Re: Performance Impact of skb_segment Security Fix

From: Azqa Nadeem
Date: Tue Jul 22 2014 - 05:02:18 EST

Next message: Jiri Slaby: "Re: [PATCH 3.12 000/170] 3.12.25-stable review"
Previous message: Belisko Marek: "Re: [PATCH 1/7] arm: dts: omap3-gta04: Add nand support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I am a researcher at EPFL, Switzerland. I study software vulnerabilities
with the aim of building better tools to protect developers against security
bugs. Recently the skb_sgement() was patched
(http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1fd819ecb90cc9b822cd84d3056ddba315d3340f)
fixing the CVE-2014-0131 vulnerability
(http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0131) in the Linux
Kernel. I am interested in the performance implications of this patch; could
you help me answering the following questions:

Do you think the bug fix for skb_segment() function can have any performance
implications? If so, how much will the added checks add to the run time of
the function?
Is skb_segment() function part of the core functionality of the software?
What fraction of time is expected to be spent in this function?

Your answers will help us to better characterize the trade offs between
performance and security in popular software.

--
Regards,
Azqa Nadeem
Internee - Dependable Systems Lab
EPFL, Switzerland
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jiri Slaby: "Re: [PATCH 3.12 000/170] 3.12.25-stable review"
Previous message: Belisko Marek: "Re: [PATCH 1/7] arm: dts: omap3-gta04: Add nand support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]