[grsec] PaX: pageexec or segmexec performance numbers?

[Miguel Filipe]

Are there any numbers (benchmarks) about the performance penalty of
pageexec and/or segmexec on intel x86 machines?

The idea that I have is that page-exec on x86 involves a page-fault
for every (execute) access to a new page that will be treated by
pax... and that is performance-wise .. bad..

And that segmexec is a diferent approach that involves, mirroring the
process address space on two segments with diferent "write"
permissions, and compairing those two, to check if there was any
overwrite of the code segment.
This would mean doubling the mem-usage, at least for the code-segment
in segmexec mode.

I have the idea that segmexec is advised for being faster (on x86),
but I don't have any numbers, and I was trying to understand the
performance-wise consequences of each implementation.

And in arches that suport no-exec pages (has sparc or amd64), what are
the performance penalties? Anyone can give me some pointers?

stuff like: kernel compiles, mysql benches, or... any other benchmark
is good for me.. just to "grasp" a idea..


Best regards,


-- 
Miguel Sousa Filipe