Mirrors_Framework/nuttx
1
0
Fork 0
mirror of https://github.com/apache/nuttx.git synced 2026-05-23 14:58:13 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Kconfig: Add configurable Stack Canaries protection levels.

Browse Source 
Introduce a configurable stack-protection level for the existing
CONFIG_STACK_CANARIES, instead of hard-coding -fstack-protector-all.
Add Kconfig choice STACK_CANARIES_LEVEL four selectable levels:

 -fstack-protector
 -fstack-protector-strong
 -fstack-protector-all (default)
 -fstack-protector-explicit

Signed-off-by: nuttxs <zhaoqing.zhang@sony.com>
This commit is contained in:
nuttxs
2025-09-10 18:28:33 +08:00
committed by Xiang Xiao
parent 092d7eac73
commit a5b810bdb1
20 changed files with 59 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Kconfig
+40
View File
@@ -2469,6 +2469,46 @@ config STACK_CANARIES
Enabling this option can result in a significant increase
in footprint and an associated decrease in performance.
choice STACK_CANARIES_LEVEL
prompt "Stack Canaries Level Configuration"
default STACK_PROTECTOR_ALL
depends on STACK_CANARIES
---help---
Based on the configuration options, configure the stack Canaries Level.
config STACK_PROTECTOR
bool "-fstack-protector"
---help---
Enable basic stack protection.
config STACK_PROTECTOR_STRONG
bool "-fstack-protector-strong"
---help---
Using stronger stack protection mechanisms may involve more complex
security checks.
config STACK_PROTECTOR_ALL
bool "-fstack-protector-all"
---help---
Enable stack protection for all functions, including those that are
typically not protected.
config STACK_PROTECTOR_EXPLICIT
bool "-fstack-protector-explicit"
---help---
Enable stack protection only for functions explicitly marked as
requiring stack protection.
endchoice # Stack Canaries Level Configuration
config STACK_CANARIES_LEVEL
string
default "-fstack-protector" if STACK_PROTECTOR
default "-fstack-protector-strong" if STACK_PROTECTOR_STRONG
default "-fstack-protector-all" if STACK_PROTECTOR_ALL
default "-fstack-protector-explicit" if STACK_PROTECTOR_EXPLICIT
depends on STACK_CANARIES
config STACK_USAGE
bool "Generate stack usage information"
---help---
arch/arm/src/cmake/armclang.cmake
+1 -1
View File
@@ -107,7 +107,7 @@ else()
endif()
if(CONFIG_STACK_CANARIES)
add_compile_options(-fstack-protector-all)
add_compile_options(${CONFIG_STACK_CANARIES_LEVEL})
endif()
if(CONFIG_STACK_USAGE)
arch/arm/src/cmake/clang.cmake
+1 -1
View File
@@ -111,7 +111,7 @@ else()
endif()
if(CONFIG_STACK_CANARIES)
add_compile_options(-fstack-protector-all)
add_compile_options(${CONFIG_STACK_CANARIES_LEVEL})
endif()
if(CONFIG_STACK_USAGE)
arch/arm/src/cmake/gcc.cmake
+1 -1
View File
@@ -126,7 +126,7 @@ else()
endif()
if(CONFIG_STACK_CANARIES)
add_compile_options(-fstack-protector-all)
add_compile_options(${CONFIG_STACK_CANARIES_LEVEL})
endif()
if(CONFIG_STACK_USAGE)
arch/arm/src/cmake/ghs.cmake
+1 -1
View File
@@ -79,7 +79,7 @@ else()
endif()
if(CONFIG_STACK_CANARIES)
add_compile_options(-fstack-protector-all)
add_compile_options(${CONFIG_STACK_CANARIES_LEVEL})
endif()
if(CONFIG_STACK_USAGE)
arch/arm/src/common/Toolchain.defs
+1 -1
View File
@@ -63,7 +63,7 @@ else
endif
ifeq ($(CONFIG_STACK_CANARIES),y)
ARCHOPTIMIZATION += -fstack-protector-all
ARCHOPTIMIZATION += $(patsubst "%",%,$(CONFIG_STACK_CANARIES_LEVEL))
endif
ifeq ($(CONFIG_STACK_USAGE),y)
arch/arm64/src/Toolchain.defs
+1 -1
View File
@@ -81,7 +81,7 @@ else
endif
ifeq ($(CONFIG_STACK_CANARIES),y)
ARCHOPTIMIZATION += -fstack-protector-all
ARCHOPTIMIZATION += $(patsubst "%",%,$(CONFIG_STACK_CANARIES_LEVEL))
endif
ifeq ($(CONFIG_STACK_USAGE),y)
arch/arm64/src/cmake/clang.cmake
+1 -1
View File
@@ -57,7 +57,7 @@ else()
endif()
if(CONFIG_STACK_CANARIES)
add_compile_options(-fstack-protector-all)
add_compile_options(${CONFIG_STACK_CANARIES_LEVEL})
endif()
if(CONFIG_STACK_USAGE)
arch/arm64/src/cmake/gcc.cmake
+1 -1
View File
@@ -83,7 +83,7 @@ else()
endif()
if(CONFIG_STACK_CANARIES)
add_compile_options(-fstack-protector-all)
add_compile_options(${CONFIG_STACK_CANARIES_LEVEL})
endif()
if(CONFIG_STACK_USAGE)
arch/risc-v/src/cmake/Toolchain.cmake
+1 -1
View File
@@ -156,7 +156,7 @@ else()
endif()
if(CONFIG_STACK_CANARIES)
add_compile_options(-fstack-protector-all)
add_compile_options(${CONFIG_STACK_CANARIES_LEVEL})
endif()
if(CONFIG_STACK_USAGE)
arch/risc-v/src/common/Toolchain.defs
+1 -1
View File
@@ -72,7 +72,7 @@ else
endif
ifeq ($(CONFIG_STACK_CANARIES),y)
ARCHOPTIMIZATION += -fstack-protector-all
ARCHOPTIMIZATION += $(patsubst "%",%,$(CONFIG_STACK_CANARIES_LEVEL))
endif
ifeq ($(CONFIG_STACK_USAGE),y)
arch/sim/src/cmake/Toolchain.cmake
+1 -1
View File
@@ -103,7 +103,7 @@ else()
endif()
if(CONFIG_STACK_CANARIES)
add_compile_options(-fstack-protector-all)
add_compile_options(${CONFIG_STACK_CANARIES_LEVEL})
endif()
if(CONFIG_STACK_USAGE)
arch/tricore/src/cmake/ToolchainGnuc.cmake
+1 -1
View File
@@ -83,7 +83,7 @@ else()
endif()
if(CONFIG_STACK_CANARIES)
add_compile_options(-fstack-protector-all)
add_compile_options(${CONFIG_STACK_CANARIES_LEVEL})
endif()
if(CONFIG_COVERAGE_ALL)
arch/tricore/src/common/ToolchainGnuc.defs
+1 -1
View File
@@ -49,7 +49,7 @@ else
endif
ifeq ($(CONFIG_STACK_CANARIES),y)
ARCHOPTIMIZATION += -fstack-protector-all
ARCHOPTIMIZATION += $(patsubst "%",%,$(CONFIG_STACK_CANARIES_LEVEL))
endif
ifeq ($(CONFIG_STACK_USAGE),y)
arch/x86_64/src/cmake/Toolchain.cmake
+1 -1
View File
@@ -62,7 +62,7 @@ if(CONFIG_FRAME_POINTER)
endif()
if(CONFIG_STACK_CANARIES)
add_compile_options(-fstack-protector-all)
add_compile_options(${CONFIG_STACK_CANARIES_LEVEL})
else()
add_compile_options(-fno-stack-protector)
endif()
arch/x86_64/src/common/Toolchain.defs
+1 -1
View File
@@ -91,7 +91,7 @@ ifneq ($(CONFIG_CXX_STANDARD),)
endif
ifeq ($(CONFIG_STACK_CANARIES),y)
ARCHOPTIMIZATION += -fstack-protector-all
ARCHOPTIMIZATION += $(patsubst "%",%,$(CONFIG_STACK_CANARIES_LEVEL))
else
ARCHOPTIMIZATION += -fno-stack-protector
endif
arch/xtensa/src/cmake/Toolchain.cmake
+1 -1
View File
@@ -146,7 +146,7 @@ else()
endif()
if(CONFIG_STACK_CANARIES)
add_compile_options(-fstack-protector-all)
add_compile_options(${CONFIG_STACK_CANARIES_LEVEL})
endif()
if(CONFIG_STACK_USAGE)
arch/xtensa/src/lx6/Toolchain.defs
+1 -1
View File
@@ -96,7 +96,7 @@ else
endif
ifeq ($(CONFIG_STACK_CANARIES),y)
ARCHOPTIMIZATION += -fstack-protector-all
ARCHOPTIMIZATION += $(patsubst "%",%,$(CONFIG_STACK_CANARIES_LEVEL))
endif
ifeq ($(CONFIG_STACK_USAGE),y)
arch/xtensa/src/lx7/Toolchain.defs
+1 -1
View File
@@ -100,7 +100,7 @@ else
endif
ifeq ($(CONFIG_STACK_CANARIES),y)
ARCHOPTIMIZATION += -fstack-protector-all
ARCHOPTIMIZATION += $(patsubst "%",%,$(CONFIG_STACK_CANARIES_LEVEL))
endif
ifeq ($(CONFIG_STACK_USAGE),y)
boards/sim/sim/sim/scripts/Make.defs
+1 -1
View File
@@ -63,7 +63,7 @@ else
endif
ifeq ($(CONFIG_STACK_CANARIES),y)
ARCHOPTIMIZATION += -fstack-protector-all
ARCHOPTIMIZATION += $(patsubst "%",%,$(CONFIG_STACK_CANARIES_LEVEL))
endif
ifeq ($(CONFIG_STACK_USAGE),y)