diff options
| author | Russell King <rmk+kernel@arm.linux.org.uk> | 2010-06-30 06:00:01 -0400 |
|---|---|---|
| committer | Russell King <rmk+kernel@arm.linux.org.uk> | 2010-06-30 06:00:01 -0400 |
| commit | fc4978b796e5e52ab3a709495a968199afe0a108 (patch) | |
| tree | 102c74707940214f3c9810dadaf62d0d378a7a8c /arch/arm/Kconfig | |
| parent | 3260e5293727f16ffdce9a6a6203fd9a6b149e58 (diff) | |
| parent | df0698be14c6683606d5df2d83e3ae40f85ed0d9 (diff) | |
Merge git://git.linaro.org/nico/arm_security into devel-stable
Diffstat (limited to 'arch/arm/Kconfig')
| -rw-r--r-- | arch/arm/Kconfig | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index c171f35b73a..2244de273d2 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig | |||
| @@ -1375,6 +1375,18 @@ config UACCESS_WITH_MEMCPY | |||
| 1375 | However, if the CPU data cache is using a write-allocate mode, | 1375 | However, if the CPU data cache is using a write-allocate mode, |
| 1376 | this option is unlikely to provide any performance gain. | 1376 | this option is unlikely to provide any performance gain. |
| 1377 | 1377 | ||
| 1378 | config CC_STACKPROTECTOR | ||
| 1379 | bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)" | ||
| 1380 | help | ||
| 1381 | This option turns on the -fstack-protector GCC feature. This | ||
| 1382 | feature puts, at the beginning of functions, a canary value on | ||
| 1383 | the stack just before the return address, and validates | ||
| 1384 | the value just before actually returning. Stack based buffer | ||
| 1385 | overflows (that need to overwrite this return address) now also | ||
| 1386 | overwrite the canary, which gets detected and the attack is then | ||
| 1387 | neutralized via a kernel panic. | ||
| 1388 | This feature requires gcc version 4.2 or above. | ||
| 1389 | |||
| 1378 | endmenu | 1390 | endmenu |
| 1379 | 1391 | ||
| 1380 | menu "Boot options" | 1392 | menu "Boot options" |