This patch turns on instrumentation to avoid skipping the guard page
in large stack frames.
Without this flag, vulnerabilities can result in where the stack
overlaps with the heap, or thread stacks spill into other regions
of memory.
This flag in only available on x86_64 and aarch64.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
BUILDTARGET="${build_arch}-unknown-linux-gnu"
CROSSTARGET="${build_arch}-cross-linux-gnu"
BUILD_PLATFORM="x86"
- CFLAGS_ARCH="-m64 -mtune=generic"
+ CFLAGS_ARCH="-m64 -mtune=generic -fstack-clash-protection"
;;
i586)
BUILDTARGET="${build_arch}-unknown-linux-gnu"
CROSSTARGET="${build_arch}-cross-linux-gnu"
BUILD_PLATFORM="arm"
- CFLAGS_ARCH=""
+ CFLAGS_ARCH="-fstack-clash-protection"
;;
armv7hl)