I'm using 4.8.17-hardened-r2, Core i7-2600K @ 4.5GHz, nvidia&virtualbox.
Because of nvidia-drivers I had to switch off CONFIG_PAX_RAP.
Because of virtualbox-modules I had to switch off CONFIG_PAX_RANDKSTACK
Because of both I can't use KERNEXEC method "or".
All other options which increase security without noticeable performance
penalty (like memory sanitize) are switched on.
The question is, while I was expecting SOME slowdown because of enabled
KERNEXEC with method "bts", I was surprised to see 35% slowdown - it this
expected to be that high, or it is a problem with my configuration?
The actual numbers for running
make distclean && cp ../config.backup .config && time make -j8
second time after boot into single-user mode:
- with KERNEXEC/bts:
- without KERNEXEC: