michaelh/zephyr
1
0
Fork 0
Code Releases Activity

kernel: canaries: Allow using TLS to store it

Browse source 
Add new option to use thread local storage for stack
canaries. This makes harder to find the canaries location
and value. This is made optional because there is
a performance and size penalty when using it.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This commit is contained in:
Flavio Ceolin 2023-08-01 15:07:57 -07:00 committed by Chris Friedt
commit d16c5b9048
8 changed files with 54 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

7
cmake/compiler/gcc/compiler_flags.cmake
View file

@ -160,7 +160,12 @@ set_compiler_property(PROPERTY coverage -fprofile-arcs -ftest-coverage -fno-inli
set_compiler_property(PROPERTY security_canaries -fstack-protector-all)
# Only a valid option with GCC 7.x and above, so let's do check and set.
check_set_compiler_property(APPEND PROPERTY security_canaries -mstack-protector-guard=global)
if(CONFIG_STACK_CANARIES_TLS)
check_set_compiler_property(APPEND PROPERTY security_canaries -mstack-protector-guard=tls)
else()
check_set_compiler_property(APPEND PROPERTY security_canaries -mstack-protector-guard=global)
endif()
if(NOT CONFIG_NO_OPTIMIZATIONS)
# _FORTIFY_SOURCE: Detect common-case buffer overflows for certain functions