Merge git://git.linaro.org/nico/arm_security into devel-stable

author: Russell King <rmk+kernel@arm.linux.org.uk> 2010-06-30 11:00:01 +0100
committer: Russell King <rmk+kernel@arm.linux.org.uk> 2010-06-30 11:00:01 +0100
commit: fc4978b796e5e52ab3a709495a968199afe0a108 (patch)
tree: 102c74707940214f3c9810dadaf62d0d378a7a8c /arch/arm/Kconfig
parent: 3260e5293727f16ffdce9a6a6203fd9a6b149e58 (diff)
parent: df0698be14c6683606d5df2d83e3ae40f85ed0d9 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index c171f35b73a..2244de273d2 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -1375,6 +1375,18 @@ config UACCESS_WITH_MEMCPY
 	  However, if the CPU data cache is using a write-allocate mode,
 	  this option is unlikely to provide any performance gain.
 
+config CC_STACKPROTECTOR
+	bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"
+	help
+	  This option turns on the -fstack-protector GCC feature. This
+	  feature puts, at the beginning of functions, a canary value on
+	  the stack just before the return address, and validates
+	  the value just before actually returning.  Stack based buffer
+	  overflows (that need to overwrite this return address) now also
+	  overwrite the canary, which gets detected and the attack is then
+	  neutralized via a kernel panic.
+	  This feature requires gcc version 4.2 or above.
+
 endmenu
 
 menu "Boot options"
author	Russell King <rmk+kernel@arm.linux.org.uk>	2010-06-30 11:00:01 +0100
committer	Russell King <rmk+kernel@arm.linux.org.uk>	2010-06-30 11:00:01 +0100
commit	fc4978b796e5e52ab3a709495a968199afe0a108 (patch)
tree	102c74707940214f3c9810dadaf62d0d378a7a8c /arch/arm/Kconfig
parent	3260e5293727f16ffdce9a6a6203fd9a6b149e58 (diff)
parent	df0698be14c6683606d5df2d83e3ae40f85ed0d9 (diff)