On Tue, Dec 06, 2022 at 08:19:22AM +0000, Daniel P. Berrangé wrote:
On Tue, Dec 06, 2022 at 03:12:19AM +0000, Gary Buhrmaster wrote:
> On Mon, Dec 5, 2022 at 10:53 PM Neal Gompa <ngompa13(a)gmail.com> wrote:
>
> > It has a similar impact that turning back on frame pointers would.
> >
> > Cf.
https://developers.redhat.com/articles/2022/09/17/gccs-new-fortification-...
> >
>
> That article explicitly states:
> "We need a proper study of performance and code size to understand
> the magnitude of the impact"
>
> I look forward to seeing the results of that proper study before
> this is even considered for approval (since, after all, one of the
> strong push-backs for -fno-omit-frame-pointer was performance).
Note that is not a fully equivalent scenario. The no-omit-frame-pointer
proposal was only offering a functional debugging benefit to a fairly
small number of users who are also developers, while adding a likely
performance hit to all users. There needs to be a high bar to justify
the performance hit when the benefit offered is narrow.
I'm not sure about this - more reliable stack traces affect anyone who
hits a bug, which is all users. (Plus we should strive to turn more
users into developers as a general point about computing.)
This proposal is adding a functional security benefit to all users,
alongside the possible performance hit. This is more easily justifiable,
especially given Fedora's track record of being willing to security
improvements even when they have a performance hit.
I agree here.
Rich.
--
Richard Jones, Virtualization Group, Red Hat
http://people.redhat.com/~rjones
Read my programming and virtualization blog:
http://rwmj.wordpress.com
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages.
http://libguestfs.org