From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <distrokit-bounces@pengutronix.de>
From: Oleksij Rempel <o.rempel@pengutronix.de>
Date: Fri, 24 Apr 2020 09:08:53 +0200
Message-Id: <20200424070853.20792-13-o.rempel@pengutronix.de>
In-Reply-To: <20200424070853.20792-1-o.rempel@pengutronix.de>
References: <20200424070853.20792-1-o.rempel@pengutronix.de>
MIME-Version: 1.0
Subject: [DistroKit] [PATCH v2 13/13] MIPS: enable HARDEN_STACKCLASH
List-Id: DistroKit Mailinglist <distrokit.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/distrokit>, 
 <mailto:distrokit-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/cgi-bin/mailman/private/distrokit/>
List-Post: <mailto:distrokit@pengutronix.de>
List-Help: <mailto:distrokit-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/distrokit>, 
 <mailto:distrokit-request@pengutronix.de?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: distrokit-bounces@pengutronix.de
Sender: "DistroKit" <distrokit-bounces@pengutronix.de>
To: distrokit@pengutronix.de
Cc: Oleksij Rempel <o.rempel@pengutronix.de>

Generate code to prevent stack clash style attacks. When this option is
enabled, the compiler will only allocate one page of stack space at a
time and each page is accessed immediately after allocation. Thus, it
prevents allocations from jumping over any stack guard page provided by
the operating system.

Most targets do not fully support stack clash protection. However, on
those targets -fstack-clash-protection will protect dynamic stack
allocations. -fstack-clash-protection may also provide limited
protection for static stack allocations if the target supports
-fstack-check=specific.

Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
---
 configs/platform-mips/platformconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configs/platform-mips/platformconfig b/configs/platform-mips/platformconfig
index 47c9cd2..5f1202b 100644
--- a/configs/platform-mips/platformconfig
+++ b/configs/platform-mips/platformconfig
@@ -77,7 +77,7 @@ PTXCONF_COMPILER_PREFIX_BOOTLOADER="${PTXCONF_COMPILER_PREFIX}"
 # PTXCONF_TARGET_HARDEN_STACK is not set
 # PTXCONF_TARGET_HARDEN_STACK_STRONG is not set
 PTXCONF_TARGET_HARDEN_STACK_ALL=y
-# PTXCONF_TARGET_HARDEN_STACKCLASH is not set
+PTXCONF_TARGET_HARDEN_STACKCLASH=y
 PTXCONF_TARGET_HARDEN_FORTIFY=y
 PTXCONF_TARGET_HARDEN_RELRO=y
 PTXCONF_TARGET_HARDEN_BINDNOW=y
-- 
2.26.1


_______________________________________________
DistroKit mailing list
DistroKit@pengutronix.de