aboutsummaryrefslogtreecommitdiffstats
path: root/arch
diff options
context:
space:
mode:
authorArjan van de Ven <arjan@linux.intel.com>2006-09-26 04:52:38 -0400
committerAndi Kleen <andi@basil.nowhere.org>2006-09-26 04:52:38 -0400
commitb62a5c740df1e3d49a97349fce0c6a23f633d7fe (patch)
treed29b6a60f5d8d4d0d93c4eeece5526e8f9281f1c /arch
parent29a9af60e2120f874d0c600bf9e27617254a0488 (diff)
[PATCH] Add the Kconfig option for the stackprotector feature
This patch adds the config options for -fstack-protector. Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Andi Kleen <ak@suse.de> CC: Andi Kleen <ak@suse.de>
Diffstat (limited to 'arch')
-rw-r--r--arch/x86_64/Kconfig24
1 files changed, 24 insertions, 0 deletions
diff --git a/arch/x86_64/Kconfig b/arch/x86_64/Kconfig
index 927b392a4aa0..0c61d0019dd7 100644
--- a/arch/x86_64/Kconfig
+++ b/arch/x86_64/Kconfig
@@ -533,6 +533,30 @@ config SECCOMP
533 533
534 If unsure, say Y. Only embedded should say N here. 534 If unsure, say Y. Only embedded should say N here.
535 535
536config CC_STACKPROTECTOR
537 bool "Enable -fstack-protector buffer overflow detection (EXPRIMENTAL)"
538 depends on EXPERIMENTAL
539 help
540 This option turns on the -fstack-protector GCC feature. This
541 feature puts, at the beginning of critical functions, a canary
542 value on the stack just before the return address, and validates
543 the value just before actually returning. Stack based buffer
544 overflows (that need to overwrite this return address) now also
545 overwrite the canary, which gets detected and the attack is then
546 neutralized via a kernel panic.
547
548 This feature requires gcc version 4.2 or above, or a distribution
549 gcc with the feature backported. Older versions are automatically
550 detected and for those versions, this configuration option is ignored.
551
552config CC_STACKPROTECTOR_ALL
553 bool "Use stack-protector for all functions"
554 depends on CC_STACKPROTECTOR
555 help
556 Normally, GCC only inserts the canary value protection for
557 functions that use large-ish on-stack buffers. By enabling
558 this option, GCC will be asked to do this for ALL functions.
559
536source kernel/Kconfig.hz 560source kernel/Kconfig.hz
537 561
538config REORDER 562config REORDER