On 10/7/2021 10:50 PM, Siddhesh Poyarekar wrote:
On 10/8/21 03:44, Siddhesh Poyarekar wrote:
(from about 4% to 70% in bash), but that could well be due to the _chk
I should also clarify that this is for memcpy. For all fortifiable
functions, the coverage percentage went from 30.81% to 84.5% for bash.
Below is the full table. Please note that this is only based on
symbols emitted in the end as I didn't want to rebuild the
_FORTIFIED_SOURCE=2 binaries, so it does not take into account the
fact that _chk could get folded to regular calls if we know at compile
time that it's safe to do so.
No more posting patches at 4am; it only leads to more clarification
follow-ups :/
FWIW, that 30% number is roughly in-line with the data we saw from a Red
Hat partner a year or so ago. Bringing that up to 80%+ would be a
notable win, even if folks have to explicitly opt-in, as I expect some
projects would without hesitation.
I'd really like it if Jakub could take the lead on this. While I'm a
big proponent of the workn Jakub knows the relevant code far better than
I and it'll affect the Red Hat team far more than I'll affect me these
days :-)
Jeff
