projects / kconfig-hardened-check.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5d007e6) | patch
Improve the STACKPROTECTOR check
authorAlexander Popov <alex.popov@linux.com>
Thu, 21 Jul 2022 10:09:50 +0000 (13:09 +0300)
committerAlexander Popov <alex.popov@linux.com>
Thu, 21 Jul 2022 10:11:20 +0000 (13:11 +0300)
commit3bdbc3ae2151be51359684bbef358a1e0133861a
tree98dae750e21e3db0e423956a85e1ca9efea4ed00tree | snapshot (zip tar.gz)
parent5d007e67c6db0af09c6cf5a303cfea23e4234403commit | diff
Improve the STACKPROTECTOR check

The Linux kernel 4.16-4.17 has a weird STACKPROTECTOR configuration:
CC_STACKPROTECTOR_NONE -- stackprotector is disabled;
CC_STACKPROTECTOR_REGULAR -- similar to current STACKPROTECTOR;
CC_STACKPROTECTOR_STRONG -- similar to current STACKPROTECTOR_STRONG;
CC_STACKPROTECTOR_AUTO -- the best stack-protector that compiler provides.
These options are mutually exclusive.

Let's improve the STACKPROTECTOR check:
- Add CC_STACKPROTECTOR_REGULAR as a valid alternative name of this option;
- Add CC_STACKPROTECTOR_STRONG to avoid false negative result;
- Add CC_STACKPROTECTOR_AUTO hoping that it enables at least STACKPROTECTOR.

The STACKPROTECTOR_STRONG check still requires explicit configuration, not
CC_STACKPROTECTOR_AUTO.

Thanks to @izh1979 for the idea
kconfig_hardened_check/__init__.py diff | blob | history
kconfig-hardened-check