diff options
| author | Kees Cook <keescook@chromium.org> | 2016-07-12 19:19:48 -0400 |
|---|---|---|
| committer | Kees Cook <keescook@chromium.org> | 2016-07-26 17:41:47 -0400 |
| commit | 0f60a8efe4005ab5e65ce000724b04d4ca04a199 (patch) | |
| tree | a71bc07c426721394f3156318b2220d8f6299c07 /arch/Kconfig | |
| parent | 7c15d9bb8231f998ae7dc0b72415f5215459f7fb (diff) | |
mm: Implement stack frame object validation
This creates per-architecture function arch_within_stack_frames() that
should validate if a given object is contained by a kernel stack frame.
Initial implementation is on x86.
This is based on code from PaX.
Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'arch/Kconfig')
| -rw-r--r-- | arch/Kconfig | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/arch/Kconfig b/arch/Kconfig index 15996290fed4..ef86cded5402 100644 --- a/arch/Kconfig +++ b/arch/Kconfig | |||
| @@ -424,6 +424,15 @@ config CC_STACKPROTECTOR_STRONG | |||
| 424 | 424 | ||
| 425 | endchoice | 425 | endchoice |
| 426 | 426 | ||
| 427 | config HAVE_ARCH_WITHIN_STACK_FRAMES | ||
| 428 | bool | ||
| 429 | help | ||
| 430 | An architecture should select this if it can walk the kernel stack | ||
| 431 | frames to determine if an object is part of either the arguments | ||
| 432 | or local variables (i.e. that it excludes saved return addresses, | ||
| 433 | and similar) by implementing an inline arch_within_stack_frames(), | ||
| 434 | which is used by CONFIG_HARDENED_USERCOPY. | ||
| 435 | |||
| 427 | config HAVE_CONTEXT_TRACKING | 436 | config HAVE_CONTEXT_TRACKING |
| 428 | bool | 437 | bool |
| 429 | help | 438 | help |