diff options
author | Nicolas Pitre <nico@fluxnic.net> | 2010-05-25 05:55:42 +0200 |
---|---|---|
committer | Nicolas Pitre <nico@fluxnic.net> | 2010-06-15 03:31:00 +0200 |
commit | c743f38013aeff58ef6252601e397b5ba281c633 (patch) | |
tree | b364e1690aff8a0dd97a83d4cb17bcadcdb5bd19 /arch/arm/Kconfig | |
parent | [ARM] add address randomization to mmap() (diff) | |
download | linux-c743f38013aeff58ef6252601e397b5ba281c633.tar.xz linux-c743f38013aeff58ef6252601e397b5ba281c633.zip |
ARM: initial stack protector (-fstack-protector) support
This is the very basic stuff without the changing canary upon
task switch yet. Just the Kconfig option and a constant canary
value initialized at boot time.
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
Diffstat (limited to 'arch/arm/Kconfig')
-rw-r--r-- | arch/arm/Kconfig | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 1f254bd6c937..f160b93691cd 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -1374,6 +1374,18 @@ config UACCESS_WITH_MEMCPY However, if the CPU data cache is using a write-allocate mode, this option is unlikely to provide any performance gain. +config CC_STACKPROTECTOR + bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)" + help + This option turns on the -fstack-protector GCC feature. This + feature puts, at the beginning of functions, a canary value on + the stack just before the return address, and validates + the value just before actually returning. Stack based buffer + overflows (that need to overwrite this return address) now also + overwrite the canary, which gets detected and the attack is then + neutralized via a kernel panic. + This feature requires gcc version 4.2 or above. + endmenu menu "Boot options" |