[PATCH RFC] __builtin_dynamic_object_size with -D_FORTIFY_SOURCE=3
Jakub Jelinek
jakub@redhat.com
Mon Nov 30 10:56:39 GMT 2020
On Mon, Nov 30, 2020 at 11:06:47AM +0100, Florian Weimer wrote:
> * Siddhesh Poyarekar:
>
> > Besides the bug, do you think a performance tradeoff should result in
> > us having this 2 vs 3 differentiation? I didn't make the 2 vs 3
> > proposal specifically to work around this bug although though it does
> > make it easier for us to add support into glibc without blocking on
> > llvm fixing it. In general, dynamic object size checks may end up
> > having an additional performance tradeoff (even __bdos without this
> > bug will have additional instructions emitted, perhaps even spills,
> > making them a wee bit slower) and it may be desirable to have a
> > separate fortification level to allow developers to choose.
>
> I really dislike more developer choices. I think we should experiment
> with this with a fixed Clang, and see what the generated code looks like
> in practice.
I think it is very important to give developers a choice. Because,
otherwise if the dynamic bounded pointers tracking is too costly for them,
they will disable all fortification, even the cheap ones, which will in the
end be worse for security.
Jakub
More information about the Libc-alpha
mailing list