From: Matt Laswell <laswell@infiniteio.com>
To: "dev@dpdk.org" <dev@dpdk.org>
Subject: [dpdk-dev] Question about ASLR
Date: Fri, 5 Sep 2014 13:57:04 -0500 [thread overview]
Message-ID: <CA+GnqAoy+jAB5RC5BPfmF6GOJmB6Pe_do5ePXzmKcPpxRC=fRA@mail.gmail.com> (raw)
Hey Folks,
A colleague noticed warnings in section 23.3 of the programmer's guide
about the use of address space layout randomization with multiprocess DPDK
applications. And, upon inspection, it appears that ASLR is enabled on our
target systems. We've never seen a problem that we could trace back to
ASLR, and we've never see a warning during EAL memory initialiization,
either, which is strange.
Given the choice, we would prefer to keep ASLR for security reasons. Given
that in our problem domain:
- We are running a multiprocess DPDK application
- We run only one DPDK application, which is a single compiled binary
- We have exactly one process running per logical core
- We're OK with interrupts coming just to the primary
- We handle interaction from our control plane via a separate shared
memory space
Is it OK in this circumstance to leave ASLR enabled? I think it probably
is, but would love to hear reasons why not and/or pitfalls that we need to
avoid.
Thanks in advance.
--
Matt Laswell
*infinite io*
next reply other threads:[~2014-09-05 18:52 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-05 18:57 Matt Laswell [this message]
2014-09-07 19:52 ` Richardson, Bruce
2014-09-08 12:40 ` Matt Laswell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CA+GnqAoy+jAB5RC5BPfmF6GOJmB6Pe_do5ePXzmKcPpxRC=fRA@mail.gmail.com' \
--to=laswell@infiniteio.com \
--cc=dev@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).