Commit 69d66beb by Elliott Hughes Committed by Wolfgang Wiedmeyer

Enable -fstack-protector-strong for arm.

This results in nearly all functions with the possibility of stack
corruption getting stack canaries, because it applies to any function
taking a reference to the frame or with a local array rather than just
the functions with arrays larger than 8 bytes. It was developed for use
in Chrome (and Chrome OS) and has also been adopted by various other
distributions (Arch, Fedora, Ubuntu, etc).

The code size increase ranges from ~1.5% to ~2.5%, compared to ~0.3% to
~0.7% with the more conservative switch. The increase in the performance
loss is usually minimal. The overall size increase once everything other
than C and C++ code is taken into account is minimal, and it greatly
improves the mitigation of stack buffer overflow vulnerabilities.

https://lwn.net/Articles/584225/

Change-Id: Iccc20852db8a5e4dd9792f9da6d5e325fc59b0a5
1 parent 3461bf40
......@@ -100,7 +100,7 @@ $(combo_2nd_arch_prefix)TARGET_GLOBAL_CFLAGS += \
-ffunction-sections \
-fdata-sections \
-funwind-tables \
-fstack-protector \
-fstack-protector-strong \
-Wa,--noexecstack \
-Werror=format-security \
-D_FORTIFY_SOURCE=2 \
......
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!