[PATCH 1/2] hardening: make stack guard page the default
Ahmad Fatoum
a.fatoum at pengutronix.de
Wed Jul 9 03:18:47 PDT 2025
We have had guard page support for close to two years now and it's time
we start enabling it by default to catch stack overflows.
Signed-off-by: Ahmad Fatoum <a.fatoum at pengutronix.de>
---
lib/Kconfig.hardening | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/Kconfig.hardening b/lib/Kconfig.hardening
index 658de4953aa1..53bf4d5bb956 100644
--- a/lib/Kconfig.hardening
+++ b/lib/Kconfig.hardening
@@ -153,6 +153,7 @@ config FORTIFY_SOURCE
config STACK_GUARD_PAGE
bool "Place guard page to catch stack overflows"
depends on ARM && MMU
+ default y
help
When enabled, barebox places a faulting guard page to catch total
stack usage exceeding CONFIG_STACK_SIZE. On overflows, that hit
--
2.39.5
More information about the barebox
mailing list