Re: PostgreSQL and ASLR on Linux

From: Andres Freund <andres(at)2ndquadrant(dot)com>
To: Robert Haas <robertmhaas(at)gmail(dot)com>
Cc: "Robert Lerche (rlerche)" <rlerche(at)cisco(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, "Sailesh Krishnamurthy (sailkris)" <sailkris(at)cisco(dot)com>
Subject: Re: PostgreSQL and ASLR on Linux
Date: 2013-08-05 00:54:05
Message-ID: 20130805005405.GA18140@alap2.anarazel.de
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On 2013-08-04 20:33:50 -0400, Robert Haas wrote:
> On Wed, Jul 31, 2013 at 4:35 PM, Robert Lerche (rlerche)
> <rlerche(at)cisco(dot)com> wrote:
> > Hi. Has anyone had experience building PostgreSQL to support Address Space
> > Layout Randomization (ASLR)? I recently took a brute-force approach
> > (compiling everything with -fPIC and specifying -pie on all executables).
> > This worked, but a (very superficial) performance test indicated a high cost
> > (around 50%, much more than I expected). This was on 64-bit Linux
> > x86.

What benchmark did you run? Did you run a profile?

I am not really surprised that compiling the backend itself as position
independent code has a high price. There's lots of switch/jump tables in
pg that are called in hot paths. Adding math to those will have a price.

> > Google turns up some references to the Ubuntu distribution of version 8.3
> > being built this way but nothing much more interesting.
> >
> > I’d appreciate any information or help anyone can give me on this. Thanks.
>
> AFAIK you've got it backwards: ASLR is something that happens
> automatically, unless you take steps to suppress it, at least on MacOS
> X. I not long ago built with EXEC_BACKEND on that platform and found
> that it broke stuff until I disabled ASLR.

ALSR for code can only happen if code is built as position independent
code, otherwise addresses are hardcoded. That is - in modern unixoid
systems - nearly always the case for shared libraries et al, but not
necessarily for plain binaries or statically linked code. The above
referenced -fPIC and -pie make the code/executable position independent.

Greetings,

Andres Freund

--
Andres Freund http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2013-08-05 00:57:12 Re: query_planner() API change
Previous Message Robert Haas 2013-08-05 00:33:50 Re: PostgreSQL and ASLR on Linux