Here's the rationale for _ALL from lkml. If _ALL is needed to catch vmsplice-like stuff, we should use it. As for performance, it seems that only limited situations on already slow x86 hardware would even notice the effect on the icache. We should obviously make sure it actually works, of course. :)
--- * Kees Cook <[email protected]> wrote: > What is the rationale for why CC_STACKPROTECTOR_ALL is forced when > using CC_STACKPROTECTOR? I would have expected _ALL to be a > separate option (as it was in earlier versions), but it seems it > is forced on by commit 113c5413cf9051cc50b88befdc42e3402bb92115. it used to be a separate option. I merged them into one, because we had too many options really, and because the vmsplice exploit would only have been caught by the _ALL variant. So the 'light' variant never really worked well IMO. Ingo -- enable kernel stack protection https://bugs.launchpad.net/bugs/369152 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
