My understanding is this feature/flag is not intended to be "default on".
It is intended to be used in security sensitive environments such
as the Linux kernel where it was requested by kernel security experts.
I'm not understanding the objection here if the feature is requested
by security teams and the average cost is modest.
My background is in performance and application optimization. I agree
that for typical computation oriented, non-secure applications, I would
not use the feature, but for system applications that have the ability
to cross protection boundaries, it seems to be clearly a worthwhile
feature.
- patrick
On 9/7/2020 9:44 AM, Segher Boessenkool wrote:
On Fri, Sep 04, 2020 at 01:23:14AM +0000, Rodriguez Bahena, Victor wrote:
Qing, thanks a lot for the measurement, I am not sure if this is the limit of
overhead the community is willing to accept by adding extra security (me as gcc
user will be willing to accept).
The overhead is of course bearable for most programs / users, but what
is the return? For what percentage of programs are ROP attacks no
longer possible, for example.
Segher
