From 5d920bb929a99446062a48cf90867bbca57b8e77 Mon Sep 17 00:00:00 2001 From: Filippo Arcidiacono Date: Thu, 19 Apr 2012 15:45:57 +0900 Subject: sh: initial stack protector support. This implements basic -fstack-protector support, based on the early ARM version in c743f38013aeff58ef6252601e397b5ba281c633. The SMP case is limited to the initial canary value, while the UP case handles per-task granularity (limited to 32-bit sh until a new enough sh64 compiler manifests itself). Signed-off-by: Filippo Arcidiacono Reviewed-by: Carmelo Amoroso Signed-off-by: Stuart Menefy Signed-off-by: Paul Mundt --- arch/sh/Kconfig | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'arch/sh/Kconfig') diff --git a/arch/sh/Kconfig b/arch/sh/Kconfig index ff9e033..60ed366 100644 --- a/arch/sh/Kconfig +++ b/arch/sh/Kconfig @@ -685,6 +685,20 @@ config SECCOMP If unsure, say N. +config CC_STACKPROTECTOR + bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)" + depends on SUPERH32 && EXPERIMENTAL + help + This option turns on the -fstack-protector GCC feature. This + feature puts, at the beginning of functions, a canary value on + the stack just before the return address, and validates + the value just before actually returning. Stack based buffer + overflows (that need to overwrite this return address) now also + overwrite the canary, which gets detected and the attack is then + neutralized via a kernel panic. + + This feature requires gcc version 4.2 or above. + config SMP bool "Symmetric multi-processing support" depends on SYS_SUPPORTS_SMP -- cgit v1.1