ALT Linux Team development discussions
 help / color / mirror / Atom feed
From: Denis Medvedev <nbr@altlinux.org>
To: devel@lists.altlinux.org
Subject: Re: [devel] I: LTO in %optflags by default
Date: Wed, 25 Aug 2021 08:46:40 +0300
Message-ID: <20210825084640.2412f2e2@homerun.localdomain> (raw)
In-Reply-To: <20210825052750.pcv2xtridwc3wgqq@titan.localdomain>

В Wed, 25 Aug 2021 09:27:50 +0400
"Ivan A. Melnikov" <iv@altlinux.org> пишет:

> On Tue, Aug 24, 2021 at 09:20:50PM +0300, Dmitry V. Levin wrote:
> > Hi,
> > 
> > Пришло время включить в Сизифе LTO (link-time optimization).
> > К сожалению, ещё не все пакеты собираются с этой оптимизацией,
> > некоторые предстоит исправить.  
> 
> Скажите, а как это влияет на время сборки пакетов?
> 
> Это тестировалось только на основных архитектурах? На всех?
> 

Я, конечно, понимаю, что запоздал с этим,
но можно ли включить
по умолчаниию заодно вот это:


-mmitigate-rop
Attempt to compile code without unintended return addresses, making ROP just a little harder.

-mindirect-branch=thunk -mfunction-return=thunk
Enables retpoline (return trampolines) to mitigate some variants of Spectre V2. The second flag is necessary on Skylake+ due to the fact that the branch target buffer is vulnerable.

-fstack-protector-all -Wstack-protector --param ssp-buffer-size=4
choice of "-fstack-protector" does not protect all functions . You need -fstack-protector-all to guarantee guards are applied to all functions, although this will likely incur a performance penalty. Consider -fstack-protector-strong as a middle ground.
The -Wstack-protector flag here gives warnings for any functions that aren't going to get protected.

-fstack-clash-protection
Defeats a class of attacks called stack clashing.

-pie -fPIE
Required to obtain the full security benefits of ASLR.

-ftrapv
Generates traps for signed overflow (currently bugged in gcc, and may interfere with UBSAN).

-­D_FORTIFY_SOURCE=2
Buffer overflow checks. See also difference between =2 and =1.

­-Wl,-z,relro,-z,now
RELRO (read-only relocation). The options relro & now specified
together are known as "Full RELRO". You can specify "Partial RELRO" by
omitting the now flag. RELRO marks various ELF memory sections
read­only (E.g. the GOT).


  reply	other threads:[~2021-08-25  5:46 UTC|newest]

