The following commit has been merged in the linux branch: commit 14a3f40aafacde1dfd6912327ae14df4baf10304 Author: Arjan van de Ven arjan@infradead.org Date: Fri Oct 23 07:31:01 2009 -0700

x86: Remove STACKPROTECTOR_ALL

STACKPROTECTOR_ALL has a really high overhead (runtime and stack footprint) and is not really worth it protection wise (the normal STACKPROTECTOR is in effect for all functions with buffers already), so lets just remove the option entirely.

Reported-by: Dave Jones davej@redhat.com Reported-by: Chuck Ebbert cebbert@redhat.com Signed-off-by: Arjan van de Ven arjan@linux.intel.com Cc: Eric Sandeen sandeen@redhat.com LKML-Reference: 20091023073101.3dce4ebb@infradead.org Signed-off-by: Ingo Molnar mingo@elte.hu

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 07e0114..72ace95 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1443,12 +1443,8 @@ config SECCOMP

If unsure, say Y. Only embedded should say N here.

-config CC_STACKPROTECTOR_ALL - bool - config CC_STACKPROTECTOR bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)" - select CC_STACKPROTECTOR_ALL ---help--- This option turns on the -fstack-protector GCC feature. This feature puts, at the beginning of functions, a canary value on diff --git a/arch/x86/Makefile b/arch/x86/Makefile index a012ee8..d2d24c9 100644 --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -76,7 +76,6 @@ ifdef CONFIG_CC_STACKPROTECTOR cc_has_sp := $(srctree)/scripts/gcc-x86_$(BITS)-has-stack-protector.sh ifeq ($(shell $(CONFIG_SHELL) $(cc_has_sp) $(CC) $(biarch)),y) stackp-y := -fstack-protector - stackp-$(CONFIG_CC_STACKPROTECTOR_ALL) += -fstack-protector-all KBUILD_CFLAGS += $(stackp-y) else $(warning stack protector enabled but no compiler support)