The patch titled
-fstack-protector feature: Add the Kconfig option
has been added to the -mm tree. Its filename is
fstack-protector-feature-add-the-kconfig-option.patch
See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this
------------------------------------------------------
Subject: -fstack-protector feature: Add the Kconfig option
From: Arjan van de Ven <arjan@xxxxxxxxxxxxxxx>
This patch adds the config options for -fstack-protector.
Signed-off-by: Arjan van de Ven <arjan@xxxxxxxxxxxxxxx>
Signed-off-by: Ingo Molnar <mingo@xxxxxxx>
Cc: Andi Kleen <ak@xxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---
arch/x86_64/Kconfig | 24 ++++++++++++++++++++++++
1 files changed, 24 insertions(+)
diff -puN arch/x86_64/Kconfig~fstack-protector-feature-add-the-kconfig-option arch/x86_64/Kconfig
--- a/arch/x86_64/Kconfig~fstack-protector-feature-add-the-kconfig-option
+++ a/arch/x86_64/Kconfig
@@ -529,6 +529,30 @@ config SECCOMP
If unsure, say Y. Only embedded should say N here.
+config CC_STACKPROTECTOR
+ bool "Enable -fstack-protector buffer overflow detection (EXPRIMENTAL)"
+ depends on EXPERIMENTAL
+ help
+ This option turns on the -fstack-protector GCC feature. This
+ feature puts, at the beginning of critical functions, a canary
+ value on the stack just before the return address, and validates
+ the value just before actually returning. Stack based buffer
+ overflows (that need to overwrite this return address) now also
+ overwrite the canary, which gets detected and the attack is then
+ neutralized via a kernel panic.
+
+ This feature requires gcc version 4.2 or above, or a distribution
+ gcc with the feature backported. Older versions are automatically
+ detected and for those versions, this configuration option is ignored.
+
+config CC_STACKPROTECTOR_ALL
+ bool "Use stack-protector for all functions"
+ depends on CC_STACKPROTECTOR
+ help
+ Normally, GCC only inserts the canary value protection for
+ functions that use large-ish on-stack buffers. By enabling
+ this option, GCC will be asked to do this for ALL functions.
+
source kernel/Kconfig.hz
config REORDER
_
Patches currently in -mm which might be from arjan@xxxxxxxxxxxxxxx are
git-netdev-all.patch
lockdep-fix-sk_dst_check-deadlock.patch
fstack-protector-feature-annotate-the-pda-offsets.patch
fstack-protector-feature-add-the-kconfig-option.patch
fstack-protector-feature-add-the-canary-field-to-the.patch
fstack-protector-feature-add-the-__stack_chk_fail.patch
fstack-protector-feature-enable-the-compiler-flags.patch
slab-fix-lockdep-warnings.patch
slab-fix-lockdep-warnings-fix.patch
slab-fix-lockdep-warnings-fix-2.patch
sleazy-fpu-feature-i386-support.patch
make-prot_write-imply-prot_read.patch
lockdep-dont-pull-in-includes-when-lockdep-disabled.patch
lockdep-print-kernel-version.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
