diff options
| author | Russell King <rmk+kernel@arm.linux.org.uk> | 2010-06-30 12:00:01 +0200 |
|---|---|---|
| committer | Russell King <rmk+kernel@arm.linux.org.uk> | 2010-06-30 12:00:01 +0200 |
| commit | fc4978b796e5e52ab3a709495a968199afe0a108 (patch) | |
| tree | 102c74707940214f3c9810dadaf62d0d378a7a8c /arch/arm/Kconfig | |
| parent | arm: mm: Don't free prohibited memmap entries (diff) | |
| parent | ARM: stack protector: change the canary value per task (diff) | |
| download | linux-fc4978b796e5e52ab3a709495a968199afe0a108.tar.xz linux-fc4978b796e5e52ab3a709495a968199afe0a108.zip | |
Merge git://git.linaro.org/nico/arm_security into devel-stable
Diffstat (limited to 'arch/arm/Kconfig')
| -rw-r--r-- | arch/arm/Kconfig | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index c171f35b73af..2244de273d2c 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -1375,6 +1375,18 @@ config UACCESS_WITH_MEMCPY However, if the CPU data cache is using a write-allocate mode, this option is unlikely to provide any performance gain. +config CC_STACKPROTECTOR + bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)" + help + This option turns on the -fstack-protector GCC feature. This + feature puts, at the beginning of functions, a canary value on + the stack just before the return address, and validates + the value just before actually returning. Stack based buffer + overflows (that need to overwrite this return address) now also + overwrite the canary, which gets detected and the attack is then + neutralized via a kernel panic. + This feature requires gcc version 4.2 or above. + endmenu menu "Boot options" |