x86: Remove STACKPROTECTOR_ALL

STACKPROTECTOR_ALL has a really high overhead (runtime and stack footprint) and is not really worth it protection wise (the normal STACKPROTECTOR is in effect for all functions with buffers already), so lets just remove the option entirely. Reported-by: Dave Jones <davej@redhat.com> Reported-by: Chuck Ebbert <cebbert@redhat.com> Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Cc: Eric Sandeen <sandeen@redhat.com> LKML-Reference: <20091023073101.3dce4ebb@infradead.org> Signed-off-by: Ingo Molnar <mingo@elte.hu>
mariux64 · Oct 23, 2009 · 14a3f40 · 14a3f40
1 parent 02dd0a0
commit 14a3f40
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 5 deletions.
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
@@ -1443,12 +1443,8 @@ config SECCOMP
 
 	  If unsure, say Y. Only embedded should say N here.
 
-config CC_STACKPROTECTOR_ALL
-	bool
-
 config CC_STACKPROTECTOR
 	bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"
-	select CC_STACKPROTECTOR_ALL
 	---help---
 	  This option turns on the -fstack-protector GCC feature. This
 	  feature puts, at the beginning of functions, a canary value on

diff --git a/arch/x86/Makefile b/arch/x86/Makefile
@@ -76,7 +76,6 @@ ifdef CONFIG_CC_STACKPROTECTOR
 	cc_has_sp := $(srctree)/scripts/gcc-x86_$(BITS)-has-stack-protector.sh
         ifeq ($(shell $(CONFIG_SHELL) $(cc_has_sp) $(CC) $(biarch)),y)
                 stackp-y := -fstack-protector
-                stackp-$(CONFIG_CC_STACKPROTECTOR_ALL) += -fstack-protector-all
                 KBUILD_CFLAGS += $(stackp-y)
         else
                 $(warning stack protector enabled but no compiler support)