Merge branch 'core-stackprotector-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull strong stackprotector support from Ingo Molnar: "This tree adds a CONFIG_CC_STACKPROTECTOR_STRONG=y, a new, stronger stack canary checking method supported by the newest GCC versions (4.9 and later). Here's the 'intensity comparison' between the various protection modes: - defconfig 11430641 kernel text size 36110 function bodies - defconfig + CONFIG_CC_STACKPROTECTOR_REGULAR 11468490 kernel text size (+0.33%) 1015 of 36110 functions are stack-protected (2.81%) - defconfig + CONFIG_CC_STACKPROTECTOR_STRONG via this patch 11692790 kernel text size (+2.24%) 7401 of 36110 functions are stack-protected (20.5%) the strong model comes with non-trivial costs, which is why we preserved the 'regular' and 'none' models as well" * 'core-stackprotector-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: stackprotector: Introduce CONFIG_CC_STACKPROTECTOR_STRONG stackprotector: Unify the HAVE_CC_STACKPROTECTOR logic between architectures
author: Linus Torvalds <torvalds@linux-foundation.org> 2014-01-20 13:26:31 -0500
committer: Linus Torvalds <torvalds@linux-foundation.org> 2014-01-20 13:26:31 -0500
commit: ad3ab302fd8239a1ddee01e606683c3197ca6908 (patch)
tree: d4984d29bcc90252118bdf3a0c32d5c1e027fc08 /arch/sh
parent: a693c46e14c9fdadbcd68ddfa94a4f72495531a9 (diff)
parent: 8779657d29c0ebcc0c94ede4df2f497baf1b563f (diff)
2 files changed, 1 insertions, 18 deletions
diff --git a/arch/sh/Kconfig b/arch/sh/Kconfig
index 9b0979f4df7a..ce298317a73e 100644
--- a/arch/sh/Kconfig
+++ b/arch/sh/Kconfig
@@ -66,6 +66,7 @@ config SUPERH32
        select PERF_EVENTS
        select ARCH_HIBERNATION_POSSIBLE if MMU
        select SPARSE_IRQ
+        select HAVE_CC_STACKPROTECTOR
 config SUPERH64
        def_bool ARCH = "sh64"
@@ -695,20 +696,6 @@ config SECCOMP
          If unsure, say N.
-config CC_STACKPROTECTOR
-        bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"
-        depends on SUPERH32
-        help
-          This option turns on the -fstack-protector GCC feature. This
-          feature puts, at the beginning of functions, a canary value on
-          the stack just before the return address, and validates
-          the value just before actually returning.  Stack based buffer
-          overflows (that need to overwrite this return address) now also
-          overwrite the canary, which gets detected and the attack is then
-          neutralized via a kernel panic.
-          This feature requires gcc version 4.2 or above.
 config SMP
        bool "Symmetric multi-processing support"
        depends on SYS_SUPPORTS_SMP
diff --git a/arch/sh/Makefile b/arch/sh/Makefile
index aed701c7b11b..d4d16e4be07c 100644
--- a/arch/sh/Makefile
+++ b/arch/sh/Makefile
@@ -199,10 +199,6 @@ ifeq ($(CONFIG_DWARF_UNWINDER),y)
  KBUILD_CFLAGS += -fasynchronous-unwind-tables
 endif
-ifeq ($(CONFIG_CC_STACKPROTECTOR),y)
-  KBUILD_CFLAGS += -fstack-protector
-endif
 libs-$(CONFIG_SUPERH32)         := arch/sh/lib/ $(libs-y)
 libs-$(CONFIG_SUPERH64)         := arch/sh/lib64/ $(libs-y)
author	Linus Torvalds <torvalds@linux-foundation.org>	2014-01-20 13:26:31 -0500
committer	Linus Torvalds <torvalds@linux-foundation.org>	2014-01-20 13:26:31 -0500
commit	ad3ab302fd8239a1ddee01e606683c3197ca6908 (patch)
tree	d4984d29bcc90252118bdf3a0c32d5c1e027fc08 /arch/sh
parent	a693c46e14c9fdadbcd68ddfa94a4f72495531a9 (diff)
parent	8779657d29c0ebcc0c94ede4df2f497baf1b563f (diff)