Thread overview: 75+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-24 18:20 Dmitry V. Levin
2021-08-24 18:21 ` Dmitry V. Levin
2021-08-24 18:22 ` Dmitry V. Levin
2021-08-25  0:04   ` Dmitry V. Levin
2021-08-25  8:18     ` Vitaly Lipatov
2021-08-25  8:28       ` Ivan A. Melnikov
2021-08-25  8:38         ` Vitaly Lipatov
2021-08-25  9:18           ` Andrey Savchenko
2021-08-25 17:14             ` [devel] devel-static Dmitry V. Levin
2021-08-25 17:25               ` Alexey Sheplyakov
2021-08-25 19:19                 ` Andrey Savchenko
2021-08-25 19:14               ` Andrey Savchenko
2021-08-25 19:58                 ` Vitaly Lipatov
2021-08-25 20:52                   ` Andrey Savchenko
2021-08-25 21:06                     ` Vitaly Lipatov
2021-08-25 21:36                       ` Andrey Savchenko
2021-08-27 19:43   ` [devel] Статические библиотеки и thin LTO (Was: I: LTO in %optflags by default) Alexey Sheplyakov
2021-08-27 22:18     ` [devel] Статические библиотеки и thin LTO Vitaly Chikunov
2021-08-29  6:34       ` Alexey Sheplyakov
2021-08-30  9:18         ` Dmitry V. Levin
2021-08-30  9:30           ` Andrey Savchenko
2021-08-30  9:39             ` Dmitry V. Levin
2021-08-30 14:36               ` Andrey Savchenko
2021-08-30  9:50           ` Arseny Maslennikov
2021-08-24 18:23 ` [devel] I: LTO in %optflags by default Dmitry V. Levin
2021-08-24 19:19 ` Dmitry V. Levin
2021-08-25  0:33   ` Dmitry V. Levin
2021-08-26  6:00     ` [devel] I: LTO in %optflags by defaulta (top-level asm) Vitaly Chikunov
2021-08-25  5:27 ` [devel] I: LTO in %optflags by default Ivan A. Melnikov
2021-08-25  5:46   ` Denis Medvedev [this message]
2021-08-25  5:50     ` Denis Medvedev
2021-08-25  6:53     ` Andrey Savchenko
2021-08-25  7:03       ` Denis Medvedev
2021-08-25  7:32         ` Andrey Savchenko
2021-08-26 18:43         ` Michael Shigorin
2021-08-25  7:12       ` Ivan A. Melnikov
2021-08-25  8:14       ` Alexey Tourbin
2021-08-25  8:39         ` Andrey Savchenko
2021-08-25  7:12     ` Alexey Sheplyakov
2021-08-25 16:28     ` Dmitry V. Levin
2021-08-25 17:48   ` Dmitry V. Levin
2021-08-25  7:37 ` Alexey Sheplyakov
2021-08-25 18:07   ` [devel] Administrivia Dmitry V. Levin
2021-08-25 19:25     ` Alexey Sheplyakov
2021-08-25 20:03       ` Alexey V. Vissarionov
2021-08-26 19:02         ` [devel] Administrivii Michael Shigorin
2021-08-26 19:18           ` [devel] debugedit Dmitry V. Levin
2021-10-13  9:16             ` [devel] debugedit DWARF version 0 Denis Medvedev
2021-10-13  9:51               ` Dmitry V. Levin
2021-10-13  9:51                 ` Denis Medvedev
2021-08-25 19:27   ` [devel] I: LTO in %optflags by default Andrey Savchenko
2021-08-25 23:54     ` Dmitry V. Levin
2021-08-26  9:35       ` Alexey V. Vissarionov
2021-08-26 19:33       ` Andrey Savchenko
2021-08-27  0:37         ` Dmitry V. Levin
2021-08-27  8:07           ` Sergey V Turchin
2021-08-27  9:11           ` Alexey V. Vissarionov
2021-08-27 10:00           ` Alexey Sheplyakov
2021-08-27 12:54             ` Dmitry V. Levin
2021-08-25 10:45 ` Vitaly Lipatov
2021-08-25 16:20   ` Dmitry V. Levin
2021-08-25 20:23     ` Vitaly Lipatov
2021-08-25 20:30       ` Dmitry V. Levin
2021-08-25 21:24 ` Dmitry V. Levin
2021-08-25 23:07   ` Aleksey Novodvorsky
2021-08-25 23:19     ` Dmitry V. Levin
2021-08-25 23:54       ` Andrey Savchenko
2021-08-26  0:04         ` Dmitry V. Levin
2021-08-26  6:39           ` Andrey Savchenko
2021-08-26  7:25             ` Vitaly Lipatov
2021-08-27  0:20             ` Dmitry V. Levin
2021-08-26  9:40           ` Alexey V. Vissarionov
2021-08-26  4:23       ` alexei
2021-08-26  8:24         ` Dmitry V. Levin
2021-08-26  0:26 ` Dmitry V. Levin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210825084640.2412f2e2@homerun.localdomain \
    --to=nbr@altlinux.org \
    --cc=devel@lists.altlinux.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

ALT Linux Team development discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/devel/0 devel/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 devel devel/ http://lore.altlinux.org/devel \
		devel@altlinux.org devel@altlinux.ru devel@lists.altlinux.org devel@lists.altlinux.ru devel@linux.iplabs.ru mandrake-russian@linuxteam.iplabs.ru sisyphus@linuxteam.iplabs.ru
	public-inbox-index devel

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.devel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git