michaelh/zephyr
1
0
Fork 0
Code Releases Activity

security: Add option for explicit stack canaries

Browse source 
Add option to enable stack canaries only when explicitely
declared. It adds a new function attribute, __stack_protect, that
can be used to enable stack protection in a function.

Signed-off-by: Flavio Ceolin <flavio.ceolin@gmail.com>
This commit is contained in:
Flavio Ceolin 2024-11-25 15:46:26 -08:00 committed by Benjamin Cabé
commit 0236f7c9aa
5 changed files with 18 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
cmake/compiler/gcc/compiler_flags.cmake
View file

@ -169,14 +169,17 @@ set_compiler_property(PROPERTY coverage -fprofile-arcs -ftest-coverage -fno-inli
# Security canaries.
set_compiler_property(PROPERTY security_canaries -fstack-protector-all)
set_compiler_property(PROPERTY security_canaries_strong -fstack-protector-strong)
set_compiler_property(PROPERTY security_canaries_explicit -fstack-protector-explicit)
# Only a valid option with GCC 7.x and above, so let's do check and set.
if(CONFIG_STACK_CANARIES_TLS)
check_set_compiler_property(APPEND PROPERTY security_canaries -mstack-protector-guard=tls)
check_set_compiler_property(APPEND PROPERTY security_canaries_strong -mstack-protector-guard=tls)
check_set_compiler_property(APPEND PROPERTY security_canaries_explicit -mstack-protector-guard=tls)
else()
check_set_compiler_property(APPEND PROPERTY security_canaries -mstack-protector-guard=global)
check_set_compiler_property(APPEND PROPERTY security_canaries_global -mstack-protector-guard=global)
check_set_compiler_property(APPEND PROPERTY security_canaries_explicit -mstack-protector-guard=global)
endif()