aboutsummaryrefslogtreecommitdiffstats
path: root/arch/x86_64/Kconfig
diff options
context:
space:
mode:
Diffstat (limited to 'arch/x86_64/Kconfig')
-rw-r--r--arch/x86_64/Kconfig24
1 files changed, 24 insertions, 0 deletions
diff --git a/arch/x86_64/Kconfig b/arch/x86_64/Kconfig
index 927b392a4aa0..0c61d0019dd7 100644
--- a/arch/x86_64/Kconfig
+++ b/arch/x86_64/Kconfig
@@ -533,6 +533,30 @@ config SECCOMP
533 533
534 If unsure, say Y. Only embedded should say N here. 534 If unsure, say Y. Only embedded should say N here.
535 535
536config CC_STACKPROTECTOR
537 bool "Enable -fstack-protector buffer overflow detection (EXPRIMENTAL)"
538 depends on EXPERIMENTAL
539 help
540 This option turns on the -fstack-protector GCC feature. This
541 feature puts, at the beginning of critical functions, a canary
542 value on the stack just before the return address, and validates
543 the value just before actually returning. Stack based buffer
544 overflows (that need to overwrite this return address) now also
545 overwrite the canary, which gets detected and the attack is then
546 neutralized via a kernel panic.
547
548 This feature requires gcc version 4.2 or above, or a distribution
549 gcc with the feature backported. Older versions are automatically
550 detected and for those versions, this configuration option is ignored.
551
552config CC_STACKPROTECTOR_ALL
553 bool "Use stack-protector for all functions"
554 depends on CC_STACKPROTECTOR
555 help
556 Normally, GCC only inserts the canary value protection for
557 functions that use large-ish on-stack buffers. By enabling
558 this option, GCC will be asked to do this for ALL functions.
559
536source kernel/Kconfig.hz 560source kernel/Kconfig.hz
537 561
538config REORDER 562config REORDER