1 files changed, 17 insertions, 13 deletions
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 1f4844505765..2a75931567c4 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -391,6 +391,13 @@ config X86_RDC321X
          as R-8610-(G).
          If you don't have one of these chips, you should say N here.
+config X86_UV
+        bool "SGI Ultraviolet"
+        depends on X86_64
+        help
+          This option is needed in order to support SGI Ultraviolet systems.
+          If you don't have one of these, you should say N here.
 config SCHED_OMIT_FRAME_POINTER
        def_bool y
        prompt "Single-depth WCHAN output"
@@ -1341,13 +1348,17 @@ config SECCOMP
          If unsure, say Y. Only embedded should say N here.
+config CC_STACKPROTECTOR_ALL
+        bool
 config CC_STACKPROTECTOR
        bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"
-        depends on X86_64 && EXPERIMENTAL && BROKEN
+        depends on X86_64
+        select CC_STACKPROTECTOR_ALL
        help
-         This option turns on the -fstack-protector GCC feature. This
+          This option turns on the -fstack-protector GCC feature. This
-          feature puts, at the beginning of critical functions, a canary
+          feature puts, at the beginning of functions, a canary value on
-          value on the stack just before the return address, and validates
+          the stack just before the return address, and validates
          the value just before actually returning.  Stack based buffer
          overflows (that need to overwrite this return address) now also
          overwrite the canary, which gets detected and the attack is then
@@ -1355,15 +1366,8 @@ config CC_STACKPROTECTOR
          This feature requires gcc version 4.2 or above, or a distribution
          gcc with the feature backported. Older versions are automatically
-          detected and for those versions, this configuration option is ignored.
+          detected and for those versions, this configuration option is
+          ignored. (and a warning is printed during bootup)
-config CC_STACKPROTECTOR_ALL
-        bool "Use stack-protector for all functions"
-        depends on CC_STACKPROTECTOR
-        help
-          Normally, GCC only inserts the canary value protection for
-          functions that use large-ish on-stack buffers. By enabling
-          this option, GCC will be asked to do this for ALL functions.
 source kernel/Kconfig.hz

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 1f4844505765..2a75931567c4 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig
@@ -391,6 +391,13 @@ config X86_RDC321X
391	as R-8610-(G).	391	as R-8610-(G).
392	If you don't have one of these chips, you should say N here.	392	If you don't have one of these chips, you should say N here.
393		393
		394	config X86_UV
		395	bool "SGI Ultraviolet"
		396	depends on X86_64
		397	help
		398	This option is needed in order to support SGI Ultraviolet systems.
		399	If you don't have one of these, you should say N here.
		400
394	config SCHED_OMIT_FRAME_POINTER	401	config SCHED_OMIT_FRAME_POINTER
395	def_bool y	402	def_bool y
396	prompt "Single-depth WCHAN output"	403	prompt "Single-depth WCHAN output"
@@ -1341,13 +1348,17 @@ config SECCOMP
1341		1348
1342	If unsure, say Y. Only embedded should say N here.	1349	If unsure, say Y. Only embedded should say N here.
1343		1350
		1351	config CC_STACKPROTECTOR_ALL
		1352	bool
		1353
1344	config CC_STACKPROTECTOR	1354	config CC_STACKPROTECTOR
1345	bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"	1355	bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"
1346	depends on X86_64 && EXPERIMENTAL && BROKEN	1356	depends on X86_64
		1357	select CC_STACKPROTECTOR_ALL
1347	help	1358	help
1348	This option turns on the -fstack-protector GCC feature. This	1359	This option turns on the -fstack-protector GCC feature. This
1349	feature puts, at the beginning of critical functions, a canary	1360	feature puts, at the beginning of functions, a canary value on
1350	value on the stack just before the return address, and validates	1361	the stack just before the return address, and validates
1351	the value just before actually returning. Stack based buffer	1362	the value just before actually returning. Stack based buffer
1352	overflows (that need to overwrite this return address) now also	1363	overflows (that need to overwrite this return address) now also
1353	overwrite the canary, which gets detected and the attack is then	1364	overwrite the canary, which gets detected and the attack is then
@@ -1355,15 +1366,8 @@ config CC_STACKPROTECTOR
1355		1366
1356	This feature requires gcc version 4.2 or above, or a distribution	1367	This feature requires gcc version 4.2 or above, or a distribution
1357	gcc with the feature backported. Older versions are automatically	1368	gcc with the feature backported. Older versions are automatically
1358	detected and for those versions, this configuration option is ignored.	1369	detected and for those versions, this configuration option is
1359		1370	ignored. (and a warning is printed during bootup)
1360	config CC_STACKPROTECTOR_ALL
1361	bool "Use stack-protector for all functions"
1362	depends on CC_STACKPROTECTOR
1363	help
1364	Normally, GCC only inserts the canary value protection for
1365	functions that use large-ish on-stack buffers. By enabling
1366	this option, GCC will be asked to do this for ALL functions.
1367		1371
1368	source kernel/Kconfig.hz	1372	source kernel/Kconfig.hz
1369		1373