Reviewers: ,
Message:
Hi, this is to port the patch from google/main to trunk, which provides
a new stack protection option - "fstack-protector-strong".
Previous review for google trunk is here -
http://codereview.appspot.com/5461043
Status - it has been used in google/main for 2 quarters, building the
whole chromiumos with no securiy degradation.
Benefit - gain big performance while sacrificing little security (for
scenarios using -fstack-protector-all)
Background - some times stack-protector is too-simple while
stack-protector-all over-kills, for example, to build one of our core
systems, we forcibly add "-fstack-protector-all" to all compile
commands, which brings big performance penalty (due to extra stack
guard/check insns on function prologue and epilogue) on both atom and
arm. To use "-fstack-protector" is just regarded as not secure enough
(only "protects" <2% functions) by the system secure team. So I'd like
to add the option "-fstack-protector-strong", that hits the balance
between "-fstack-protector" and "-fstack-protector-all".
Detail -
https://docs.google.com/a/google.com/document/d/1xXBH6rRZue4f296vGt9YQcuLVQHeE516stHwt8M9xyU/edit?hl=en_US
Tested - dejagnu, building chromiumos from scratch.
Ok for trunk?
Thank,
-Han
Description:
This is to port the patch from google/main to trunk, which provides a
new stack protection option - "fstack-protector-strong".
Previous review for google trunk is here -
http://codereview.appspot.com/5461043
Status - it has been used in google/main for 2 quarters, building the
whole chromiumos with no securiy degradation.
Benefit - gain big performance while sacrificing little security (for
scenarios using -fstack-protector-all)
Background - some times stack-protector is too-simple while
stack-protector-all over-kills, for example, to build one of our core
systems, we forcibly add "-fstack-protector-all" to all compile
commands, which brings big performance penalty (due to extra stack
guard/check insns on function prologue and epilogue) on both atom and
arm. To use "-fstack-protector" is just regarded as not secure enough
(only "protects" <2% functions) by the system secure team. So I'd like
to add the option "-fstack-protector-strong", that hits the balance
between "-fstack-protector" and "-fstack-protector-all".
Detail -
https://docs.google.com/a/google.com/document/d/1xXBH6rRZue4f296vGt9YQcuLVQHeE516stHwt8M9xyU/edit?hl=en_US
Tested - building chromiumos from scratch.
Please review this at http://codereview.appspot.com/6303078/
Affected files:
M gcc/cfgexpand.c
M gcc/common.opt
gcc/doc/invoke.texi
A gcc/testsuite/g++.dg/fstack-protector-strong.C
A gcc/testsuite/gcc.dg/fstack-protector-strong.c