Merge branch 'core-stackprotector-for-linus' of git://git.kernel.org/pub/scm/linux...

Pull strong stackprotector support from Ingo Molnar:
 "This tree adds a CONFIG_CC_STACKPROTECTOR_STRONG=y, a new, stronger
  stack canary checking method supported by the newest GCC versions (4.9
  and later).

  Here's the 'intensity comparison' between the various protection
  modes:

      - defconfig
        11430641 kernel text size
        36110 function bodies

      - defconfig + CONFIG_CC_STACKPROTECTOR_REGULAR
        11468490 kernel text size (+0.33%)
        1015 of 36110 functions are stack-protected (2.81%)

      - defconfig + CONFIG_CC_STACKPROTECTOR_STRONG via this patch
        11692790 kernel text size (+2.24%)
        7401 of 36110 functions are stack-protected (20.5%)

  the strong model comes with non-trivial costs, which is why we
  preserved the 'regular' and 'none' models as well"

* 'core-stackprotector-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  stackprotector: Introduce CONFIG_CC_STACKPROTECTOR_STRONG
  stackprotector: Unify the HAVE_CC_STACKPROTECTOR logic between architectures

diff --combined Makefile
index b8b7f74696b4094de39ba65839de236edd5e643e,5271b9623aa38052afa28bc54932afb65070ec95..455fd484b20edb92a0c916c1be3cc7adffc6cfa4
--- 1/Makefile
--- 2/Makefile
+++ b/Makefile
@@@ -1,7 -1,7 +1,7 @@@
  VERSION = 3
  PATCHLEVEL = 13
  SUBLEVEL = 0
 -EXTRAVERSION = -rc4
 +EXTRAVERSION =
  NAME = One Giant Leap for Frogkind
  
  # *DOCUMENTATION*
@@@ -595,10 -595,24 +595,24 @@@ ifneq ($(CONFIG_FRAME_WARN),0
  KBUILD_CFLAGS += $(call cc-option,-Wframe-larger-than=${CONFIG_FRAME_WARN})
  endif
  
- # Force gcc to behave correct even for buggy distributions
- ifndef CONFIG_CC_STACKPROTECTOR
- KBUILD_CFLAGS += $(call cc-option, -fno-stack-protector)
+ # Handle stack protector mode.
+ ifdef CONFIG_CC_STACKPROTECTOR_REGULAR
+   stackp-flag := -fstack-protector
+   ifeq ($(call cc-option, $(stackp-flag)),)
+     $(warning Cannot use CONFIG_CC_STACKPROTECTOR: \
+             -fstack-protector not supported by compiler))
+   endif
+ else ifdef CONFIG_CC_STACKPROTECTOR_STRONG
+   stackp-flag := -fstack-protector-strong
+   ifeq ($(call cc-option, $(stackp-flag)),)
+     $(warning Cannot use CONFIG_CC_STACKPROTECTOR_STRONG: \
+             -fstack-protector-strong not supported by compiler)
+   endif
+ else
+   # Force off for distro compilers that enable stack protector by default.
+   stackp-flag := $(call cc-option, -fno-stack-protector)
  endif
+ KBUILD_CFLAGS += $(stackp-flag)
  
  # This warning generated too much noise in a regular build.
  # Use make W=1 to enable this warning (see scripts/Makefile.build)
@@@ -732,15 -746,19 +746,15 @@@ export mod_strip_cm
  # Select initial ramdisk compression format, default is gzip(1).
  # This shall be used by the dracut(8) tool while creating an initramfs image.
  #
 -INITRD_COMPRESS=gzip
 -ifeq ($(CONFIG_RD_BZIP2), y)
 -        INITRD_COMPRESS=bzip2
 -else ifeq ($(CONFIG_RD_LZMA), y)
 -        INITRD_COMPRESS=lzma
 -else ifeq ($(CONFIG_RD_XZ), y)
 -        INITRD_COMPRESS=xz
 -else ifeq ($(CONFIG_RD_LZO), y)
 -        INITRD_COMPRESS=lzo
 -else ifeq ($(CONFIG_RD_LZ4), y)
 -        INITRD_COMPRESS=lz4
 -endif
 -export INITRD_COMPRESS
 +INITRD_COMPRESS-y                  := gzip
 +INITRD_COMPRESS-$(CONFIG_RD_BZIP2) := bzip2
 +INITRD_COMPRESS-$(CONFIG_RD_LZMA)  := lzma
 +INITRD_COMPRESS-$(CONFIG_RD_XZ)    := xz
 +INITRD_COMPRESS-$(CONFIG_RD_LZO)   := lzo
 +INITRD_COMPRESS-$(CONFIG_RD_LZ4)   := lz4
 +# do not export INITRD_COMPRESS, since we didn't actually
 +# choose a sane default compression above.
 +# export INITRD_COMPRESS := $(INITRD_COMPRESS-y)
  
  ifdef CONFIG_MODULE_SIG_ALL
  MODSECKEY = ./signing_key.priv