On Mon, Dec 5, 2022 at 3:17 PM Gary Buhrmaster
<gary.buhrmaster(a)gmail.com> wrote:
On Mon, Dec 5, 2022 at 7:58 PM Ben Cotton <bcotton(a)redhat.com> wrote:
>
>
https://fedoraproject.org/wiki/Changes/Add_FORTIFY_SOURCE%3D3_to_distribu...
>
It is my vague recollection (I could easily be wrong, so
correct me as appropriate) that _FORTIFY_SOURCE=3
adds some runtime overhead that did not apply in
previous levels.
If that is correct, has the potential performance impact
been evaluated and documented somewhere? And, if
correct, the change proposal should probably be modified
to mention the potential performance impacts.
There is indeed a theoretical concern over performance due to size
expressions vs constants, but none have been reported in practice.
OpenSUSE and Gentoo (at least) have had _FORTIFY_SOURCE=3 enabled by
default for nearly a year and there haven't seen any reports of
performance degradation. Besides, the magnitude of mitigation
coverage is *immense*. For example with bash, where only 3% of the
calls were fortified, now nearly half of the calls are fortified.
Likewise, sudo has gone from about 1% to nearly half.
Note that it doesn't mean that all those new calls have an additional
overhead; the compiler and glibc can also detect which of these
accesses are always safe and it simplifies the calls to the regular
ones. Overall even if there is a miniscule performance overhead, I
reckon the reward is much higher. Just ask the folks over at
OpenSUSE, they've uncovered a bunch of bugs over the last year thanks
to this feature.
I did a code size analysis though (since it's a much clearler problem
to analyze) and funnily, _FORTIFY_SOURCE=3 ended up *reducing* code
size by a tiny bit on average. Very few packages saw code size
increases beyond 1%, most were in the nearly negligible range. The
numbers are in the Google spreadsheet I linked to in the proposal,
under the "size summary" tab.
Sid