[PATCH v2 1/2] scs: switch to vmapped shadow stacks
Kees Cook
keescook at chromium.org
Tue Nov 24 17:04:05 EST 2020
On Tue, Nov 24, 2020 at 11:59:39AM -0800, Sami Tolvanen wrote:
> The kernel currently uses kmem_cache to allocate shadow call stacks,
> which means an overflows may not be immediately detected and can
> potentially result in another task's shadow stack to be overwritten.
>
> This change switches SCS to use virtually mapped shadow stacks for
> tasks, which increases shadow stack size to a full page and provides
> more robust overflow detection, similarly to VMAP_STACK.
>
> Signed-off-by: Sami Tolvanen <samitolvanen at google.com>
Reviewed-by: Kees Cook <keescook at chromium.org>
--
Kees Cook
More information about the linux-arm-kernel
mailing list