Le mardi 03 juillet 2012 à 09:38 +0200, Jean Delvare a écrit :
Le lundi 02 juillet 2012 à 00:37 +0200, Marcus
Meissner a écrit :
On Sat, Jun 30, 2012 at 07:05:20PM +0200, richard
-rw- weinberger wrote:
I'm wondering why CONFIG_CC_STACKPROTECTOR is disabled on openSUSE.
Debian and Fedora seem to enabled it per default.
What's the deal?
We had it enabled once, but in the CONFIG_CC_STACKPROTECTOR_ALL mode,
which caused speed regressions.
Solution apparently was to disable it completely.
Meanwhile, upstream killed CONFIG_CC_STACKPROTECTOR_ALL. It happened in
kernel 2.6.32 with comment:
x86: Remove STACKPROTECTOR_ALL
STACKPROTECTOR_ALL has a really high overhead (runtime and stack
footprint) and is not really worth it protection wise (the
normal STACKPROTECTOR is in effect for all functions with
buffers already), so lets just remove the option entirely.
I think we can enable the non-all version without
I am worried that the option is still marked as experimental, but maybe
it was just overlooked. I'll bring the topic up for upstream discussion.
Result from upstream discussion is that CC_STACKPROTECTOR is no longer
considered an experimental feature on x86.
That being said, we already have CONFIG_CC_STACKPROTECTOR=y in debug
kernels. This led me to investigating the reasons and I found this
Author: Nick Piggin <npiggin(a)suse.de>
Date: Tue Nov 10 16:24:00 2009 +1100
- Update config files. Disable CONFIG_CC_STACKPROTECTOR on all
x86 kernels except debug. Overhead is prohibitive.
So it was done on purpose. And the interesting detail is that
CONFIG_CC_STACKPROTECTOR_ALL had already been dropped at that time. That
was recent though (3 weeks), so it's not clear to me if Nick had tested
with or without CONFIG_CC_STACKPROTECTOR_ALL.
OTOH Arjan van de Ven just confirmed on LKML that
CONFIG_CC_STACKPROTECTOR had been enabled on distribution kernels for
years, so I presume the performance issues are history now, and we can
do the same in all our kernels.
So, unless someone objects by then, I'll set CONFIG_CC_STACKPROTECTOR=y
in i386 and x86_64 kernels tomorrow.
To unsubscribe, e-mail: opensuse-kernel+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-kernel+owner(a)opensuse.org