michaelh/zephyr
1
0
Fork 0
Code Releases Activity

security: Additional option for stack canaries

Browse source 
Previously, when stack canaries were enabled, Zephyr applied this
protection to all functions. This commit introduces a new option that
allows stack canary protection to be applied selectively to specific
functions based on certain criteria.

Signed-off-by: Flavio Ceolin <flavio.ceolin@gmail.com>
This commit is contained in:
Flavio Ceolin 2024-11-25 13:58:40 -08:00 committed by Benjamin Cabé
commit 82ace41da4
9 changed files with 47 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

3
cmake/compiler/gcc/compiler_flags.cmake
View file

@ -168,12 +168,15 @@ set_compiler_property(PROPERTY coverage -fprofile-arcs -ftest-coverage -fno-inli
# Security canaries.
set_compiler_property(PROPERTY security_canaries -fstack-protector-all)
set_compiler_property(PROPERTY security_canaries_strong -fstack-protector-strong)
# Only a valid option with GCC 7.x and above, so let's do check and set.
if(CONFIG_STACK_CANARIES_TLS)
check_set_compiler_property(APPEND PROPERTY security_canaries -mstack-protector-guard=tls)
check_set_compiler_property(APPEND PROPERTY security_canaries_strong -mstack-protector-guard=tls)
else()
check_set_compiler_property(APPEND PROPERTY security_canaries -mstack-protector-guard=global)
check_set_compiler_property(APPEND PROPERTY security_canaries_global -mstack-protector-guard=global)
endif()