From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <nbr@altlinux.org>
Date: Wed, 25 Aug 2021 10:03:39 +0300
From: Denis Medvedev <nbr@altlinux.org>
To: devel@lists.altlinux.org
Message-ID: <20210825100339.41800b67@homerun.localdomain>
In-Reply-To: <20210825095329.334e1e5a1c578563a9435c6b@altlinux.org>
References: <20210824182050.GA5179@altlinux.org>
 <20210825052750.pcv2xtridwc3wgqq@titan.localdomain>
 <20210825084640.2412f2e2@homerun.localdomain>
 <20210825095329.334e1e5a1c578563a9435c6b@altlinux.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [devel] I: LTO in %optflags by default
X-BeenThere: devel@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ALT Linux Team development discussions <devel@lists.altlinux.org>
List-Id: ALT Linux Team development discussions <devel.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/devel>,
 <mailto:devel-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/devel>
List-Post: <mailto:devel@lists.altlinux.org>
List-Help: <mailto:devel-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/devel>,
 <mailto:devel-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Aug 2021 07:03:40 -0000
Archived-At: <http://lore.altlinux.org/devel/20210825100339.41800b67@homerun.localdomain/>
List-Archive: <http://lore.altlinux.org/devel/>
List-Post: <mailto:devel@altlinux.org>

=D0=92 Wed, 25 Aug 2021 09:53:29 +0300
Andrey Savchenko <bircoph@altlinux.org> =D0=BF=D0=B8=D1=88=D0=B5=D1=82:

> On Wed, 25 Aug 2021 08:46:40 +0300 Denis Medvedev wrote:
> > =D0=92 Wed, 25 Aug 2021 09:27:50 +0400
> > "Ivan A. Melnikov" <iv@altlinux.org> =D0=BF=D0=B8=D1=88=D0=B5=D1=82:
> >  =20
> > > On Tue, Aug 24, 2021 at 09:20:50PM +0300, Dmitry V. Levin wrote: =20
> > > > Hi,
> > > >=20
> > > > =D0=9F=D1=80=D0=B8=D1=88=D0=BB=D0=BE =D0=B2=D1=80=D0=B5=D0=BC=D1=8F=
 =D0=B2=D0=BA=D0=BB=D1=8E=D1=87=D0=B8=D1=82=D1=8C =D0=B2 =D0=A1=D0=B8=D0=B7=
=D0=B8=D1=84=D0=B5 LTO (link-time optimization).
> > > > =D0=9A =D1=81=D0=BE=D0=B6=D0=B0=D0=BB=D0=B5=D0=BD=D0=B8=D1=8E, =D0=
=B5=D1=89=D1=91 =D0=BD=D0=B5 =D0=B2=D1=81=D0=B5 =D0=BF=D0=B0=D0=BA=D0=B5=D1=
=82=D1=8B =D1=81=D0=BE=D0=B1=D0=B8=D1=80=D0=B0=D1=8E=D1=82=D1=81=D1=8F =D1=
=81 =D1=8D=D1=82=D0=BE=D0=B9 =D0=BE=D0=BF=D1=82=D0=B8=D0=BC=D0=B8=D0=B7=D0=
=B0=D1=86=D0=B8=D0=B5=D0=B9,
> > > > =D0=BD=D0=B5=D0=BA=D0=BE=D1=82=D0=BE=D1=80=D1=8B=D0=B5 =D0=BF=D1=80=
=D0=B5=D0=B4=D1=81=D1=82=D0=BE=D0=B8=D1=82 =D0=B8=D1=81=D0=BF=D1=80=D0=B0=
=D0=B2=D0=B8=D1=82=D1=8C.   =20
> > >=20
> > > =D0=A1=D0=BA=D0=B0=D0=B6=D0=B8=D1=82=D0=B5, =D0=B0 =D0=BA=D0=B0=D0=BA=
 =D1=8D=D1=82=D0=BE =D0=B2=D0=BB=D0=B8=D1=8F=D0=B5=D1=82 =D0=BD=D0=B0 =D0=
=B2=D1=80=D0=B5=D0=BC=D1=8F =D1=81=D0=B1=D0=BE=D1=80=D0=BA=D0=B8 =D0=BF=D0=
=B0=D0=BA=D0=B5=D1=82=D0=BE=D0=B2?
> > >=20
> > > =D0=AD=D1=82=D0=BE =D1=82=D0=B5=D1=81=D1=82=D0=B8=D1=80=D0=BE=D0=B2=
=D0=B0=D0=BB=D0=BE=D1=81=D1=8C =D1=82=D0=BE=D0=BB=D1=8C=D0=BA=D0=BE =D0=BD=
=D0=B0 =D0=BE=D1=81=D0=BD=D0=BE=D0=B2=D0=BD=D1=8B=D1=85 =D0=B0=D1=80=D1=85=
=D0=B8=D1=82=D0=B5=D0=BA=D1=82=D1=83=D1=80=D0=B0=D1=85? =D0=9D=D0=B0 =D0=B2=
=D1=81=D0=B5=D1=85?
