diff options
| author | Elliott Hughes <enh@google.com> | 2015-12-14 11:17:08 -0800 |
|---|---|---|
| committer | Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> | 2020-01-02 18:17:57 +0100 |
| commit | 7ce9e164fce2d0c5a7914f6e88299a9aa96bd2c3 (patch) | |
| tree | dc6331ad2777a6e3f07b92458384313a1aff8028 | |
| parent | 80914ab63c00080b0b4b9ba54f072c261f86153d (diff) | |
| download | build-7ce9e164fce2d0c5a7914f6e88299a9aa96bd2c3.tar.gz build-7ce9e164fce2d0c5a7914f6e88299a9aa96bd2c3.tar.bz2 build-7ce9e164fce2d0c5a7914f6e88299a9aa96bd2c3.zip | |
Enable -fstack-protector-strong for arm.
This results in nearly all functions with the possibility of stack
corruption getting stack canaries, because it applies to any function
taking a reference to the frame or with a local array rather than just
the functions with arrays larger than 8 bytes. It was developed for use
in Chrome (and Chrome OS) and has also been adopted by various other
distributions (Arch, Fedora, Ubuntu, etc).
The code size increase ranges from ~1.5% to ~2.5%, compared to ~0.3% to
~0.7% with the more conservative switch. The increase in the performance
loss is usually minimal. The overall size increase once everything other
than C and C++ code is taken into account is minimal, and it greatly
improves the mitigation of stack buffer overflow vulnerabilities.
https://lwn.net/Articles/584225/
Change-Id: Iccc20852db8a5e4dd9792f9da6d5e325fc59b0a5
| -rw-r--r-- | core/combo/TARGET_linux-arm.mk | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/core/combo/TARGET_linux-arm.mk b/core/combo/TARGET_linux-arm.mk index 5020865ea..79aace898 100644 --- a/core/combo/TARGET_linux-arm.mk +++ b/core/combo/TARGET_linux-arm.mk @@ -100,7 +100,7 @@ $(combo_2nd_arch_prefix)TARGET_GLOBAL_CFLAGS += \ -ffunction-sections \ -fdata-sections \ -funwind-tables \ - -fstack-protector \ + -fstack-protector-strong \ -Wa,--noexecstack \ -Werror=format-security \ -D_FORTIFY_SOURCE=2 \ |