more -fstack-protector!

Andrew Bartlett abartlet at samba.org
Wed Mar 6 19:09:58 MST 2013


On Wed, 2013-03-06 at 19:08 -0500, Ira Cooper wrote:
> On Wed, Mar 6, 2013 at 6:16 PM, Andrew Bartlett <abartlet at samba.org> wrote:
> 
> > On Wed, 2013-03-06 at 09:22 -0500, Ira Cooper wrote:
> > > This patch adds the ability to:
> > >
> > > --disable-stack-protector (For those who don't want it.)
> > > --enable-stack-protector-all (For debugging or the paranoid.)
> > >
> > > Both builds have been tested locally on illumos.  (As far as that they
> > > build.)
> > >
> > > In the future, please don't default flags like this, without a toggle to
> > > turn them off.
> >
> > On a more meta level:
> >
> > In Samba, with very, very few fixed-length strings on the stack (die,
> > pstring, die), where does -fstack-protector help?  Can we get some
> > diagnostics as to where this is being applied, such that the cost 1%
> > cost is showing up?
> >
> >
> Sorry,
> 
> I've got other things to work on.  The only reason I actually jumped in at
> all was it broke my build, and then I realized I only 1/2 fixed what was
> wrong, so I mopped up my work.
> 
> Others appear to have a better grasp on what is going on.  I just want a
> way to turn it off.

You suggested this option has a speed cost.  I'm at the very least
asking that you detail that.

I don't like having any more configure options that we absolutely have
to have, because each of them has to be tested somehow.  Where at all
possible we should just do the right thing, whatever that is. 

As such, I would like detail from you and from those who added this in
the first place as to what the costs and specific benefits are.

In particular, what array declarations 'buffers larger than 8 bytes'
does the compiler see in our hot path?

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org




More information about the samba-technical mailing list