On Wed, Nov 27, 2013 at 10:11 AM, Kees Cook <[email protected]> wrote: > On Wed, Nov 27, 2013 at 9:55 AM, H. Peter Anvin <[email protected]> wrote: >> On 11/27/2013 09:54 AM, Ingo Molnar wrote: >>>> >>>> Looks to be 2% for defconfig. That's way better. Shall I send a v3? >>> >>> Well, it's better than 9%, but still almost an order of magnitude >>> higher than the cost is today, and a lot of distros have >>> CONFIG_CC_STACKPROTECTOR=y. >>> >>> So it would be nice to measure how much the instruction count goes up >>> in some realistic system-bound test. How much does something like >>> kernel/built-in.o increase, as per 'size' output? > > text data bss dec hex filename > 929611 90851 594496 1614958 18a46e built-in.o-gcc-4.9 > 954648 90851 594496 1639995 19063b built-in.o-gcc-4.9+strong > > Looks like 3% for defconfg + CONFIG_CC_STACKPROTECTOR > >> >> Do we need CONFIG_CC_STACKPROTECTOR_STRONG? > > I'm hoping to avoid this since nearly anyone using CC_STACKPROTECTOR > would want strong added, but as a fallback, I'm happy to implement it > as a separate config item.
Any verdict on this? Should I go with adding ..._STRONG like we used to have for ..._ALL, or is defaulting to -strong best? -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
