summaryrefslogtreecommitdiff
path: root/arch/Kconfig
diff options
context:
space:
mode:
authorMasahiro Yamada <yamada.masahiro@socionext.com>2018-05-28 18:22:00 +0900
committerMasahiro Yamada <yamada.masahiro@socionext.com>2018-06-08 18:56:00 +0900
commit2a61f4747eeaa85ce26ca9fbd81421b15facd018 (patch)
tree497f971a5b6af6085c8d2349e773045f6a88dcc1 /arch/Kconfig
parent315bab4e972d9795529b764718d475492db40c0f (diff)
downloadlwn-2a61f4747eeaa85ce26ca9fbd81421b15facd018.tar.gz
lwn-2a61f4747eeaa85ce26ca9fbd81421b15facd018.zip
stack-protector: test compiler capability in Kconfig and drop AUTO mode
Move the test for -fstack-protector(-strong) option to Kconfig. If the compiler does not support the option, the corresponding menu is automatically hidden. If STRONG is not supported, it will fall back to REGULAR. If REGULAR is not supported, it will be disabled. This means, AUTO is implicitly handled by the dependency solver of Kconfig, hence removed. I also turned the 'choice' into only two boolean symbols. The use of 'choice' is not a good idea here, because all of all{yes,mod,no}config would choose the first visible value, while we want allnoconfig to disable as many features as possible. X86 has additional shell scripts in case the compiler supports those options, but generates broken code. I added CC_HAS_SANE_STACKPROTECTOR to test this. I had to add -m32 to gcc-x86_32-has-stack-protector.sh to make it work correctly. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Acked-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'arch/Kconfig')
-rw-r--r--arch/Kconfig32
1 files changed, 11 insertions, 21 deletions
diff --git a/arch/Kconfig b/arch/Kconfig
index 8a7f7e1f2ca7..2c7c3cf8adfc 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -536,13 +536,16 @@ config HAVE_CC_STACKPROTECTOR
bool
help
An arch should select this symbol if:
- - its compiler supports the -fstack-protector option
- it has implemented a stack canary (e.g. __stack_chk_guard)
-choice
- prompt "Stack Protector buffer overflow detection"
+config CC_HAS_STACKPROTECTOR_NONE
+ def_bool $(cc-option,-fno-stack-protector)
+
+config CC_STACKPROTECTOR
+ bool "Stack Protector buffer overflow detection"
depends on HAVE_CC_STACKPROTECTOR
- default CC_STACKPROTECTOR_AUTO
+ depends on $(cc-option,-fstack-protector)
+ default y
help
This option turns on the "stack-protector" GCC feature. This
feature puts, at the beginning of functions, a canary value on
@@ -552,14 +555,6 @@ choice
overwrite the canary, which gets detected and the attack is then
neutralized via a kernel panic.
-config CC_STACKPROTECTOR_NONE
- bool "None"
- help
- Disable "stack-protector" GCC feature.
-
-config CC_STACKPROTECTOR_REGULAR
- bool "Regular"
- help
Functions will have the stack-protector canary logic added if they
have an 8-byte or larger character array on the stack.
@@ -571,7 +566,10 @@ config CC_STACKPROTECTOR_REGULAR
by about 0.3%.
config CC_STACKPROTECTOR_STRONG
- bool "Strong"
+ bool "Strong Stack Protector"
+ depends on CC_STACKPROTECTOR
+ depends on $(cc-option,-fstack-protector-strong)
+ default y
help
Functions will have the stack-protector canary logic added in any
of the following conditions:
@@ -589,14 +587,6 @@ config CC_STACKPROTECTOR_STRONG
about 20% of all kernel functions, which increases the kernel code
size by about 2%.
-config CC_STACKPROTECTOR_AUTO
- bool "Automatic"
- help
- If the compiler supports it, the best available stack-protector
- option will be chosen.
-
-endchoice
-
config HAVE_ARCH_WITHIN_STACK_FRAMES
bool
help