-----BEGIN PGP SIGNED MESSAGE-----
On 7/9/12 10:37 AM, Jean Delvare wrote:
Le mardi 03 juillet 2012 à 09:38 +0200, Jean Delvare a
Le lundi 02 juillet 2012 à 00:37 +0200, Marcus
Meissner a écrit
On Sat, Jun 30, 2012 at 07:05:20PM +0200, richard
I'm wondering why CONFIG_CC_STACKPROTECTOR is disabled on
openSUSE. Debian and Fedora seem to enabled it per default.
What's the deal?
We had it enabled once, but in the CONFIG_CC_STACKPROTECTOR_ALL
mode, which caused speed regressions.
Solution apparently was to disable it completely.
Meanwhile, upstream killed CONFIG_CC_STACKPROTECTOR_ALL. It
happened in kernel 2.6.32 with comment:
x86: Remove STACKPROTECTOR_ALL
STACKPROTECTOR_ALL has a really high overhead (runtime and stack
footprint) and is not really worth it protection wise (the normal
STACKPROTECTOR is in effect for all functions with buffers
already), so lets just remove the option entirely.
I think we can enable the non-all version without
I am worried that the option is still marked as experimental, but
maybe it was just overlooked. I'll bring the topic up for
Result from upstream discussion is that CC_STACKPROTECTOR is no
longer considered an experimental feature on x86.
That being said, we already have CONFIG_CC_STACKPROTECTOR=y in
debug kernels. This led me to investigating the reasons and I found
commit b4df61d63c69c3d83b5dbf8a9929d9a5022a4027 Author: Nick Piggin
<npiggin(a)suse.de> Date: Tue Nov 10 16:24:00 2009 +1100
- Update config files. Disable CONFIG_CC_STACKPROTECTOR on all x86
kernels except debug. Overhead is prohibitive.
So it was done on purpose. And the interesting detail is that
CONFIG_CC_STACKPROTECTOR_ALL had already been dropped at that time.
That was recent though (3 weeks), so it's not clear to me if Nick
had tested with or without CONFIG_CC_STACKPROTECTOR_ALL.
OTOH Arjan van de Ven just confirmed on LKML that
CONFIG_CC_STACKPROTECTOR had been enabled on distribution kernels
for years, so I presume the performance issues are history now, and
we can do the same in all our kernels.
So, unless someone objects by then, I'll set
CONFIG_CC_STACKPROTECTOR=y in i386 and x86_64 kernels tomorrow.
Thanks for looking into this, Jean. Since we don't have a bnc in the
commit log to see what the performance degradation looked like
originally, I'd like to see some analysis now to actually confirm
whether it makes a difference anymore.
openSUSE 12.2 was supposed to be released in two days time but was
delayed due to too much churn (among other things). If there is a
performance difference, I'd prefer to know about it before we do the
change rather than depend on post-release bug reports and the
accompanying hand-wringing over whether to revert it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
To unsubscribe, e-mail: opensuse-kernel+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-kernel+owner(a)opensuse.org