Expanding the list of "Hardened Packages"
John Reiser
jreiser at bitwagon.com
Mon Apr 1 18:28:17 UTC 2013
re: Expanding the list of "Hardened Packages"
> This proposal was originally at https://fedorahosted.org/fesco/ticket/1104
There is another performance interaction between -fPIE and prelinking.
Random placement due to -fPIE on a main program can invalidate the
pre-linking of shared libraries including glibc. As a result, costs
immediately after execve() can be larger because ld-linux must re-base
the library images dynamically inside the current process. If it happens
when there are dozens of shared libraries, then the delay can be substantial
because the interference is likely to cascade from one library to others.
It is not possible to share any page which ld-linux modifies, so the cost
is more physical RAM as well as more cycles.
In fact, random placement of vdso (linux-gate.so) causes a similar problem
around 7% of the time (with just one shared library) on i686. Here's my analysis
from 8 years ago: https://bugzilla.redhat.com/show_bug.cgi?id=162797#c4
--
More information about the devel
mailing list