From owner-svn-src-head@freebsd.org Sun Oct 4 18:54:03 2015 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BA6BBA0EDAC; Sun, 4 Oct 2015 18:54:03 +0000 (UTC) (envelope-from pfg@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 91A481A9A; Sun, 4 Oct 2015 18:54:03 +0000 (UTC) (envelope-from pfg@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t94Is3Q9067962; Sun, 4 Oct 2015 18:54:03 GMT (envelope-from pfg@FreeBSD.org) Received: (from pfg@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id t94Is3AF067961; Sun, 4 Oct 2015 18:54:03 GMT (envelope-from pfg@FreeBSD.org) Message-Id: <201510041854.t94Is3AF067961@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: pfg set sender to pfg@FreeBSD.org using -f From: "Pedro F. Giffuni" Date: Sun, 4 Oct 2015 18:54:03 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r288669 - head/share/mk X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Oct 2015 18:54:03 -0000 Author: pfg Date: Sun Oct 4 18:54:02 2015 New Revision: 288669 URL: https://svnweb.freebsd.org/changeset/base/288669 Log: Bump the stack protector to level "strong". The general stack protector is known to be weak and has pretty small coverage. While setting stack-protector-all would give better protection it would come with a performance cost: for this reason Google's Chrome OS team developed a new stack-protector-strong variant. In addition to the protections offered by -fstack-protector, the new option will guard any function that declares any type or length of local array, even those in structs or unions. It will also protect functions that use a local variable's address in a function argument or on the right-hand side of an assignment. The option was introduced in GCC-4.9, but support for it has been back-ported to our base GCC (r286074) and is also available in clang. The change was tested with dbench and doesn't introduce performance regressions. An exp-run over the ports tree revealed no failures when using the stricter stack-protector-all. Thanks to all testers involved. Reference: https://outflux.net/blog/archives/2014/01/27/fstack-protector-strong/ Tested by: pho, portmgr (antoine) Discussed with: secteam (delphij) Differential Revision: https://reviews.freebsd.org/D3463 PR: 203394 (exp-run) Relnotes: yes MFC: no (not supported in older clang) Modified: head/share/mk/bsd.sys.mk Modified: head/share/mk/bsd.sys.mk ============================================================================== --- head/share/mk/bsd.sys.mk Sun Oct 4 13:49:09 2015 (r288668) +++ head/share/mk/bsd.sys.mk Sun Oct 4 18:54:02 2015 (r288669) @@ -149,7 +149,7 @@ CXXFLAGS.clang+= -Wno-c++11-extensions .if ${MK_SSP} != "no" && \ ${MACHINE_CPUARCH} != "arm" && ${MACHINE_CPUARCH} != "mips" # Don't use -Wstack-protector as it breaks world with -Werror. -SSP_CFLAGS?= -fstack-protector +SSP_CFLAGS?= -fstack-protector-strong CFLAGS+= ${SSP_CFLAGS} .endif # SSP && !ARM && !MIPS