> From: Qing Zhao
> Date: Tue, 19 Sep 2023 14:19:09 +
> > On Sep 17, 2023, at 12:36 PM, Hans-Peter Nilsson via Gcc-patches
> > wrote:
> >> From: Sam James
> >> Date: Sun, 17 Sep 2023 05:00:37 +0100
> >> Did some bug ever get filed for this to see if we can do a bit
> >> better here?
> >
>
I'd like to provide some data-points on hardening-related flags, as I've
spent some time with Sam documenting their usage across various
distributions here[1]. I also attached the relevant file to this email
for archiving purposes.
tl'dr: the suggested flag selection for `-fhardened` is not only s
> On Sep 17, 2023, at 12:36 PM, Hans-Peter Nilsson via Gcc-patches
> wrote:
>
>> From: Sam James
>> Date: Sun, 17 Sep 2023 05:00:37 +0100
>
>> Hans-Peter Nilsson via Gcc-patches writes:
>>
Date: Tue, 29 Aug 2023 15:42:27 -0400
From: Marek Polacek via Gcc-patches
>>>
Surel
> From: Sam James
> Date: Mon, 18 Sep 2023 08:21:45 +0100
> Hans-Peter Nilsson writes:
>
> >> From: Sam James
> >> Date: Sun, 17 Sep 2023 05:00:37 +0100
> >
> >> Hans-Peter Nilsson via Gcc-patches writes:
> >> > The situation was described as "we noticed that some test
> >> > suites takes 35%
Hans-Peter Nilsson writes:
>> From: Sam James
>> Date: Sun, 17 Sep 2023 05:00:37 +0100
>
>> Hans-Peter Nilsson via Gcc-patches writes:
>>
>> >> Date: Tue, 29 Aug 2023 15:42:27 -0400
>> >> From: Marek Polacek via Gcc-patches
>> >
>> >> Surely, there must be no ABI impact, the option cannot c
> From: Sam James
> Date: Sun, 17 Sep 2023 05:00:37 +0100
> Hans-Peter Nilsson via Gcc-patches writes:
>
> >> Date: Tue, 29 Aug 2023 15:42:27 -0400
> >> From: Marek Polacek via Gcc-patches
> >
> >> Surely, there must be no ABI impact, the option cannot cause
> >> severe performance issues,
> >
Hans-Peter Nilsson via Gcc-patches writes:
>> Date: Tue, 29 Aug 2023 15:42:27 -0400
>> From: Marek Polacek via Gcc-patches
>
>> Surely, there must be no ABI impact, the option cannot cause
>> severe performance issues,
>
>> Currently, -fhardened enables:
> ...
>> -ftrivial-auto-var-init=zero
> Date: Tue, 29 Aug 2023 15:42:27 -0400
> From: Marek Polacek via Gcc-patches
> Surely, there must be no ABI impact, the option cannot cause
> severe performance issues,
> Currently, -fhardened enables:
...
> -ftrivial-auto-var-init=zero
> Thoughts?
Regarding -ftrivial-auto-var-init=zero, I
Am Freitag, dem 15.09.2023 um 11:11 -0400 schrieb Marek Polacek:
> On Wed, Aug 30, 2023 at 10:46:14AM +0200, Martin Uecker wrote:
> > > Improving the security of software has been a major trend in the recent
> > > years. Fortunately, GCC offers a wide variety of flags that enable extra
> > > harde
On Fri, Sep 01, 2023 at 10:09:28PM +, Qing Zhao via Gcc-patches wrote:
>
>
> > On Aug 29, 2023, at 3:42 PM, Marek Polacek via Gcc-patches
> > wrote:
> >
> > Improving the security of software has been a major trend in the recent
> > years. Fortunately, GCC offers a wide variety of flags t
On Mon, Sep 04, 2023 at 11:40:34PM +0100, Richard Sandiford wrote:
> Qing Zhao via Gcc-patches writes:
> >> On Aug 29, 2023, at 3:42 PM, Marek Polacek via Gcc-patches
> >> wrote:
> >>
> >> Improving the security of software has been a major trend in the recent
> >> years. Fortunately, GCC offe
On Wed, Aug 30, 2023 at 03:08:46PM +0200, Richard Biener wrote:
> On Wed, Aug 30, 2023 at 12:51 PM Jakub Jelinek via Gcc-patches
> wrote:
> >
> > On Tue, Aug 29, 2023 at 03:42:27PM -0400, Marek Polacek via Gcc-patches
> > wrote:
> > > + if (UNLIKELY (flag_hardened)
> > > + && (opt
On Wed, Aug 30, 2023 at 12:50:40PM +0200, Jakub Jelinek wrote:
