diff options
Diffstat (limited to 'arch/arm/Kconfig')
| -rw-r--r-- | arch/arm/Kconfig | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 1f254bd6c937..f160b93691cd 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig | |||
| @@ -1374,6 +1374,18 @@ config UACCESS_WITH_MEMCPY | |||
| 1374 | However, if the CPU data cache is using a write-allocate mode, | 1374 | However, if the CPU data cache is using a write-allocate mode, |
| 1375 | this option is unlikely to provide any performance gain. | 1375 | this option is unlikely to provide any performance gain. |
| 1376 | 1376 | ||
| 1377 | config CC_STACKPROTECTOR | ||
| 1378 | bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)" | ||
| 1379 | help | ||
| 1380 | This option turns on the -fstack-protector GCC feature. This | ||
| 1381 | feature puts, at the beginning of functions, a canary value on | ||
| 1382 | the stack just before the return address, and validates | ||
| 1383 | the value just before actually returning. Stack based buffer | ||
| 1384 | overflows (that need to overwrite this return address) now also | ||
| 1385 | overwrite the canary, which gets detected and the attack is then | ||
| 1386 | neutralized via a kernel panic. | ||
| 1387 | This feature requires gcc version 4.2 or above. | ||
| 1388 | |||
| 1377 | endmenu | 1389 | endmenu |
| 1378 | 1390 | ||
| 1379 | menu "Boot options" | 1391 | menu "Boot options" |