From: mingo@kernel.org (Ingo Molnar)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v2] use -fstack-protector-strong
Date: Tue, 17 Dec 2013 12:29:31 +0100 [thread overview]
Message-ID: <20131217112931.GC27791@gmail.com> (raw)
In-Reply-To: <CAGXu5j+0gjN118RijCinw31g51BZez_oGKFYJwq2T3=yojG_ww@mail.gmail.com>
* Kees Cook <keescook@chromium.org> wrote:
> On Wed, Nov 27, 2013 at 10:11 AM, Kees Cook <keescook@chromium.org> wrote:
> > On Wed, Nov 27, 2013 at 9:55 AM, H. Peter Anvin <hpa@zytor.com> wrote:
> >> On 11/27/2013 09:54 AM, Ingo Molnar wrote:
> >>>>
> >>>> Looks to be 2% for defconfig. That's way better. Shall I send a v3?
> >>>
> >>> Well, it's better than 9%, but still almost an order of magnitude
> >>> higher than the cost is today, and a lot of distros have
> >>> CONFIG_CC_STACKPROTECTOR=y.
> >>>
> >>> So it would be nice to measure how much the instruction count goes up
> >>> in some realistic system-bound test. How much does something like
> >>> kernel/built-in.o increase, as per 'size' output?
> >
> > text data bss dec hex filename
> > 929611 90851 594496 1614958 18a46e built-in.o-gcc-4.9
> > 954648 90851 594496 1639995 19063b built-in.o-gcc-4.9+strong
> >
> > Looks like 3% for defconfg + CONFIG_CC_STACKPROTECTOR
> >
> >>
> >> Do we need CONFIG_CC_STACKPROTECTOR_STRONG?
> >
> > I'm hoping to avoid this since nearly anyone using
> > CC_STACKPROTECTOR would want strong added, but as a fallback, I'm
> > happy to implement it as a separate config item.
>
> Any verdict on this? Should I go with adding ..._STRONG like we used
> to have for ..._ALL, or is defaulting to -strong best?
I'm not opposed to the feature itself, just to the specific structure
you presented - as outlined in my review feedback.
The cost of the feature itself appears to be significant (this cost
should be outlined in the help text btw), while I think the cost of
adding this as a new _STRONG option is minimal.
So I'd go forward with addressing two issues:
1)
I'd add the new STACKPROTECTOR_STRONG option and maybe rename the old
one to STACKPROTECTOR_WEAK.
If in a year or two most distros have switched over to the _STRONG
variant, despite its costs, then we can drop the weak variant.
2)
It would also be nice to see a head to head comparison of the 3
variants:
!STACKPROTECTOR
STACKPROTECTOR_LIGHT
STACKPROTECTOR_STRONG
of defconfig vmlinux size and estimated number of checks inserted in
each case - so people/distros can make an informed decision about the
relative quality differences between these variants and whether they
want to carry the costs of that.
Thanks,
Ingo
prev parent reply other threads:[~2013-12-17 11:29 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-26 20:37 [PATCH v2] use -fstack-protector-strong Kees Cook
2013-11-27 11:27 ` Ingo Molnar
2013-11-27 17:21 ` Kees Cook
2013-11-27 17:54 ` Ingo Molnar
2013-11-27 17:55 ` H. Peter Anvin
2013-11-27 18:11 ` Kees Cook
2013-12-17 0:57 ` Kees Cook
2013-12-17 11:29 ` Ingo Molnar [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131217112931.GC27791@gmail.com \
--to=mingo@kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).