On Tue, Dec 6, 2022 at 10:41 AM Siddhesh Poyarekar <siddhesh@xxxxxxxxxx> wrote: > > On Tue, Dec 6, 2022 at 10:26 AM Gary Buhrmaster > <gary.buhrmaster@xxxxxxxxx> wrote: > > > > On Tue, Dec 6, 2022 at 3:16 PM Siddhesh Poyarekar <siddhesh@xxxxxxxxxx> wrote: > > > > > My full comment in that blog post is: > > > > > > "We need a proper study of performance and code size to understand the > > > magnitude of the impact created by _FORTIFY_SOURCE=3 additional > > > runtime code generation. However the performance and code size > > > overhead may well be worth it due to the magnitude of improvement in > > > security coverage." > > > > The key word is *MAY*. That is not considered > > to be a conclusion supported by the evidence > > presented (at least in any scientific paper I > > have reviewed). > > I have added a performance note[1] in the proposal. SPEC2000 and SPEC2017 results with _FORTIFY_SOURCE=2 vs _FORTIFY_SOURCE=3 show practically no difference in performance. I have updated the wiki to note this and the fact that this should alleviate any concerns of a general slowdown. However I do request package maintainers to report any slowdown they experience due to building with _FORTIFY_SOURCE=3 so that we get a better understanding. Always happy to help keep performance up to par even as we improve security mitigations. Thanks, Sid _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue