Skip to content
Snippets Groups Projects
Commit d4852d10 authored by Jeff Vander Stoep's avatar Jeff Vander Stoep Committed by Thierry Strudel
Browse files

enable fstack-protector-strong 

Enable protection against stack corruption. (most) Functions with the
possibility of stack corruption  are protected with a canary.

With this change, the angler kernel grows from 11072067 to 11279319
an increase of 1.9%. Performance loss is considered minimal. Security
against stack overflow is greatly improved. [1]

This is the improved version of CONFIG_CC_STACKPROTECTOR=y which is
enabled in shamu's kernel.

[1] https://lwn.net/Articles/584225

Bug: 28837708
Change-Id: Ifad485a543768be5722e937069983c10fcb80ee9
parent c45d1ce5
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
arch/arm64/configs/angler_defconfig
+ 4
0
View file @ d4852d10
...@@ -19,6 +19,10 @@ CONFIG_NAMESPACES=y ...@@ -19,6 +19,10 @@ CONFIG_NAMESPACES=y
# CONFIG_PID_NS is not set # CONFIG_PID_NS is not set
CONFIG_BLK_DEV_INITRD=y CONFIG_BLK_DEV_INITRD=y
CONFIG_CC_OPTIMIZE_FOR_SIZE=y CONFIG_CC_OPTIMIZE_FOR_SIZE=y
CONFIG_CC_STACKPROTECTOR=y
# CONFIG_CC_STACKPROTECTOR_NONE is not set
# CONFIG_CC_STACKPROTECTOR_REGULAR is not set
CONFIG_CC_STACKPROTECTOR_STRONG=y
CONFIG_PANIC_TIMEOUT=5 CONFIG_PANIC_TIMEOUT=5
CONFIG_KALLSYMS_ALL=y CONFIG_KALLSYMS_ALL=y
# CONFIG_PCI_QUIRKS is not set # CONFIG_PCI_QUIRKS is not set
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment