diff options
author | Michael Olbrich <m.olbrich@pengutronix.de> | 2019-02-21 06:31:35 +0100 |
---|---|---|
committer | Michael Olbrich <m.olbrich@pengutronix.de> | 2019-02-21 15:09:05 +0100 |
commit | 6882ddc29fda973c0245bc148720efd601f40acd (patch) | |
tree | 786a05523403589774dcba68c25dea1867f11b16 /platforms | |
parent | a1908d5b4b86f95f84e189a24487513ca326b6b1 (diff) | |
download | ptxdist-6882ddc29fda973c0245bc148720efd601f40acd.tar.gz ptxdist-6882ddc29fda973c0245bc148720efd601f40acd.tar.xz |
hardening: add option for -fstack-clash-protection
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
Diffstat (limited to 'platforms')
-rw-r--r-- | platforms/toolchain_hardening.in | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/platforms/toolchain_hardening.in b/platforms/toolchain_hardening.in index 291d5a834..0864c6564 100644 --- a/platforms/toolchain_hardening.in +++ b/platforms/toolchain_hardening.in @@ -30,6 +30,16 @@ config TARGET_HARDEN_STACK_ALL endchoice +config TARGET_HARDEN_STACKCLASH + bool + prompt "Stack clash protection (cc -fstack-clash-protection)" + help + Generate code to prevent stack clash style attacks. When this + option is enabled, the compiler will only allocate one page of + stack space at a time and each page is accessed immediately after + allocation. Thus, it prevents allocations from jumping over any + stack guard page provided by the operating system. + config TARGET_HARDEN_FORTIFY bool prompt "Enable glibc protections (cc -D_FORTIFY_SOURCE=2)" |