Announcement

**user1** · 04 January 2023, 10:16 AM

I wonder if Fedora can just raise the x86_64 requirements to v2 (since they wanted to remove legacy bios support anyway). I think it will at least somewhat mitigate the performance losses of these compiler flags.

**Espionage724** · 04 January 2023, 10:46 AM

I largely use Fedora for its security and SELinux, and don't really see an issue with this change even with a minor performance impact. Same with the profiling/debugging flags.

**Volta** · 04 January 2023, 11:05 AM

Originally posted by Espionage724 View Post

I largely use Fedora for its security and SELinux, and don't really see an issue with this change even with a minor performance impact. Same with the profiling/debugging flags.

Right now, Fedora is much more secure than Windows ever was (or ever will be), so I see no reason for such bloatware. Especially when combined with the worst default CPU governor ever. Fedora should at least change mentioned bottleneck. If Facebook wants all this debugging enabled they should make their own bloatware distribution.

**Espionage724** · 04 January 2023, 11:12 AM

Originally posted by Volta View Post

Right now, Fedora is much more secure than Windows ever was (or ever will be), so I see no reason for such bloatware. Especially when combined with the worst default CPU governor ever. Fedora should at least change mentioned bottleneck. If Facebook wants all this debugging enabled they should make their own bloatware distribution.

I figure if the profiling/debug flags help developers improve their apps, I'm all for that.

I'm assuming greatly Fedora and decision makers aren't implementing this stuff for giggles and wanting to intentionally slow-down their distro to make it less-appealing.

**markg85** · 04 January 2023, 11:20 AM

Building with _FORTIFY_SOURCE=3 may impact the size and performance of the code. Since _FORTIFY_SOURCE=2 generated only constant sizes, its overhead was negligible. However, _FORTIFY_SOURCE=3 may generate additional code to compute object sizes. These additions may also cause secondary effects, such as register pressure during code generation. Code size tends to increase the size of resultant binaries for the same reason.

We need a proper study of performance and code size to understand the magnitude of the impact created by _FORTIFY_SOURCE=3 additional runtime code generation. However the performance and code size overhead may well be worth it due to the magnitude of improvement in security coverage.

That is from their own blog post.

GCC's new fortification level: The gains and costs | Red Hat Developer

https://developers.redhat.com/articles/2022/09/17/gccs-new-fortification-level#the_gains_of_improved_security_coverage_outweigh_the_cost

Discover the gains and costs of GCC’s enhanced runtime buffer overflow protection. Level 3 _FORTIFY_SOURCE preprocessor macro may detect more buffer overflows,

You can bet this having a measurable performance impact if they already mention it in a blog post.

**Volta** · 04 January 2023, 11:33 AM

Originally posted by Espionage724 View Post

I figure if the profiling/debug flags help developers improve their apps, I'm all for that.

I'm assuming greatly Fedora and decision makers aren't implementing this stuff for giggles and wanting to intentionally slow-down their distro to make it less-appealing.

Most of the distros share the same code. Why Fedora wants to be sacrificed? I'm assuming they were payed by facebook and Fedora users will be beta testers for them. They do slow distribution down with their stupid CPU governor choice.

**Espionage724** · 04 January 2023, 11:37 AM

Originally posted by Volta View Post

Most of the distros share the same code. Why Fedora wants to be sacrificed? I'm assuming they were payed by facebook and Fedora users will be beta testers for them.

Even if that were true, what's the issue? It's a change most people won't notice, helps security, and if successful, will be implemented as additional security for the world's largest social media network.

**skeevy420** · 04 January 2023, 11:55 AM

I thought it was funny when Linus suggested switching systemd to Rust in the form of a Phoronix headline:

Seriously, this just creates the desire to give up on this mess and start already with switching finally over to Rust.

**marios** · 04 January 2023, 12:02 PM

Originally posted by markg85 View Post

That is from their own blog post.

GCC's new fortification level: The gains and costs | Red Hat Developer

https://developers.redhat.com/articles/2022/09/17/gccs-new-fortification-level#the_gains_of_improved_security_coverage_outweigh_the_cost

Discover the gains and costs of GCC’s enhanced runtime buffer overflow protection. Level 3 _FORTIFY_SOURCE preprocessor macro may detect more buffer overflows,

You can bet this having a measurable performance impact if they already mention it in a blog post.

LoL, they didn't even measure the cost. They just admitted that cost is significant and claimed that the benefits outweigh the (unknown) cost... Highly scientific approach applied by Fedora...

Announcement

Fedora 38 To Beef Up Its Compiler Fortification Defenses

Fedora 38 To Beef Up Its Compiler Fortification Defenses

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment