Asking all users about the stacksmash command that's just there to test stack guard and protector is unnecessary noise. Likewise asking about PBL stackprotector, when we don't have any. Signed-off-by: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx> --- commands/Kconfig | 1 + lib/Kconfig.hardening | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/commands/Kconfig b/commands/Kconfig index c1bba22443e6..a6806f198ec4 100644 --- a/commands/Kconfig +++ b/commands/Kconfig @@ -2403,6 +2403,7 @@ config CMD_UBSAN config CMD_STACKSMASH tristate "stacksmash" + depends on STACKPROTECTOR || STACK_GUARD_PAGE || COMPILE_TEST help This commands trashes the stack to test stackprotector and guard page. This command does not return. diff --git a/lib/Kconfig.hardening b/lib/Kconfig.hardening index a9d3af110958..f14b256a7d91 100644 --- a/lib/Kconfig.hardening +++ b/lib/Kconfig.hardening @@ -61,7 +61,7 @@ config STACKPROTECTOR_ALL endchoice choice - prompt "Stack Protector buffer overflow detection for PBL" + prompt "Stack Protector buffer overflow detection for PBL" if PBL_IMAGE config PBL_STACKPROTECTOR_NONE bool "None" @@ -69,6 +69,7 @@ config PBL_STACKPROTECTOR_NONE config PBL_STACKPROTECTOR_STRONG bool "Strong" depends on $(cc-option,-fstack-protector-strong) + depends on PBL_IMAGE select STACKPROTECTOR help For PBL, This option turns on the "stack-protector" GCC feature. This @@ -93,7 +94,7 @@ config PBL_STACKPROTECTOR_STRONG config PBL_STACKPROTECTOR_ALL bool "PBL" depends on $(cc-option,-fstack-protector-strong) - depends on COMPILE_TEST + depends on PBL_IMAGE && COMPILE_TEST select STACKPROTECTOR help This pushes and verifies stack protector canaries on all functions, -- 2.39.2
