ARM: initial stack protector (-fstack-protector) support

This is the very basic stuff without the changing canary upon task switch yet. Just the Kconfig option and a constant canary value initialized at boot time. Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
author: Nicolas Pitre <nico@fluxnic.net> 2010-05-24 23:55:42 -0400
committer: Nicolas Pitre <nico@fluxnic.net> 2010-06-14 21:31:00 -0400
commit: c743f38013aeff58ef6252601e397b5ba281c633 (patch)
tree: b364e1690aff8a0dd97a83d4cb17bcadcdb5bd19 /arch/arm/Kconfig
parent: cc92c28b2db5b406657ecc05235d4ca4e222ae34 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 1f254bd6c937..f160b93691cd 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -1374,6 +1374,18 @@ config UACCESS_WITH_MEMCPY
 	  However, if the CPU data cache is using a write-allocate mode,
 	  this option is unlikely to provide any performance gain.
 
+config CC_STACKPROTECTOR
+	bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"
+	help
+	  This option turns on the -fstack-protector GCC feature. This
+	  feature puts, at the beginning of functions, a canary value on
+	  the stack just before the return address, and validates
+	  the value just before actually returning.  Stack based buffer
+	  overflows (that need to overwrite this return address) now also
+	  overwrite the canary, which gets detected and the attack is then
+	  neutralized via a kernel panic.
+	  This feature requires gcc version 4.2 or above.
+
 endmenu
 
 menu "Boot options"
author	Nicolas Pitre <nico@fluxnic.net>	2010-05-24 23:55:42 -0400
committer	Nicolas Pitre <nico@fluxnic.net>	2010-06-14 21:31:00 -0400
commit	c743f38013aeff58ef6252601e397b5ba281c633 (patch)
tree	b364e1690aff8a0dd97a83d4cb17bcadcdb5bd19 /arch/arm/Kconfig
parent	cc92c28b2db5b406657ecc05235d4ca4e222ae34 (diff)