Le mardi 03 juillet 2012 à 09:38 +0200, Jean Delvare a écrit :
Le lundi 02 juillet 2012 à 00:37 +0200, Marcus Meissner a écrit :
On Sat, Jun 30, 2012 at 07:05:20PM +0200, richard -rw- weinberger wrote:
Hi!
I'm wondering why CONFIG_CC_STACKPROTECTOR is disabled on openSUSE. Debian and Fedora seem to enabled it per default.
What's the deal?
We had it enabled once, but in the CONFIG_CC_STACKPROTECTOR_ALL mode, which caused speed regressions.
Solution apparently was to disable it completely.
Meanwhile, upstream killed CONFIG_CC_STACKPROTECTOR_ALL. It happened in kernel 2.6.32 with comment:
x86: Remove STACKPROTECTOR_ALL
STACKPROTECTOR_ALL has a really high overhead (runtime and stack footprint) and is not really worth it protection wise (the normal STACKPROTECTOR is in effect for all functions with buffers already), so lets just remove the option entirely.
I think we can enable the non-all version without speed-loss.
I am worried that the option is still marked as experimental, but maybe it was just overlooked. I'll bring the topic up for upstream discussion.
Result from upstream discussion is that CC_STACKPROTECTOR is no longer
considered an experimental feature on x86.
That being said, we already have CONFIG_CC_STACKPROTECTOR=y in debug
kernels. This led me to investigating the reasons and I found this
commit:
commit b4df61d63c69c3d83b5dbf8a9929d9a5022a4027
Author: Nick Piggin