stackprotector: Unify the HAVE_CC_STACKPROTECTOR logic between architectures

KBUILD_CFLAGS += $(call cc-option,-Wframe-larger-than=${CONFIG_FRAME_WARN})

endif

# Force gcc to behave correct even for buggy distributions

ifndef CONFIG_CC_STACKPROTECTOR

KBUILD_CFLAGS += $(call cc-option, -fno-stack-protector)

# Handle stack protector mode.

ifdef CONFIG_CC_STACKPROTECTOR

  stackp-flag := -fstack-protector

  ifeq ($(call cc-option, $(stackp-flag)),)

    $(warning Cannot use CONFIG_CC_STACKPROTECTOR: \

	      -fstack-protector not supported by compiler))

  endif

else

  # Force off for distro compilers that enable stack protector by default.

  stackp-flag := $(call cc-option, -fno-stack-protector)

endif

KBUILD_CFLAGS += $(stackp-flag)

# This warning generated too much noise in a regular build.

# Use make W=1 to enable this warning (see scripts/Makefile.build)

	  See Documentation/prctl/seccomp_filter.txt for details.

config HAVE_CC_STACKPROTECTOR

	bool

	help

	  An arch should select this symbol if:

	  - its compiler supports the -fstack-protector option

	  - it has implemented a stack canary (e.g. __stack_chk_guard)

config CC_STACKPROTECTOR

	bool "Enable -fstack-protector buffer overflow detection"

	depends on HAVE_CC_STACKPROTECTOR

	help

	  This option turns on the -fstack-protector GCC feature. This

	  feature puts, at the beginning of functions, a canary value on

	  the stack just before the return address, and validates

	  the value just before actually returning.  Stack based buffer

	  overflows (that need to overwrite this return address) now also

	  overwrite the canary, which gets detected and the attack is then

	  neutralized via a kernel panic.

	  This feature requires gcc version 4.2 or above, or a distribution

	  gcc with the feature backported.

config HAVE_CONTEXT_TRACKING

	bool

	help

	select HAVE_BPF_JIT

	select HAVE_CONTEXT_TRACKING

	select HAVE_C_RECORDMCOUNT

	select HAVE_CC_STACKPROTECTOR

	select HAVE_DEBUG_KMEMLEAK

	select HAVE_DMA_API_DEBUG

	select HAVE_DMA_ATTRS

	  and the task is only allowed to execute a few safe syscalls

	  defined by each seccomp mode.

config CC_STACKPROTECTOR

	bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"

	help

	  This option turns on the -fstack-protector GCC feature. This

	  feature puts, at the beginning of functions, a canary value on

	  the stack just before the return address, and validates

	  the value just before actually returning.  Stack based buffer

	  overflows (that need to overwrite this return address) now also

	  overwrite the canary, which gets detected and the attack is then

	  neutralized via a kernel panic.

	  This feature requires gcc version 4.2 or above.

config SWIOTLB

	def_bool y

KBUILD_CFLAGS	+=-fno-omit-frame-pointer -mapcs -mno-sched-prolog

endif

ifeq ($(CONFIG_CC_STACKPROTECTOR),y)

KBUILD_CFLAGS	+=-fstack-protector

endif

ifeq ($(CONFIG_CPU_BIG_ENDIAN),y)

KBUILD_CPPFLAGS	+= -mbig-endian

AS		+= -EB

	select MODULES_USE_ELF_RELA if MODULES && 64BIT

	select CLONE_BACKWARDS

	select HAVE_DEBUG_STACKOVERFLOW

	select HAVE_CC_STACKPROTECTOR

menu "Machine selection"

	  If unsure, say Y. Only embedded should say N here.

config CC_STACKPROTECTOR

	bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"

	help

	  This option turns on the -fstack-protector GCC feature. This

	  feature puts, at the beginning of functions, a canary value on

	  the stack just before the return address, and validates

	  the value just before actually returning.  Stack based buffer

	  overflows (that need to overwrite this return address) now also

	  overwrite the canary, which gets detected and the attack is then

	  neutralized via a kernel panic.

	  This feature requires gcc version 4.2 or above.

config USE_OF

	bool

	select OF