> On Tue, Aug 29, 2023 at 03:42:27PM -0400, Marek Polacek via Gcc-patches wrote:
> > + if (UNLIKELY (flag_hardened)
> > + && (opt->code == OPT_D || opt->code == OPT_U))
> > + {
> > + if (!fortify_seen_p)
> > +
On Wed, Aug 30, 2023 at 05:06:57PM +0800, Xi Ruoyao via Gcc-patches wrote:
> On Tue, 2023-08-29 at 15:42 -0400, Marek Polacek via Gcc-patches wrote:
> > + if (UNLIKELY (flag_hardened)
> > + && (opt->code == OPT_D || opt->code == OPT_U))
> > + {
> > + if (!f
On Wed, Aug 30, 2023 at 10:46:14AM +0200, Martin Uecker wrote:
> > Improving the security of software has been a major trend in the recent
> > years. Fortunately, GCC offers a wide variety of flags that enable extra
> > hardening. These flags aren't enabled by default, though. And since
> > ther
On Wed, Aug 30, 2023 at 3:42 AM Marek Polacek via Gcc-patches
wrote:
>
> Improving the security of software has been a major trend in the recent
> years. Fortunately, GCC offers a wide variety of flags that enable extra
> hardening. These flags aren't enabled by default, though. And since
> the
Qing Zhao via Gcc-patches writes:
>> On Aug 29, 2023, at 3:42 PM, Marek Polacek via Gcc-patches
>> wrote:
>>
>> Improving the security of software has been a major trend in the recent
>> years. Fortunately, GCC offers a wide variety of flags that enable extra
>> hardening. These flags aren't
> On Aug 29, 2023, at 3:42 PM, Marek Polacek via Gcc-patches
> wrote:
>
> Improving the security of software has been a major trend in the recent
> years. Fortunately, GCC offers a wide variety of flags that enable extra
> hardening. These flags aren't enabled by default, though. And since
On Wed, Aug 30, 2023 at 12:51 PM Jakub Jelinek via Gcc-patches
wrote:
>
> On Tue, Aug 29, 2023 at 03:42:27PM -0400, Marek Polacek via Gcc-patches wrote:
> > + if (UNLIKELY (flag_hardened)
> > + && (opt->code == OPT_D || opt->code == OPT_U))
> > + {
> > + if (!fort
On Tue, Aug 29, 2023 at 03:42:27PM -0400, Marek Polacek via Gcc-patches wrote:
> + if (UNLIKELY (flag_hardened)
> + && (opt->code == OPT_D || opt->code == OPT_U))
> + {
> + if (!fortify_seen_p)
> + fortify_seen_p = !strncmp (opt->arg, "_FORTIFY_SOURCE",
On Tue, 2023-08-29 at 15:42 -0400, Marek Polacek via Gcc-patches wrote:
> + if (UNLIKELY (flag_hardened)
> + && (opt->code == OPT_D || opt->code == OPT_U))
> + {
> + if (!fortify_seen_p)
> + fortify_seen_p = !strncmp (opt->arg, "_FORTIFY_SOURC
> Improving the security of software has been a major trend in the recent
> years. Fortunately, GCC offers a wide variety of flags that enable extra
> hardening. These flags aren't enabled by default, though. And since
> there are a lot of hardening flags, with more to come, it's been difficult
On Tue, Aug 29, 2023 at 09:11:35PM +0100, Sam James via Gcc-patches wrote:
>
> Marek Polacek via Gcc-patches writes:
>
> > Improving the security of software has been a major trend in the recent
> > years. Fortunately, GCC offers a wide variety of flags that enable extra
> > hardening. These f
Marek Polacek via Gcc-patches writes:
> Improving the security of software has been a major trend in the recent
> years. Fortunately, GCC offers a wide variety of flags that enable extra
> hardening. These flags aren't enabled by default, though. And since
> there are a lot of hardening flag
Improving the security of software has been a major trend in the recent
years. Fortunately, GCC offers a wide variety of flags that enable extra
hardening. These flags aren't enabled by default, though. And since
there are a lot of hardening flags, with more to come, it's been difficult
to keep
25 matches
Mail list logo
