Benchmarking The Performance Overhead To Linux's Proposed FGKASLR Security Feature

Written by Michael Larabel in Software on 30 June 2020 at 10:40 AM EDT. Page 4 of 4. 14 Comments.

The Apache web server performance didn't change much compared to the hit taken by KASLR.

When benchmarking various operating system primitives were some minor costs involved with KASLR/FGKASLR.

When taking the geometric mean for the 27 tests run in the three configurations, having just KASLR (as is common among most Linux kernel builds right now) the performance overhead was just about 1% with the different tests carried out. However, with the proposed Function Granular Kernel Address Space Layout Randomization (FGKASLR), the patched kernel was running at 95% the original speed, or around a 4% performance hit on top of KASLR for this added protection of fending off potential attacks/exploits that rely on being able to predict given memory addresses of kernel functions. As of writing with Linux 5.8, FGKASLR hasn't been mainlined but we'll see where these proposed patches out of the open-source Intel Linux kernel team go over the weeks/months ahead.

If you enjoyed this article consider joining Phoronix Premium to view this site ad-free, multi-page articles on a single page, and other benefits. PayPal or Stripe tips are also graciously accepted. Thanks for your support.


Related Articles
Intel Core Ultra "Meteor Lake" Performance Improves With Linux 6.9
GCC 14 vs. LLVM Clang 18 Compiler Performance On Fedora 40
Intel Xeon Max Sees Some Performance Gains For OpenVINO & ONNX With Linux 6.9
Linux 6.9 Drives AMD 4th Gen EPYC Performance Even Higher For Some Workloads
Intel Core Ultra "Meteor Lake" Yields Faster Performance With Linux 6.9
Google Cloud's C3D Instances Provide Strong Performance Value For PingCAP's TiDB
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.