p96705831
/
platform_build
forked from openkylin/platform_build
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Enable -fstack-protector-strong for x86-64. 

This results in nearly all functions with the possibility of stack
corruption getting stack canaries, because it applies to any function
taking a reference to the frame or with a local array rather than just
the functions with arrays larger than 8 bytes. It was developed for use
in Chrome (and Chrome OS) and has also been adopted by various other
distributions (Arch, Fedora, Ubuntu, etc).

The code size increase ranges from ~1.5% to ~2.5%, compared to ~0.3% to
~0.7% with the more conservative switch. The increase in the performance
loss is usually minimal. The overall size increase once everything other
than C and C++ code is taken into account is minimal, and it greatly
improves the mitigation of stack buffer overflow vulnerabilities.

https://lwn.net/Articles/584225/

Change-Id: I3ce7a73c5cf36eba5c74df37367f3d3475b0a4ed
This commit is contained in:
Elliott Hughes 2015-12-14 11:16:20 -08:00
parent eca3206abb
commit 5324c3c19f
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/combo/TARGET_linux-x86_64.mk
View File

@ -94,7 +94,7 @@ TARGET_GLOBAL_CFLAGS += \
-fstrict-aliasing \
-funswitch-loops \
-funwind-tables \
-fstack-protector \
-fstack-protector-strong \
-m64 \
-no-canonical-prefixes \
-fno-canonical-system-headers