diff options
| author | Kees Cook <keescook@chromium.org> | 2013-12-19 14:35:58 -0500 |
|---|---|---|
| committer | Ingo Molnar <mingo@kernel.org> | 2013-12-20 03:38:40 -0500 |
| commit | 19952a92037e752f9d3bbbad552d596f9a56e146 (patch) | |
| tree | 8a1930b4775cb17865c03faf55eafdd7b97be8ba /arch/x86/Kconfig | |
| parent | b0031f227e47919797dc0e1c1990f3ef151ff0cc (diff) | |
stackprotector: Unify the HAVE_CC_STACKPROTECTOR logic between architectures
Instead of duplicating the CC_STACKPROTECTOR Kconfig and
Makefile logic in each architecture, switch to using
HAVE_CC_STACKPROTECTOR and keep everything in one place. This
retains the x86-specific bug verification scripts.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Cc: Michal Marek <mmarek@suse.cz>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Paul Mundt <lethal@linux-sh.org>
Cc: James Hogan <james.hogan@imgtec.com>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Cc: Shawn Guo <shawn.guo@linaro.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-mips@linux-mips.org
Cc: linux-arch@vger.kernel.org
Link: http://lkml.kernel.org/r/1387481759-14535-2-git-send-email-keescook@chromium.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Diffstat (limited to 'arch/x86/Kconfig')
| -rw-r--r-- | arch/x86/Kconfig | 17 |
1 files changed, 1 insertions, 16 deletions
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 0952ecd60eca..838e7c34dd60 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig | |||
| @@ -125,6 +125,7 @@ config X86 | |||
| 125 | select RTC_LIB | 125 | select RTC_LIB |
| 126 | select HAVE_DEBUG_STACKOVERFLOW | 126 | select HAVE_DEBUG_STACKOVERFLOW |
| 127 | select HAVE_IRQ_EXIT_ON_IRQ_STACK if X86_64 | 127 | select HAVE_IRQ_EXIT_ON_IRQ_STACK if X86_64 |
| 128 | select HAVE_CC_STACKPROTECTOR | ||
| 128 | 129 | ||
| 129 | config INSTRUCTION_DECODER | 130 | config INSTRUCTION_DECODER |
| 130 | def_bool y | 131 | def_bool y |
| @@ -1617,22 +1618,6 @@ config SECCOMP | |||
| 1617 | 1618 | ||
| 1618 | If unsure, say Y. Only embedded should say N here. | 1619 | If unsure, say Y. Only embedded should say N here. |
| 1619 | 1620 | ||
| 1620 | config CC_STACKPROTECTOR | ||
| 1621 | bool "Enable -fstack-protector buffer overflow detection" | ||
| 1622 | ---help--- | ||
| 1623 | This option turns on the -fstack-protector GCC feature. This | ||
| 1624 | feature puts, at the beginning of functions, a canary value on | ||
| 1625 | the stack just before the return address, and validates | ||
| 1626 | the value just before actually returning. Stack based buffer | ||
| 1627 | overflows (that need to overwrite this return address) now also | ||
| 1628 | overwrite the canary, which gets detected and the attack is then | ||
| 1629 | neutralized via a kernel panic. | ||
| 1630 | |||
| 1631 | This feature requires gcc version 4.2 or above, or a distribution | ||
| 1632 | gcc with the feature backported. Older versions are automatically | ||
| 1633 | detected and for those versions, this configuration option is | ||
| 1634 | ignored. (and a warning is printed during bootup) | ||
| 1635 | |||
| 1636 | source kernel/Kconfig.hz | 1621 | source kernel/Kconfig.hz |
| 1637 | 1622 | ||
| 1638 | config KEXEC | 1623 | config KEXEC |