sh: initial stack protector support.

This implements basic -fstack-protector support, based on the early ARM version in c743f38013aeff58ef6252601e397b5ba281c633. The SMP case is limited to the initial canary value, while the UP case handles per-task granularity (limited to 32-bit sh until a new enough sh64 compiler manifests itself). Signed-off-by: Filippo Arcidiacono <filippo.arcidiacono@st.com> Reviewed-by: Carmelo Amoroso <carmelo.amoroso@st.com> Signed-off-by: Stuart Menefy <stuart.menefy@st.com> Signed-off-by: Paul Mundt <lethal@linux-sh.org>
author: Filippo Arcidiacono <filippo.arcidiacono@st.com> 2012-04-19 02:45:57 -0400
committer: Paul Mundt <lethal@linux-sh.org> 2012-04-19 02:45:57 -0400
commit: 5d920bb929a99446062a48cf90867bbca57b8e77 (patch)
tree: fdadebe0b0fe8906ffd81ad9f726430d6428a8f5 /arch/sh/Kconfig
parent: 932e9f352b5d685725076f21b237f7c7d804b29c (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/arch/sh/Kconfig b/arch/sh/Kconfig
index ff9e033ce626..60ed3669979d 100644
--- a/arch/sh/Kconfig
+++ b/arch/sh/Kconfig
@@ -685,6 +685,20 @@ config SECCOMP
          If unsure, say N.
+config CC_STACKPROTECTOR
+        bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"
+        depends on SUPERH32 && EXPERIMENTAL
+        help
+          This option turns on the -fstack-protector GCC feature. This
+          feature puts, at the beginning of functions, a canary value on
+          the stack just before the return address, and validates
+          the value just before actually returning.  Stack based buffer
+          overflows (that need to overwrite this return address) now also
+          overwrite the canary, which gets detected and the attack is then
+          neutralized via a kernel panic.
+          This feature requires gcc version 4.2 or above.
 config SMP
        bool "Symmetric multi-processing support"
        depends on SYS_SUPPORTS_SMP
author	Filippo Arcidiacono <filippo.arcidiacono@st.com>	2012-04-19 02:45:57 -0400
committer	Paul Mundt <lethal@linux-sh.org>	2012-04-19 02:45:57 -0400
commit	5d920bb929a99446062a48cf90867bbca57b8e77 (patch)
tree	fdadebe0b0fe8906ffd81ad9f726430d6428a8f5 /arch/sh/Kconfig
parent	932e9f352b5d685725076f21b237f7c7d804b29c (diff)

diff --git a/arch/sh/Kconfig b/arch/sh/Kconfig index ff9e033ce626..60ed3669979d 100644 --- a/arch/sh/Kconfig +++ b/arch/sh/Kconfig
@@ -685,6 +685,20 @@ config SECCOMP
685		685
686	If unsure, say N.	686	If unsure, say N.
687		687
		688	config CC_STACKPROTECTOR
		689	bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"
		690	depends on SUPERH32 && EXPERIMENTAL
		691	help
		692	This option turns on the -fstack-protector GCC feature. This
		693	feature puts, at the beginning of functions, a canary value on
		694	the stack just before the return address, and validates
		695	the value just before actually returning. Stack based buffer
		696	overflows (that need to overwrite this return address) now also
		697	overwrite the canary, which gets detected and the attack is then
		698	neutralized via a kernel panic.
		699
		700	This feature requires gcc version 4.2 or above.
		701
688	config SMP	702	config SMP
689	bool "Symmetric multi-processing support"	703	bool "Symmetric multi-processing support"
690	depends on SYS_SUPPORTS_SMP	704	depends on SYS_SUPPORTS_SMP