summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorElliott Hughes <enh@google.com>2015-12-14 19:17:08 (GMT)
committerDenis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>2020-01-02 17:17:57 (GMT)
commit7ce9e164fce2d0c5a7914f6e88299a9aa96bd2c3 (patch)
treedc6331ad2777a6e3f07b92458384313a1aff8028
parent80914ab63c00080b0b4b9ba54f072c261f86153d (diff)
downloadbuild-7ce9e164fce2d0c5a7914f6e88299a9aa96bd2c3.zip
build-7ce9e164fce2d0c5a7914f6e88299a9aa96bd2c3.tar.gz
build-7ce9e164fce2d0c5a7914f6e88299a9aa96bd2c3.tar.bz2
Enable -fstack-protector-strong for arm.
This results in nearly all functions with the possibility of stack corruption getting stack canaries, because it applies to any function taking a reference to the frame or with a local array rather than just the functions with arrays larger than 8 bytes. It was developed for use in Chrome (and Chrome OS) and has also been adopted by various other distributions (Arch, Fedora, Ubuntu, etc). The code size increase ranges from ~1.5% to ~2.5%, compared to ~0.3% to ~0.7% with the more conservative switch. The increase in the performance loss is usually minimal. The overall size increase once everything other than C and C++ code is taken into account is minimal, and it greatly improves the mitigation of stack buffer overflow vulnerabilities. https://lwn.net/Articles/584225/ Change-Id: Iccc20852db8a5e4dd9792f9da6d5e325fc59b0a5
-rw-r--r--core/combo/TARGET_linux-arm.mk2
1 files changed, 1 insertions, 1 deletions
diff --git a/core/combo/TARGET_linux-arm.mk b/core/combo/TARGET_linux-arm.mk
index 5020865..79aace8 100644
--- a/core/combo/TARGET_linux-arm.mk
+++ b/core/combo/TARGET_linux-arm.mk
@@ -100,7 +100,7 @@ $(combo_2nd_arch_prefix)TARGET_GLOBAL_CFLAGS += \
-ffunction-sections \
-fdata-sections \
-funwind-tables \
- -fstack-protector \
+ -fstack-protector-strong \
-Wa,--noexecstack \
-Werror=format-security \
-D_FORTIFY_SOURCE=2 \