summaryrefslogtreecommitdiffstats
path: root/Makefile
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2021-09-02 12:35:34 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2021-09-02 12:35:34 -0700
commitb55060d796c5300ad7a410cb5faec36582925570 (patch)
tree7711068e1cfdb3cb87541d42678272314bf9e4e1 /Makefile
parentc815f04ba94940fbc303a6ea9669e7da87f8e77d (diff)
parenta8fc576d4af2f23a87a586424252df97f0ad0b06 (diff)
downloadlinux-b55060d796c5300ad7a410cb5faec36582925570.tar.gz
linux-b55060d796c5300ad7a410cb5faec36582925570.tar.bz2
linux-b55060d796c5300ad7a410cb5faec36582925570.zip
Merge tag 'hardening-v5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull hardening updates from Kees Cook: - Expand lib/test_stackinit to include more initialization styles - Improve Kconfig for CLang's auto-var-init feature - Introduce support for GCC's zero-call-used-regs feature * tag 'hardening-v5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: lib/test_stackinit: Add assigned initializers lib/test_stackinit: Allow building stand-alone lib/test_stackinit: Fix static initializer test hardening: Clarify Kconfig text for auto-var-init hardening: Introduce CONFIG_ZERO_CALL_USED_REGS
Diffstat (limited to 'Makefile')
-rw-r--r--Makefile5
1 files changed, 5 insertions, 0 deletions
diff --git a/Makefile b/Makefile
index 61741e9d9c6e..2af6e2f17103 100644
--- a/Makefile
+++ b/Makefile
@@ -841,6 +841,11 @@ endif
# for the randomize_kstack_offset feature. Disable it for all compilers.
KBUILD_CFLAGS += $(call cc-option, -fno-stack-clash-protection)
+# Clear used registers at func exit (to reduce data lifetime and ROP gadgets).
+ifdef CONFIG_ZERO_CALL_USED_REGS
+KBUILD_CFLAGS += -fzero-call-used-regs=used-gpr
+endif
+
DEBUG_CFLAGS :=
# Workaround for GCC versions < 5.0