summaryrefslogtreecommitdiff
path: root/arch/x86/Kconfig
diff options
context:
space:
mode:
authorIngo Molnar <mingo@elte.hu>2008-02-14 10:36:03 +0100
committerThomas Gleixner <tglx@linutronix.de>2008-05-26 16:15:32 +0200
commit113c5413cf9051cc50b88befdc42e3402bb92115 (patch)
tree79b93ba5c5309c619b7fbb0341f69cee9fcf8468 /arch/x86/Kconfig
parent960a672bd9f1ec06e8f197cf81a50fd07ea02e7f (diff)
downloadlwn-113c5413cf9051cc50b88befdc42e3402bb92115.tar.gz
lwn-113c5413cf9051cc50b88befdc42e3402bb92115.zip
x86: unify stackprotector features
streamline the stackprotector features under a single option and make the stronger feature the one accessible. Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Diffstat (limited to 'arch/x86/Kconfig')
-rw-r--r--arch/x86/Kconfig22
1 files changed, 9 insertions, 13 deletions
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 83d8392c1334..0cd1695c24fb 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1140,13 +1140,17 @@ config SECCOMP
If unsure, say Y. Only embedded should say N here.
+config CC_STACKPROTECTOR_ALL
+ bool
+
config CC_STACKPROTECTOR
bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"
depends on X86_64
+ select CC_STACKPROTECTOR_ALL
help
- This option turns on the -fstack-protector GCC feature. This
- feature puts, at the beginning of critical functions, a canary
- value on the stack just before the return address, and validates
+ This option turns on the -fstack-protector GCC feature. This
+ feature puts, at the beginning of functions, a canary value on
+ the stack just before the return address, and validates
the value just before actually returning. Stack based buffer
overflows (that need to overwrite this return address) now also
overwrite the canary, which gets detected and the attack is then
@@ -1154,16 +1158,8 @@ config CC_STACKPROTECTOR
This feature requires gcc version 4.2 or above, or a distribution
gcc with the feature backported. Older versions are automatically
- detected and for those versions, this configuration option is ignored.
-
-config CC_STACKPROTECTOR_ALL
- bool "Use stack-protector for all functions"
- depends on CC_STACKPROTECTOR
- default y
- help
- Normally, GCC only inserts the canary value protection for
- functions that use large-ish on-stack buffers. By enabling
- this option, GCC will be asked to do this for ALL functions.
+ detected and for those versions, this configuration option is
+ ignored. (and a warning is printed during bootup)
source kernel/Kconfig.hz