>From 87296b9275e3561822e1322f9d9aa6c73424e672 Mon Sep 17 00:00:00 2001
From: Arjan van de Ven <[email protected]>
Date: Fri, 23 Oct 2009 07:27:31 -0700
Subject: [PATCH] x86: remove STACKPROTECTOR_ALL
STACKPROTECTOR_ALL has a really high overhead (runtime and stack footprint)
and is not really worth it protection wise (the normal STACKPROTECTOR is
in effect for all functions with buffers already), so lets just remove
the option entirely.
Reported-by: Dave Jones <[email protected]>
Signed-off-by: Arjan van de Ven <[email protected]>
---
arch/x86/Kconfig | 4 ----
arch/x86/Makefile | 1 -
2 files changed, 0 insertions(+), 5 deletions(-)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 07e0114..72ace95 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1443,12 +1443,8 @@ config SECCOMP
If unsure, say Y. Only embedded should say N here.
-config CC_STACKPROTECTOR_ALL
- bool
-
config CC_STACKPROTECTOR
bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"
- select CC_STACKPROTECTOR_ALL
---help---
This option turns on the -fstack-protector GCC feature. This
feature puts, at the beginning of functions, a canary value on
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
index a012ee8..d2d24c9 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -76,7 +76,6 @@ ifdef CONFIG_CC_STACKPROTECTOR
cc_has_sp := $(srctree)/scripts/gcc-x86_$(BITS)-has-stack-protector.sh
ifeq ($(shell $(CONFIG_SHELL) $(cc_has_sp) $(CC) $(biarch)),y)
stackp-y := -fstack-protector
- stackp-$(CONFIG_CC_STACKPROTECTOR_ALL) += -fstack-protector-all
KBUILD_CFLAGS += $(stackp-y)
else
$(warning stack protector enabled but no compiler support)
--
1.6.2.5
--
Arjan van de Ven Intel Open Source Technology Centre
For development, discussion and tips for power savings,
visit http://www.lesswatts.org
* Arjan van de Ven <[email protected]> wrote:
>
> >From 87296b9275e3561822e1322f9d9aa6c73424e672 Mon Sep 17 00:00:00 2001
> From: Arjan van de Ven <[email protected]>
> Date: Fri, 23 Oct 2009 07:27:31 -0700
> Subject: [PATCH] x86: remove STACKPROTECTOR_ALL
>
> STACKPROTECTOR_ALL has a really high overhead (runtime and stack footprint)
> and is not really worth it protection wise (the normal STACKPROTECTOR is
> in effect for all functions with buffers already), so lets just remove
> the option entirely.
>
> Reported-by: Dave Jones <[email protected]>
> Signed-off-by: Arjan van de Ven <[email protected]>
> ---
> arch/x86/Kconfig | 4 ----
> arch/x86/Makefile | 1 -
> 2 files changed, 0 insertions(+), 5 deletions(-)
Applied, thanks Arjan!
Ingo
Commit-ID: 14a3f40aafacde1dfd6912327ae14df4baf10304
Gitweb: http://git.kernel.org/tip/14a3f40aafacde1dfd6912327ae14df4baf10304
Author: Arjan van de Ven <[email protected]>
AuthorDate: Fri, 23 Oct 2009 07:31:01 -0700
Committer: Ingo Molnar <[email protected]>
CommitDate: Fri, 23 Oct 2009 16:35:23 +0200
x86: Remove STACKPROTECTOR_ALL
STACKPROTECTOR_ALL has a really high overhead (runtime and stack
footprint) and is not really worth it protection wise (the
normal STACKPROTECTOR is in effect for all functions with
buffers already), so lets just remove the option entirely.
Reported-by: Dave Jones <[email protected]>
Reported-by: Chuck Ebbert <[email protected]>
Signed-off-by: Arjan van de Ven <[email protected]>
Cc: Eric Sandeen <[email protected]>
LKML-Reference: <[email protected]>
Signed-off-by: Ingo Molnar <[email protected]>
---
arch/x86/Kconfig | 4 ----
arch/x86/Makefile | 1 -
2 files changed, 0 insertions(+), 5 deletions(-)
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 07e0114..72ace95 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1443,12 +1443,8 @@ config SECCOMP
If unsure, say Y. Only embedded should say N here.
-config CC_STACKPROTECTOR_ALL
- bool
-
config CC_STACKPROTECTOR
bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"
- select CC_STACKPROTECTOR_ALL
---help---
This option turns on the -fstack-protector GCC feature. This
feature puts, at the beginning of functions, a canary value on
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
index a012ee8..d2d24c9 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -76,7 +76,6 @@ ifdef CONFIG_CC_STACKPROTECTOR
cc_has_sp := $(srctree)/scripts/gcc-x86_$(BITS)-has-stack-protector.sh
ifeq ($(shell $(CONFIG_SHELL) $(cc_has_sp) $(CC) $(biarch)),y)
stackp-y := -fstack-protector
- stackp-$(CONFIG_CC_STACKPROTECTOR_ALL) += -fstack-protector-all
KBUILD_CFLAGS += $(stackp-y)
else
$(warning stack protector enabled but no compiler support)