> > >  =20
> >=20
> > =D0=AF, =D0=BA=D0=BE=D0=BD=D0=B5=D1=87=D0=BD=D0=BE, =D0=BF=D0=BE=D0=BD=
=D0=B8=D0=BC=D0=B0=D1=8E, =D1=87=D1=82=D0=BE =D0=B7=D0=B0=D0=BF=D0=BE=D0=B7=
=D0=B4=D0=B0=D0=BB =D1=81 =D1=8D=D1=82=D0=B8=D0=BC,
> > =D0=BD=D0=BE =D0=BC=D0=BE=D0=B6=D0=BD=D0=BE =D0=BB=D0=B8 =D0=B2=D0=BA=
=D0=BB=D1=8E=D1=87=D0=B8=D1=82=D1=8C
> > =D0=BF=D0=BE =D1=83=D0=BC=D0=BE=D0=BB=D1=87=D0=B0=D0=BD=D0=B8=D0=B8=D1=
=8E =D0=B7=D0=B0=D0=BE=D0=B4=D0=BD=D0=BE =D0=B2=D0=BE=D1=82 =D1=8D=D1=82=D0=
=BE:
> >=20
> >=20
> > -mmitigate-rop
> > Attempt to compile code without unintended return addresses, making
> > ROP just a little harder.
> >=20
> > -mindirect-branch=3Dthunk -mfunction-return=3Dthunk
> > Enables retpoline (return trampolines) to mitigate some variants of
> > Spectre V2. The second flag is necessary on Skylake+ due to the
> > fact that the branch target buffer is vulnerable. =20
>=20
> =D0=9D=D0=BE =D1=8D=D1=82=D0=B8 =D0=BE=D0=BF=D1=86=D0=B8=D0=B8, =D0=B2=D0=
=B5=D0=B4=D1=8C, =D0=BD=D0=B5 =D0=BD=D0=B0 =D0=B2=D1=81=D0=B5=D1=85 =D0=B0=
=D1=80=D1=85=D0=B8=D1=82=D0=B5=D0=BA=D1=82=D1=83=D1=80=D0=B0=D1=85 =D0=BD=
=D1=83=D0=B6=D0=BD=D1=8B, =D0=B4=D0=B0=D0=B6=D0=B5 =D0=B2 =D0=BE=D1=81=D0=
=BD=D0=BE=D0=B2=D0=BD=D0=BE=D0=B9
> =D1=81=D0=B1=D0=BE=D1=80=D0=BE=D1=87=D0=BD=D0=B8=D1=86=D0=B5. =D0=9F=D0=
=BE=D1=8D=D1=82=D0=BE=D0=BC=D1=83 =D0=B5=D1=81=D0=BB=D0=B8 =D0=B8 =D0=B2=D0=
=BA=D0=BB=D1=8E=D1=87=D0=B0=D1=82=D1=8C, =D1=82=D0=BE =D0=B2=D1=8B=D0=B1=D0=
=BE=D1=80=D0=BE=D1=87=D0=BD=D0=BE =D0=B2 =D0=B7=D0=B0=D0=B2=D0=B8=D1=81=D0=
=B8=D0=BC=D0=BE=D1=81=D1=82=D0=B8 =D0=BE=D1=82
> =D0=B0=D1=80=D1=85=D0=B8=D1=82=D0=B5=D0=BA=D1=82=D1=83=D1=80=D1=8B.
> =20
> > -fstack-protector-all -Wstack-protector --param ssp-buffer-size=3D4
> > choice of "-fstack-protector" does not protect all functions . You
> > need -fstack-protector-all to guarantee guards are applied to all
> > functions, although this will likely incur a performance penalty.
> > Consider -fstack-protector-strong as a middle ground. The
> > -Wstack-protector flag here gives warnings for any functions that
> > aren't going to get protected.
