When tainting memory, the most important factor for performance is how often the tainted memory is manipulated, and how often CPU registers are involved in this manipulation.
For example, tainting a never accessed buffer will give you the taint result (no propagation) near instantly, no matter the size of the buffer. On the contrary, tainting even a single byte of the stack will rapidly cause a huge slowdown of the taint, if that byte is frequently accessed and cause for registers to be tainted (especially if
rsp becomes tainted).
When tainting virtual memory, keep in mind that the tainted range must be fully mapped at the starting point of the taint, for the taint to proceed. This also limits the size of a tainted virtual buffer, as contiguous pages are not necessarily always mapped.
Please sign in to leave a comment.