This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [PATCH] Add a new option "-fstack-protector-strong"
- From: Gerald Pfeifer <gerald at pfeifer dot com>
- To: Han Shen(沈涵) <shenhan at google dot com>
- Cc: GCC Patches <gcc-patches at gcc dot gnu dot org>, Kees Cook <keescook at google dot com>, Bhaskar <bjanakiraman at google dot com>
- Date: Sun, 18 Aug 2013 21:30:21 +0200 (CEST)
- Subject: Re: [PATCH] Add a new option "-fstack-protector-strong"
- References: <CACkGtrhn_oyWWAN4xMSgZY4_NOtQ6W0Loxe0W6fxbQucUU7p+A at mail dot gmail dot com>
Hi H.,
On Mon, 15 Apr 2013, Han Shen(沈涵) wrote:
> Hi, I'm to bring up this patch about '-fstack-protector-strong' for trunk.
>
> Background - some times stack-protector is too-simple while
> stack-protector-all over-kills, for example, to build one of our core
> systems, we forcibly add "-fstack-protector-all" to all compile
> commands, which brings big performance penalty (due to extra stack
> guard/check insns on function prologue and epilogue) on both atom and
> arm. To use "-fstack-protector" is just regarded as not secure enough
> (only "protects" <2% functions) by the system secure team. So I'd like
> to add the option "-fstack-protector-strong", that hits the balance
> between "-fstack-protector" and "-fstack-protector-all".
the patch has been committed, but I see that the release notes
at http://gcc.gnu.org/gcc-4.9/changes.html do not mentioned this.
Can you please add a note? (http://gcc.gnu.org/about.html has
some background on our web site setup, and I am working to
consolidate all our documentation in this area -- plus I am
happy to lend a helping hand.)
Gerald