diff options
| author | Kees Cook <keescook@chromium.org> | 2013-12-19 14:35:58 -0500 |
|---|---|---|
| committer | Ingo Molnar <mingo@kernel.org> | 2013-12-20 03:38:40 -0500 |
| commit | 19952a92037e752f9d3bbbad552d596f9a56e146 (patch) | |
| tree | 8a1930b4775cb17865c03faf55eafdd7b97be8ba /arch/arm/Kconfig | |
| parent | b0031f227e47919797dc0e1c1990f3ef151ff0cc (diff) | |
stackprotector: Unify the HAVE_CC_STACKPROTECTOR logic between architectures
Instead of duplicating the CC_STACKPROTECTOR Kconfig and
Makefile logic in each architecture, switch to using
HAVE_CC_STACKPROTECTOR and keep everything in one place. This
retains the x86-specific bug verification scripts.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Cc: Michal Marek <mmarek@suse.cz>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Paul Mundt <lethal@linux-sh.org>
Cc: James Hogan <james.hogan@imgtec.com>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Cc: Shawn Guo <shawn.guo@linaro.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-mips@linux-mips.org
Cc: linux-arch@vger.kernel.org
Link: http://lkml.kernel.org/r/1387481759-14535-2-git-send-email-keescook@chromium.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Diffstat (limited to 'arch/arm/Kconfig')
| -rw-r--r-- | arch/arm/Kconfig | 13 |
1 files changed, 1 insertions, 12 deletions
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index c1f1a7eee953..9c909fc29272 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig | |||
| @@ -30,6 +30,7 @@ config ARM | |||
| 30 | select HAVE_BPF_JIT | 30 | select HAVE_BPF_JIT |
| 31 | select HAVE_CONTEXT_TRACKING | 31 | select HAVE_CONTEXT_TRACKING |
| 32 | select HAVE_C_RECORDMCOUNT | 32 | select HAVE_C_RECORDMCOUNT |
| 33 | select HAVE_CC_STACKPROTECTOR | ||
| 33 | select HAVE_DEBUG_KMEMLEAK | 34 | select HAVE_DEBUG_KMEMLEAK |
| 34 | select HAVE_DMA_API_DEBUG | 35 | select HAVE_DMA_API_DEBUG |
| 35 | select HAVE_DMA_ATTRS | 36 | select HAVE_DMA_ATTRS |
| @@ -1856,18 +1857,6 @@ config SECCOMP | |||
| 1856 | and the task is only allowed to execute a few safe syscalls | 1857 | and the task is only allowed to execute a few safe syscalls |
| 1857 | defined by each seccomp mode. | 1858 | defined by each seccomp mode. |
| 1858 | 1859 | ||
| 1859 | config CC_STACKPROTECTOR | ||
| 1860 | bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)" | ||
| 1861 | help | ||
| 1862 | This option turns on the -fstack-protector GCC feature. This | ||
| 1863 | feature puts, at the beginning of functions, a canary value on | ||
| 1864 | the stack just before the return address, and validates | ||
| 1865 | the value just before actually returning. Stack based buffer | ||
| 1866 | overflows (that need to overwrite this return address) now also | ||
| 1867 | overwrite the canary, which gets detected and the attack is then | ||
| 1868 | neutralized via a kernel panic. | ||
| 1869 | This feature requires gcc version 4.2 or above. | ||
| 1870 | |||
| 1871 | config SWIOTLB | 1860 | config SWIOTLB |
| 1872 | def_bool y | 1861 | def_bool y |
| 1873 | 1862 | ||