Benchmarking The Performance Overhead To Linux's Proposed FGKASLR Security Feature
The Apache web server performance didn't change much compared to the hit taken by KASLR.
When benchmarking various operating system primitives were some minor costs involved with KASLR/FGKASLR.
When taking the geometric mean for the 27 tests run in the three configurations, having just KASLR (as is common among most Linux kernel builds right now) the performance overhead was just about 1% with the different tests carried out. However, with the proposed Function Granular Kernel Address Space Layout Randomization (FGKASLR), the patched kernel was running at 95% the original speed, or around a 4% performance hit on top of KASLR for this added protection of fending off potential attacks/exploits that rely on being able to predict given memory addresses of kernel functions. As of writing with Linux 5.8, FGKASLR hasn't been mainlined but we'll see where these proposed patches out of the open-source Intel Linux kernel team go over the weeks/months ahead.
If you enjoyed this article consider joining Phoronix Premium to view this site ad-free, multi-page articles on a single page, and other benefits. PayPal or Stripe tips are also graciously accepted. Thanks for your support.