From 47f497cfdd9de61bcb42d80a392ff91e0556f83e Mon Sep 17 00:00:00 2001
From: Roland Hieber <rhi@pengutronix.de>
Date: Mon, 11 Mar 2019 00:40:41 +0100
Subject: v7a: enable gcc stack clash protection

This setting was introduced in PTXdist 2019.03.0:

    Generate code to prevent stack clash style attacks. When this
    option is enabled, the compiler will only allocate one page of
    stack space at a time and each page is accessed immediately after
    allocation. Thus, it prevents allocations from jumping over any
    stack guard page provided by the operating system.

Make use of it to get more secure binaries with gcc-8's new
-fstack-clash-protection option.

Signed-off-by: Roland Hieber <rhi@pengutronix.de>
---
 configs/platform-v7a/platformconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'configs')

diff --git a/configs/platform-v7a/platformconfig b/configs/platform-v7a/platformconfig
index a2a5c8b..ed852e4 100644
--- a/configs/platform-v7a/platformconfig
+++ b/configs/platform-v7a/platformconfig
@@ -80,7 +80,7 @@ PTXCONF_COMPILER_PREFIX_BOOTLOADER="${PTXCONF_COMPILER_PREFIX}"
 PTXCONF_TARGET_HARDEN_STACK=y
 # PTXCONF_TARGET_HARDEN_STACK_STRONG is not set
 # PTXCONF_TARGET_HARDEN_STACK_ALL is not set
-# PTXCONF_TARGET_HARDEN_STACKCLASH is not set
+PTXCONF_TARGET_HARDEN_STACKCLASH=y
 PTXCONF_TARGET_HARDEN_FORTIFY=y
 PTXCONF_TARGET_HARDEN_RELRO=y
 PTXCONF_TARGET_HARDEN_BINDNOW=y
-- 
cgit v1.2.3