W dniu 19.05.2022 o 05:15, Hellosway Here via devel pisze:
Add `slab_nomerge init_on_alloc=1 init_on_free=1 page_alloc.shuffle=1
pti=on randomize_kstack_offset=on vsyscall=none ` as default kernel
command line arguments.
Some of them are a matter of kernel configuration options. Which is
bett
On 5/23/22 14:50, Steve Grubb wrote:
> Hello,
>
> On Wednesday, May 18, 2022 11:15:16 PM EDT Hellosway Here via devel wrote:
>> Add `slab_nomerge init_on_alloc=1 init_on_free=1 page_alloc.shuffle=1
>> pti=on randomize_kstack_offset=on vsyscall=none ` as default kernel
>> command line arguments. Th
This thread was accidentally reposted, please reply to this one
https://lists.fedorahosted.org/archives/list/devel@lists.fedoraproject.org/thread/YJ4HKHMLBGCSXZ3S3NSTSARTJNAG7NXC/
.
I think it would be useful is there was a centralized CLI and GUI intyerface
for these, but it doesn't exist yet.
Hello,
On Wednesday, May 18, 2022 11:15:16 PM EDT Hellosway Here via devel wrote:
> Add `slab_nomerge init_on_alloc=1 init_on_free=1 page_alloc.shuffle=1
> pti=on randomize_kstack_offset=on vsyscall=none ` as default kernel
> command line arguments. This can help prevent local exploits by making i
On 5/22/22 01:58, Glorious Hellosway via devel wrote:
> That will create a very big performance hit, and disabling SMT will half the
> amount of threads. On the new CPUs with E and P cores, this can significantly
> decrease performance.
Speculative execution mitigations are table stakes if you w
On Saturday, 21 May 2022 19:31:59 BST Glorious Hellosway via devel wrote:
> For `slab_nomerge`, it can lead to very slight increase of kernel memory.
> `init_on_alloc=1` has a almost no performance impact, it is under 1% and is
> usually within standard error, but there is bug with zfs that can mak
That will create a very big performance hit, and disabling SMT will half the
amount of threads. On the new CPUs with E and P cores, this can significantly
decrease performance.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send
On 5/18/22 23:15, Hellosway Here via devel wrote:
> Add `slab_nomerge init_on_alloc=1 init_on_free=1 page_alloc.shuffle=1 pti=on
> randomize_kstack_offset=on vsyscall=none ` as default kernel command line
> arguments. This can help prevent local exploits by making it harder to
> exploit the kern
For `slab_nomerge`, it can lead to very slight increase of kernel memory.
`init_on_alloc=1` has a almost no performance impact, it is under 1% and is
usually within standard error, but there is bug with zfs that can make zfs
slower. `init_on_free=1` can be measured and is around 7-20% under cert
On Fri, 20 May 2022 13:26:14 +0100
Simon Farnsworth via devel wrote:
> On Thursday, 19 May 2022 04:15:16 BST Hellosway Here via devel wrote:
> > Add `slab_nomerge init_on_alloc=1 init_on_free=1
> > page_alloc.shuffle=1 pti=on randomize_kstack_offset=on
> > vsyscall=none ` as default kernel comman
On Thursday, 19 May 2022 04:15:16 BST Hellosway Here via devel wrote:
> Add `slab_nomerge init_on_alloc=1 init_on_free=1 page_alloc.shuffle=1 pti=on
> randomize_kstack_offset=on vsyscall=none ` as default kernel command line
> arguments. This can help prevent local exploits by making it harder to
>
Sorry, for the spam, but I realized I accidentally added `pti=on` into the list
of arguments that do not impact performance. `pit=on` can significantly impact
performance, by up to 30% in some cases.
___
devel mailing list -- devel@lists.fedoraproject.
I thought vsyscalls were obsolete, but leaving them, enabled doesn't really
impact security too much. Regarding performance, `page_alloc.shuffle=1` can
increase performance, and `slab_nomerge init_on_alloc=1 init_on_free=1 pti=on
randomize_kstack_offset=on` do not have a very noticeable performa
* Hellosway Here via devel:
> Add `slab_nomerge init_on_alloc=1 init_on_free=1 page_alloc.shuffle=1
> pti=on randomize_kstack_offset=on vsyscall=none ` as default kernel
> command line arguments. This can help prevent local exploits by making
> it harder to exploit the kernel. I do not think there
On Thu, May 19, 2022 at 03:15:16AM -, Hellosway Here via devel wrote:
> Add `slab_nomerge init_on_alloc=1 init_on_free=1 page_alloc.shuffle=1 pti=on
> randomize_kstack_offset=on vsyscall=none ` as default kernel command line
> arguments. This can help prevent local exploits by making it harde
Add `slab_nomerge init_on_alloc=1 init_on_free=1 page_alloc.shuffle=1 pti=on
randomize_kstack_offset=on vsyscall=none ` as default kernel command line
arguments. This can help prevent local exploits by making it harder to exploit
the kernel. I do not think there will be any breakage, I have been
Add `slab_nomerge init_on_alloc=1 init_on_free=1 page_alloc.shuffle=1 pti=on
randomize_kstack_offset=on vsyscall=none ` as default kernel command line
arguments. This can help prevent local exploits by making it harder to exploit
the kernel. I do not think there will be any breakage, I have been
17 matches
Mail list logo
