DescriptionThis is to port the patch from google/main to trunk, which provides a new stack protection option - "fstack-protector-strong".
Previous review for google trunk is here - http://codereview.appspot.com/5461043
Status - it has been used in google/main for 2 quarters, building the whole chromiumos with no securiy degradation.
Benefit - gain big performance while sacrificing little security (for scenarios using -fstack-protector-all)
Background - some times stack-protector is too-simple while stack-protector-all over-kills, for example, to build one of our core systems, we forcibly add "-fstack-protector-all" to all compile commands, which brings big performance penalty (due to extra stack guard/check insns on function prologue and epilogue) on both atom and arm. To use "-fstack-protector" is just regarded as not secure enough (only "protects" <2% functions) by the system secure team. So I'd like to add the option "-fstack-protector-strong", that hits the balance between "-fstack-protector" and "-fstack-protector-all".
Detail - https://docs.google.com/a/google.com/document/d/1xXBH6rRZue4f296vGt9YQcuLVQHeE516stHwt8M9xyU/edit?hl=en_US
Tested - building chromiumos from scratch.
Patch Set 1 #Patch Set 2 : Merged with up-to-date trunk #Patch Set 3 : Merged with up-to-date trunk #Patch Set 4 : Fixed minor issues #
MessagesTotal messages: 1
|