Le mardi 03 juillet 2012 à 09:38 +0200, Jean Delvare a écrit :
Le lundi 02 juillet 2012 à 00:37 +0200, Marcus Meissner a écrit :
On Sat, Jun 30, 2012 at 07:05:20PM +0200, richard -rw- weinberger wrote:
Hi!
I'm wondering why CONFIG_CC_STACKPROTECTOR is disabled on openSUSE. Debian and Fedora seem to enabled it per default.
What's the deal?
We had it enabled once, but in the CONFIG_CC_STACKPROTECTOR_ALL mode, which caused speed regressions.
Solution apparently was to disable it completely.
Meanwhile, upstream killed CONFIG_CC_STACKPROTECTOR_ALL. It happened in kernel 2.6.32 with comment:
x86: Remove STACKPROTECTOR_ALL
STACKPROTECTOR_ALL has a really high overhead (runtime and stack footprint) and is not really worth it protection wise (the normal STACKPROTECTOR is in effect for all functions with buffers already), so lets just remove the option entirely.
I think we can enable the non-all version without speed-loss.
I am worried that the option is still marked as experimental, but maybe it was just overlooked. I'll bring the topic up for upstream discussion.
Result from upstream discussion is that CC_STACKPROTECTOR is no longer considered an experimental feature on x86. That being said, we already have CONFIG_CC_STACKPROTECTOR=y in debug kernels. This led me to investigating the reasons and I found this commit: commit b4df61d63c69c3d83b5dbf8a9929d9a5022a4027 Author: Nick Piggin <npiggin@suse.de> Date: Tue Nov 10 16:24:00 2009 +1100 - Update config files. Disable CONFIG_CC_STACKPROTECTOR on all x86 kernels except debug. Overhead is prohibitive. So it was done on purpose. And the interesting detail is that CONFIG_CC_STACKPROTECTOR_ALL had already been dropped at that time. That was recent though (3 weeks), so it's not clear to me if Nick had tested with or without CONFIG_CC_STACKPROTECTOR_ALL. OTOH Arjan van de Ven just confirmed on LKML that CONFIG_CC_STACKPROTECTOR had been enabled on distribution kernels for years, so I presume the performance issues are history now, and we can do the same in all our kernels. So, unless someone objects by then, I'll set CONFIG_CC_STACKPROTECTOR=y in i386 and x86_64 kernels tomorrow. -- Jean Delvare Suse L3 -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org