:43 UTC 2013
On Fri, 2013-03-29 at 10:48 -0700, John Reiser wrote:
> -fPIE code is larger and takes longer to execute. The cost varies from
> minimal (< 2%) in many cases to 10% or more for "non-dynamic" arrays on i686.
Citation needed.
> -fPIE for Thumb mode on ARM is particularly painful.
Citation needed.
> RELRO can cost one extra page of physical RAM per process because the placement
> of the RELRO region tends to increase fragmentation and decrease sharability.
Almost true, but wildly misleading.
RELRO adds a class of variables that are "read-only after relocation
processing". These are variables that _could not be shared anyway_
since their runtime value depends on where ld.so loads the process,
which is randomized. They do have to be mapped to a different page, but
that's because you can't map less than a page. And there's no
fragmentation cost, because the relro section is mapped immediately
after the normal rodata section.
I appreciate the concern for the extra page of dirty data per process
(actually per relro'd ELF object in the link map, including DSOs, but
let's not split hairs), but if we were concerned about 4k here and there
I assure you there are more deserving targets for that wrath than relro.
- ajax
More information about the devel
mailing list