PIE on 64bit

Matthias Klose doko at ubuntu.com
Fri Apr 19 12:25:25 UTC 2013 

Am 18.04.2013 20:25, schrieb John Moser:
> Meant to go to list
> On Apr 18, 2013 2:15 PM, "John Moser" <john.r.moser at gmail.com> wrote:
> 
>>
>> On Apr 18, 2013 2:07 PM, "Insanity Bit" <colintrexob at gmail.com> wrote:
>>>
>>> On 64bit multiple services (pulseaudio, rsyslogd, many others) are
>> shipping without Position Independent Code. On 32bit there is a potential
>> performance hit for startup time... but there shouldn't be any performance
>> hit (or negligible) on 64bit.
>>>
>>
>> There is a continuous performance hit of under 1% without
>> -fomit-frame-pointer and under 6% with -fomit-frame-pointer on IA-32.  The
>> impact is statistically insignificant (i got 0.002% +/- 0.5%) on x86-64.
>>
>> The performance hit on IA-32 only applies to main executable code because
>> library code is PIC already.  This accounts for under 2% runtime, except in
>> X where it used to be 5%.  That makes the overall impact 2% of 6% or
>> 0.12%--which is non-existent if your CPU is ever at less than 99.88% load
>> because you would swiftly catch up.
>>
>> In other words:  there is NO PERFORMANCE HIT for PIE in any
>> non-laboratory, non-theoretical situation.  (Theo de Raadt argued this with
>> me once, using the term "very expensive" a lot.  I built two identical
>> Gentoo boxes and profiled them both extensively with oprofile.  It is
>> exactly a theoretical cost, and the performance concerns come from people
>> who have no clue what the execution flow of modern software looks like)

I'm tired to repeat that there *is* a performance penalty.  Building the python
interpreters with -fPIE results in about 15% slower benchmarks.  Building GCC
with -fPIE slows down the build times by 10-20%.

So maybe you want to have a python interpreter with -fPIE, accepting this
performance penalty, and gaining some security?  But what else do you gain by
building GCC with -fPIE besides forcing longer build times on developers?

I don't think that -fPIE is ready to be enabled by default, but maybe we need to
think about a better or easier way to enable it. However the current method
using the hardening-wrapper seems to work fine.

  Matthias

More information about the Ubuntu-devel-discuss mailing list