On Wed, Jul 19, 2017 at 7:08 AM, Christopher Lameter <c...@linux.com> wrote: > On Tue, 18 Jul 2017, Thomas Garnier wrote: > >> Performance/Size impact: >> Hackbench (50% and 1600% loads): >> - PIE enabled: 7% to 8% on half load, 10% on heavy load. >> slab_test (average of 10 runs): >> - PIE enabled: 3% to 4% >> Kernbench (average of 10 Half and Optimal runs): >> - PIE enabled: 5% to 6% >> >> Size of vmlinux (Ubuntu configuration): >> File size: >> - PIE disabled: 472928672 bytes (-0.000169% from baseline) >> - PIE enabled: 216878461 bytes (-54.14% from baseline) > > Maybe we need something like CONFIG_PARANOIA so that we can determine at > build time how much performance we want to sacrifice for performance? > > Its going to be difficult to understand what all these hardening config > options do.
This kind of thing got discussed recently, and like CONFIG_EXPERIMENTAL, a global config doesn't really work. The best thing to do is to document each config as well as possible and system builders can decide. -Kees -- Kees Cook Pixel Security _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel