Announcement

**user1** · 04 January 2023, 10:16 AM

I wonder if Fedora can just raise the x86_64 requirements to v2 (since they wanted to remove legacy bios support anyway). I think it will at least somewhat mitigate the performance losses of these compiler flags.

**Volta** · 04 January 2023, 11:05 AM

Originally posted by Espionage724

I largely use Fedora for its security and SELinux, and don't really see an issue with this change even with a minor performance impact. Same with the profiling/debugging flags.

Right now, Fedora is much more secure than Windows ever was (or ever will be), so I see no reason for such bloatware. Especially when combined with the worst default CPU governor ever. Fedora should at least change mentioned bottleneck. If Facebook wants all this debugging enabled they should make their own bloatware distribution.

**markg85** · 04 January 2023, 11:20 AM

Building with _FORTIFY_SOURCE=3 may impact the size and performance of the code. Since _FORTIFY_SOURCE=2 generated only constant sizes, its overhead was negligible. However, _FORTIFY_SOURCE=3 may generate additional code to compute object sizes. These additions may also cause secondary effects, such as register pressure during code generation. Code size tends to increase the size of resultant binaries for the same reason.

We need a proper study of performance and code size to understand the magnitude of the impact created by _FORTIFY_SOURCE=3 additional runtime code generation. However the performance and code size overhead may well be worth it due to the magnitude of improvement in security coverage.

That is from their own blog post.

GCC's new fortification level: The gains and costs | Red Hat Developer

https://developers.redhat.com/articles/2022/09/17/gccs-new-fortification-level#the_gains_of_improved_security_coverage_outweigh_the_cost

Discover the gains and costs of GCC’s enhanced runtime buffer overflow protection. Level 3 _FORTIFY_SOURCE preprocessor macro may detect more buffer overflows,

You can bet this having a measurable performance impact if they already mention it in a blog post.

**Volta** · 04 January 2023, 11:33 AM

Originally posted by Espionage724

I figure if the profiling/debug flags help developers improve their apps, I'm all for that.

I'm assuming greatly Fedora and decision makers aren't implementing this stuff for giggles and wanting to intentionally slow-down their distro to make it less-appealing.

Most of the distros share the same code. Why Fedora wants to be sacrificed? I'm assuming they were payed by facebook and Fedora users will be beta testers for them. They do slow distribution down with their stupid CPU governor choice.

**skeevy420** · 04 January 2023, 11:55 AM

I thought it was funny when Linus suggested switching systemd to Rust in the form of a Phoronix headline:

Seriously, this just creates the desire to give up on this mess and start already with switching finally over to Rust.

**marios** · 04 January 2023, 12:02 PM

Originally posted by markg85 View Post

That is from their own blog post.

GCC's new fortification level: The gains and costs | Red Hat Developer

https://developers.redhat.com/articles/2022/09/17/gccs-new-fortification-level#the_gains_of_improved_security_coverage_outweigh_the_cost

Discover the gains and costs of GCC’s enhanced runtime buffer overflow protection. Level 3 _FORTIFY_SOURCE preprocessor macro may detect more buffer overflows,

You can bet this having a measurable performance impact if they already mention it in a blog post.

LoL, they didn't even measure the cost. They just admitted that cost is significant and claimed that the benefits outweigh the (unknown) cost... Highly scientific approach applied by Fedora...

**RahulSundaram** · 04 January 2023, 12:55 PM

Originally posted by marios View Post

They just admitted that cost is significant and claimed that the benefits outweigh the (unknown) cost... Highly scientific approach applied by Fedora...

Performance is covered in the change proposal and Phoronix linked to it as well.

**marios** · 04 January 2023, 01:06 PM

Originally posted by RahulSundaram View Post

Performance is covered in the change proposal and Phoronix linked to it as well.

0. I was talking about the linked blog post.
1. It was not covered in the other link as well. Where are the numbers that support that "there is no general slowdown due to this feature"?

**RahulSundaram** · 04 January 2023, 01:22 PM

Originally posted by marios View Post

0. I was talking about the linked blog post.
1. It was not covered in the other link as well. Where are the numbers that support that "there is no general slowdown due to this feature"?

The blog post is about the upstream feature and is not related to the Fedora change. The wiki and the ticket linked from the Fedora change proposal itself documents that change proposers ran the benchmarks noted there and found no difference in performance.

"Vladimir Makarov from my team ran SPEC2000 and SPEC2017 and found no difference in performance between _FORTIFY_SOURCE=2 and _FORTIFY_SOURCE=3. In fact, some tests in SPEC2000 ran slightly faster with _FORTIFY_SOURCE=3, which I'd love to study in future since it goes against what I had hypothesized."

Announcement

Fedora 38 To Beef Up Its Compiler Fortification Defenses

Fedora 38 To Beef Up Its Compiler Fortification Defenses

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment