diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2014-01-20 13:26:31 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2014-01-20 13:26:31 -0500 |
| commit | ad3ab302fd8239a1ddee01e606683c3197ca6908 (patch) | |
| tree | d4984d29bcc90252118bdf3a0c32d5c1e027fc08 /Makefile | |
| parent | a693c46e14c9fdadbcd68ddfa94a4f72495531a9 (diff) | |
| parent | 8779657d29c0ebcc0c94ede4df2f497baf1b563f (diff) | |
Merge branch 'core-stackprotector-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull strong stackprotector support from Ingo Molnar:
"This tree adds a CONFIG_CC_STACKPROTECTOR_STRONG=y, a new, stronger
stack canary checking method supported by the newest GCC versions (4.9
and later).
Here's the 'intensity comparison' between the various protection
modes:
- defconfig
11430641 kernel text size
36110 function bodies
- defconfig + CONFIG_CC_STACKPROTECTOR_REGULAR
11468490 kernel text size (+0.33%)
1015 of 36110 functions are stack-protected (2.81%)
- defconfig + CONFIG_CC_STACKPROTECTOR_STRONG via this patch
11692790 kernel text size (+2.24%)
7401 of 36110 functions are stack-protected (20.5%)
the strong model comes with non-trivial costs, which is why we
preserved the 'regular' and 'none' models as well"
* 'core-stackprotector-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
stackprotector: Introduce CONFIG_CC_STACKPROTECTOR_STRONG
stackprotector: Unify the HAVE_CC_STACKPROTECTOR logic between architectures
Diffstat (limited to 'Makefile')
| -rw-r--r-- | Makefile | 20 |
1 files changed, 17 insertions, 3 deletions
| @@ -595,10 +595,24 @@ ifneq ($(CONFIG_FRAME_WARN),0) | |||
| 595 | KBUILD_CFLAGS += $(call cc-option,-Wframe-larger-than=${CONFIG_FRAME_WARN}) | 595 | KBUILD_CFLAGS += $(call cc-option,-Wframe-larger-than=${CONFIG_FRAME_WARN}) |
| 596 | endif | 596 | endif |
| 597 | 597 | ||
| 598 | # Force gcc to behave correct even for buggy distributions | 598 | # Handle stack protector mode. |
| 599 | ifndef CONFIG_CC_STACKPROTECTOR | 599 | ifdef CONFIG_CC_STACKPROTECTOR_REGULAR |
| 600 | KBUILD_CFLAGS += $(call cc-option, -fno-stack-protector) | 600 | stackp-flag := -fstack-protector |
| 601 | ifeq ($(call cc-option, $(stackp-flag)),) | ||
| 602 | $(warning Cannot use CONFIG_CC_STACKPROTECTOR: \ | ||
| 603 | -fstack-protector not supported by compiler)) | ||
| 604 | endif | ||
| 605 | else ifdef CONFIG_CC_STACKPROTECTOR_STRONG | ||
| 606 | stackp-flag := -fstack-protector-strong | ||
| 607 | ifeq ($(call cc-option, $(stackp-flag)),) | ||
| 608 | $(warning Cannot use CONFIG_CC_STACKPROTECTOR_STRONG: \ | ||
| 609 | -fstack-protector-strong not supported by compiler) | ||
| 610 | endif | ||
| 611 | else | ||
| 612 | # Force off for distro compilers that enable stack protector by default. | ||
| 613 | stackp-flag := $(call cc-option, -fno-stack-protector) | ||
| 601 | endif | 614 | endif |
| 615 | KBUILD_CFLAGS += $(stackp-flag) | ||
| 602 | 616 | ||
| 603 | # This warning generated too much noise in a regular build. | 617 | # This warning generated too much noise in a regular build. |
| 604 | # Use make W=1 to enable this warning (see scripts/Makefile.build) | 618 | # Use make W=1 to enable this warning (see scripts/Makefile.build) |