GCC 4.8.3+ Does anybody aware of Stack Smashing Protection ?
Laurent Bourgès
bourges.laurent at gmail.com
Tue Jun 9 17:28:47 UTC 2015
Hi,
I wonder if it affects the release builds too on my laptop ?
I have Ubuntu 14.4 with gcc 4.8.4. I ran gcc -Q -help=common but it said
fstack-protector is disabled.
I am running map rendering benchmarks comparing ductus, pisces and Marlin,
a new fast renderer (I am contributing to OpenJDK 9).
I am experiencing my openjdk9 build is a bit slower than oracle jdk8 ~ 5% !
I will try adding f-no-stack-protection to my custom CFLAGS to check any
impact.
Regards,
Laurent
Le 5 juin 2015 21:34, "Dmitry Samersoff" <dmitry.samersoff at oracle.com> a
écrit :
> Hi Everybody,
>
> I'm not sure it affects hotspot but should we care about it?
>
> FYI:
>
> Beginning with GCC 4.8.3, Stack Smashing Protection (SSP) will be
> enabled by default. The 4.8 series will enable -fstack-protector
> while 4.9 and later enable -fstack-protector-strong.
>
> SSP is a security feature that attempts to mitigate stack-based buffer
> overflows by placing a canary value on the stack after the function
> return pointer and checking for that value before the function returns.
> If a buffer overflow occurs and the canary value is overwritten, the
> program aborts.
>
> There is a small performance cost to these features. They can be
> disabled with -fno-stack-protector.
>
> For more information these options, refer to the GCC Manual, or the
> following articles.
>
> http://en.wikipedia.org/wiki/Buffer_overflow_protection
> http://en.wikipedia.org/wiki/Stack_buffer_overflow
> https://securityblog.redhat.com/tag/stack-protector
> http://www.outflux.net/blog/archives/2014/01/27/fstack-protector-strong
>
> -Dmitry
>
> --
> Dmitry Samersoff
> Oracle Java development team, Saint Petersburg, Russia
> * I would love to change the world, but they won't give me the sources.
>
More information about the hotspot-dev
mailing list