> >=20
> > -fstack-clash-protection
> > Defeats a class of attacks called stack clashing. =20
>=20
> =D0=AD=D1=82=D0=B0 =D0=BC=D0=BE=D0=B6=D0=B5=D1=82 =D0=BF=D0=BE=D0=BB=D0=
=BE=D0=BC=D0=B0=D1=82=D1=8C =D0=BC=D0=BD=D0=BE=D0=B3=D0=BE =D0=BF=D1=80=D0=
=B8=D0=BB=D0=BE=D0=B6=D0=B5=D0=BD=D0=B8=D0=B9 =D0=B8 =D0=BC=D0=BE=D0=B6=D0=
=B5=D1=82 =D0=B1=D1=8B=D1=82=D1=8C =D0=B7=D0=BD=D0=B0=D1=87=D0=B8=D0=BC=D1=
=8B=D0=B9 =D1=83=D0=B4=D0=B0=D1=80 =D0=BF=D0=BE
> =D0=BF=D1=80=D0=BE=D0=B8=D0=B7=D0=B2=D0=BE=D0=B4=D0=B8=D1=82=D0=B5=D0=BB=
=D1=8C=D0=BD=D0=BE=D1=81=D1=82=D0=B8.
> =20
> > =C2=AD-Wl,-z,relro,-z,now
> > RELRO (read-only relocation). The options relro & now specified
> > together are known as "Full RELRO". You can specify "Partial RELRO"
> > by omitting the now flag. RELRO marks various ELF memory sections
> > read=C2=ADonly (E.g. the GOT). =20
>=20
> =D0=A1 =D1=82=D0=BE=D1=87=D0=BA=D0=B8 =D0=B7=D1=80=D0=B5=D0=BD=D0=B8=D1=
=8F =D0=B1=D0=B5=D0=B7=D0=BE=D0=BF=D0=B0=D1=81=D0=BD=D0=BE=D1=81=D1=82=D0=
=B8 =D1=8D=D1=82=D0=BE =D1=85=D0=BE=D1=80=D0=BE=D1=88=D0=BE, =D0=B0 =D0=B2=
=D0=BE=D1=82 =D1=82=D0=BE=D1=80=D0=BC=D0=BE=D0=B7=D0=B0 =D0=B4=D0=B0=D1=91=
=D1=82 =D0=B4=D0=B8=D0=BA=D0=B8=D0=B5,
> =D0=BE=D1=81=D0=BE=D0=B1=D0=B5=D0=BD=D0=BD=D0=BE =D0=BD=D0=B0 =D1=82=D1=
=8F=D0=B6=D1=91=D0=BB=D1=8B=D1=85 =D0=BF=D1=80=D0=B8=D0=BB=D0=BE=D0=B6=D0=
=B5=D0=BD=D0=B8=D1=8F=D1=85 =D1=82=D0=B8=D0=BF=D0=B0 LO. =D0=92=D0=BE=D0=B7=
=D0=BC=D0=BE=D0=B6=D0=BD=D0=BE, =D0=B2 =D1=8D=D1=82=D0=BE=D0=BC =D0=B5=D1=
=81=D1=82=D1=8C =D1=81=D0=BC=D1=8B=D1=81=D0=BB
> =D0=B2 =D1=81=D0=BF=D0=B5=D1=86=D0=B8=D0=B0=D0=BB=D1=8C=D0=BD=D1=8B=D1=85=
 =D0=B2=D0=B5=D1=82=D0=BA=D0=B0=D1=85, =D0=BD=D0=BE =D0=B2 =D0=A1=D0=B8=D0=
=B7=D0=B8=D1=84 =D1=82=D0=B0=D0=BA=D0=BE=D0=B5 =D0=BD=D0=B5 =D0=BD=D1=83=D0=
=B6=D0=BD=D0=BE =D1=82=D1=8F=D0=BD=D1=83=D1=82=D1=8C.
=D0=92 =D1=82=D0=B0=D0=BA=D0=BE=D0=BC =D1=81=D0=BB=D1=83=D1=87=D0=B0=D0=B5 =
=D0=BA=D0=B0=D0=BA =D0=BC=D0=BD=D0=B5 =D0=BF=D1=80=D0=B0=D0=B2=D0=B8=D0=BB=
=D1=8C=D0=BD=D0=BE =D1=81=D0=B4=D0=B5=D0=BB=D0=B0=D1=82=D1=8C =D0=B4=D0=B5=
=D1=84=D0=BE=D0=BB=D1=82=D1=8B =D0=B4=D0=BB=D1=8F =D0=BE=D1=81=D0=BE=D0=B1=
=D1=8B=D1=85 =D0=B2=D0=B5=D1=82=D0=BE=D0=BA?
=D0=A1=D0=B4=D0=B5=D0=BB=D0=B0=D1=82=D1=8C =D1=81=D0=B2=D0=BE=D1=8E =D0=B2=
=D0=B5=D1=80=D1=81=D0=B8=D1=8E =D0=BA=D0=B0=D0=BA=D0=BE=D0=B3=D0=BE =D0=BF=
=D0=B0=D0=BA=D0=B5=D1=82=D0=B0?
>=20
> Best regards,
> Andrew Savchenko