From d4852d10bb8a91fd513c0337bbfd71921decf0c2 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Fri, 20 May 2016 22:38:46 -0700
Subject: [PATCH] enable fstack-protector-strong

Enable protection against stack corruption. (most) Functions with the
possibility of stack corruption  are protected with a canary.

With this change, the angler kernel grows from 11072067 to 11279319
an increase of 1.9%. Performance loss is considered minimal. Security
against stack overflow is greatly improved. [1]

This is the improved version of CONFIG_CC_STACKPROTECTOR=y which is
enabled in shamu's kernel.

[1] https://lwn.net/Articles/584225

Bug: 28837708
Change-Id: Ifad485a543768be5722e937069983c10fcb80ee9
---
 arch/arm64/configs/angler_defconfig | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/arch/arm64/configs/angler_defconfig b/arch/arm64/configs/angler_defconfig
index 1c9335901d39..008533b4ca86 100644
--- a/arch/arm64/configs/angler_defconfig
+++ b/arch/arm64/configs/angler_defconfig
@@ -19,6 +19,10 @@ CONFIG_NAMESPACES=y
 # CONFIG_PID_NS is not set
 CONFIG_BLK_DEV_INITRD=y
 CONFIG_CC_OPTIMIZE_FOR_SIZE=y
+CONFIG_CC_STACKPROTECTOR=y
+# CONFIG_CC_STACKPROTECTOR_NONE is not set
+# CONFIG_CC_STACKPROTECTOR_REGULAR is not set
+CONFIG_CC_STACKPROTECTOR_STRONG=y
 CONFIG_PANIC_TIMEOUT=5
 CONFIG_KALLSYMS_ALL=y
 # CONFIG_PCI_QUIRKS is not set
-- 
GitLab