stack-protector: test compiler capability in Kconfig and drop AUTO mode
Move the test for -fstack-protector(-strong) option to Kconfig.
If the compiler does not support the option, the corresponding menu
is automatically hidden. If STRONG is not supported, it will fall
back to REGULAR. If REGULAR is not supported, it will be disabled.
This means, AUTO is implicitly handled by the dependency solver of
Kconfig, hence removed.
I also turned the 'choice' into only two boolean symbols. The use of
'choice' is not a good idea here, because all of all{yes,mod,no}config
would choose the first visible value, while we want allnoconfig to
disable as many features as possible.
X86 has additional shell scripts in case the compiler supports those
options, but generates broken code. I added CC_HAS_SANE_STACKPROTECTOR
to test this. I had to add -m32 to gcc-x86_32-has-stack-protector.sh
to make it work correctly.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Acked-by: Kees Cook <keescook@chromium.org>
This commit is contained in:
Masahiro Yamada
32
arch/Kconfig
32
arch/Kconfig
@@ -536,13 +536,16 @@ config HAVE_CC_STACKPROTECTOR
|
||||
bool
|
||||
help
|
||||
An arch should select this symbol if:
|
||||
- its compiler supports the -fstack-protector option
|
||||
- it has implemented a stack canary (e.g. __stack_chk_guard)
|
||||
|
||||
choice
|
||||
prompt "Stack Protector buffer overflow detection"
|
||||
config CC_HAS_STACKPROTECTOR_NONE
|
||||
def_bool $(cc-option,-fno-stack-protector)
|
||||
|
||||
config CC_STACKPROTECTOR
|
||||
bool "Stack Protector buffer overflow detection"
|
||||
depends on HAVE_CC_STACKPROTECTOR
|
||||
default CC_STACKPROTECTOR_AUTO
|
||||
depends on $(cc-option,-fstack-protector)
|
||||
default y
|
||||
help
|
||||
This option turns on the "stack-protector" GCC feature. This
|
||||
feature puts, at the beginning of functions, a canary value on
|
||||
@@ -552,14 +555,6 @@ choice
|
||||
overwrite the canary, which gets detected and the attack is then
|
||||
neutralized via a kernel panic.
|
||||
|
||||
config CC_STACKPROTECTOR_NONE
|
||||
bool "None"
|
||||
help
|
||||
Disable "stack-protector" GCC feature.
|
||||
|
||||
config CC_STACKPROTECTOR_REGULAR
|
||||
bool "Regular"
|
||||
help
|
||||
Functions will have the stack-protector canary logic added if they
|
||||
have an 8-byte or larger character array on the stack.
|
||||
|
||||
@@ -571,7 +566,10 @@ config CC_STACKPROTECTOR_REGULAR
|
||||
by about 0.3%.
|
||||
|
||||
config CC_STACKPROTECTOR_STRONG
|
||||
bool "Strong"
|
||||
bool "Strong Stack Protector"
|
||||
depends on CC_STACKPROTECTOR
|
||||
depends on $(cc-option,-fstack-protector-strong)
|
||||
default y
|
||||
help
|
||||
Functions will have the stack-protector canary logic added in any
|
||||
of the following conditions:
|
||||
@@ -589,14 +587,6 @@ config CC_STACKPROTECTOR_STRONG
|
||||
about 20% of all kernel functions, which increases the kernel code
|
||||
size by about 2%.
|
||||
|
||||
config CC_STACKPROTECTOR_AUTO
|
||||
bool "Automatic"
|
||||
help
|
||||
If the compiler supports it, the best available stack-protector
|
||||
option will be chosen.
|
||||
|
||||
endchoice
|
||||
|
||||
config HAVE_ARCH_WITHIN_STACK_FRAMES
|
||||
bool
|
||||
help
|
||||
|
||||
Reference in New Issue
Block a user