Commit b62a5c74 authored by Arjan van de Ven's avatar Arjan van de Ven Committed by Andi Kleen
Browse files

[PATCH] Add the Kconfig option for the stackprotector feature

This patch adds the config options for -fstack-protector.
Signed-off-by: default avatarArjan van de Ven <>
Signed-off-by: default avatarIngo Molnar <>
Signed-off-by: default avatarAndi Kleen <>
CC: Andi Kleen <>
parent 29a9af60
......@@ -533,6 +533,30 @@ config SECCOMP
If unsure, say Y. Only embedded should say N here.
bool "Enable -fstack-protector buffer overflow detection (EXPRIMENTAL)"
This option turns on the -fstack-protector GCC feature. This
feature puts, at the beginning of critical functions, a canary
value on the stack just before the return address, and validates
the value just before actually returning. Stack based buffer
overflows (that need to overwrite this return address) now also
overwrite the canary, which gets detected and the attack is then
neutralized via a kernel panic.
This feature requires gcc version 4.2 or above, or a distribution
gcc with the feature backported. Older versions are automatically
detected and for those versions, this configuration option is ignored.
bool "Use stack-protector for all functions"
Normally, GCC only inserts the canary value protection for
functions that use large-ish on-stack buffers. By enabling
this option, GCC will be asked to do this for ALL functions.
source kernel/Kconfig.hz
config REORDER
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment