From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1LQljd-0004Ux-38 for garchives@archives.gentoo.org; Sat, 24 Jan 2009 16:51:53 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C137BE04D7; Sat, 24 Jan 2009 16:51:51 +0000 (UTC) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.156]) by pigeon.gentoo.org (Postfix) with ESMTP id 84D6DE04D7 for ; Sat, 24 Jan 2009 16:51:51 +0000 (UTC) Received: by fg-out-1718.google.com with SMTP id e21so3006450fga.14 for ; Sat, 24 Jan 2009 08:51:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=wxyxTfm94KFvVaS4Jc5v8Ed7l6ZYi9fPcNxCbdkOcEo=; b=IjrWp9GCsETByPWh++mQ2iYRdUkdsksBOJ+gI2m3YzlI4WR3GSYHdu2xqAtzSo3dhE h31cIM5ASR54GFgRVyo7VG27W50KyabR2iU6M5SBCtW8Wl7gaBAwZB9IW/4Wx9/neK/2 6s6R1as81L0VrjgbmL7fJ7+161xnGAT4GnOVc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=MjBPQLa9A0emzosnwC6b/BzritblpqODxN/48/Et9CEq6dk3XORvFE24dCIZz0PDjx E4n5K/0RHYPYbvusVUabf82e+8GeqCuvDbYIwBX5JZM4pAXZGn71v9x5ws62nJatopQ7 R5icUtciIVmQ+8J1xYqEnqEeaupHi2EL1q+UI= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Received: by 10.181.199.6 with SMTP id b6mr4173979bkq.137.1232815910721; Sat, 24 Jan 2009 08:51:50 -0800 (PST) In-Reply-To: <497B459F.21727.1AE408@pageexec.freemail.hu> References: <49bf44f10901222037x6efccacbqd428e5e7be0899f6@mail.gmail.com> <35572ca80901230852g16362bc1q76697e4a6638033f@mail.gmail.com> <49bf44f10901230916m7653bc48q451575a4a07e8e86@mail.gmail.com> <497B459F.21727.1AE408@pageexec.freemail.hu> Date: Sat, 24 Jan 2009 08:51:50 -0800 Message-ID: <49bf44f10901240851v2f71f26bmc704e95fd0140ad3@mail.gmail.com> Subject: Re: [gentoo-hardened] Grsecurity slows down a web server? From: Grant To: gentoo-hardened@lists.gentoo.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: ac1a206d-cdc3-4dde-b327-fe3a24460c3a X-Archives-Hash: 27f4b06b7e675fedfd810509719cd24d >> > There is no "nx" in your cpuinfo flags. Therefore, your P4 does not >> > have the hardware NX bit (or XD bit in Intel wording) >> >> I do have SEGMEXEC enabled though. Should it still be noticeably (but >> slightly) slower? If so, I suppose the best thing to do would be to >> upgrade the CPU? > > if both PAGEEXEC and SEGMEXEC are enabled, PaX uses one of them by default, > depending on whether your CPU and kernel config supports the NX bit or not > (yes, you need to enable PAE support in the kernel in order to actually be > able to use the NX bit). in your case the CPU has no NX support so PaX should > have fallen back to SEGMEXEC (pspax could confirm it) and not PAGEEXEC. can > you check what really happened? because if PAGEEXEC was chosen by default on > your CPU, there's a bug somewhere... Nope, you guys are absolutely right. It falls back to peMRS whether or not I enable PAGEEXEC since I don't have the nx flag. - Grant