hardening: add option for -fstack-clash-protection

Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
author: Michael Olbrich <m.olbrich@pengutronix.de> 2019-02-21 06:31:35 +0100
committer: Michael Olbrich <m.olbrich@pengutronix.de> 2019-02-21 15:09:05 +0100
commit: 6882ddc29fda973c0245bc148720efd601f40acd (patch)
tree: 786a05523403589774dcba68c25dea1867f11b16 /platforms
parent: a1908d5b4b86f95f84e189a24487513ca326b6b1 (diff)
download: ptxdist-6882ddc29fda973c0245bc148720efd601f40acd.tar.gz
ptxdist-6882ddc29fda973c0245bc148720efd601f40acd.tar.xz
1 files changed, 10 insertions, 0 deletions
diff --git a/platforms/toolchain_hardening.in b/platforms/toolchain_hardening.in
index 291d5a834..0864c6564 100644
--- a/platforms/toolchain_hardening.in
+++ b/platforms/toolchain_hardening.in
@@ -30,6 +30,16 @@ config TARGET_HARDEN_STACK_ALL
 
 endchoice
 
+config TARGET_HARDEN_STACKCLASH
+	bool
+	prompt "Stack clash protection (cc -fstack-clash-protection)"
+	help
+	  Generate code to prevent stack clash style attacks. When this
+	  option is enabled, the compiler will only allocate one page of
+	  stack space at a time and each page is accessed immediately after
+	  allocation. Thus, it prevents allocations from jumping over any
+	  stack guard page provided by the operating system.
+
 config TARGET_HARDEN_FORTIFY
 	bool
 	prompt "Enable glibc protections (cc -D_FORTIFY_SOURCE=2)"
author	Michael Olbrich <m.olbrich@pengutronix.de>	2019-02-21 06:31:35 +0100
committer	Michael Olbrich <m.olbrich@pengutronix.de>	2019-02-21 15:09:05 +0100
commit	6882ddc29fda973c0245bc148720efd601f40acd (patch)
tree	786a05523403589774dcba68c25dea1867f11b16 /platforms
parent	a1908d5b4b86f95f84e189a24487513ca326b6b1 (diff)
download	ptxdist-6882ddc29fda973c0245bc148720efd601f40acd.tar.gz ptxdist-6882ddc29fda973c0245bc148720efd601f40acd.tar.xz