[PATCH 1/2] scs: switch to vmapped shadow stacks
Kees Cook
keescook at chromium.org
Thu Oct 22 18:38:41 EDT 2020
On Thu, Oct 22, 2020 at 01:23:54PM -0700, Sami Tolvanen wrote:
> The kernel currently uses kmem_cache to allocate shadow call stacks,
> which means an overflow may not be immediately detected and can
> potentially result in another task's shadow stack to be overwritten.
>
> This change switches SCS to use virtually mapped shadow stacks,
> which increases shadow stack size to a full page and provides more
> robust overflow detection similarly to VMAP_STACK.
>
> Signed-off-by: Sami Tolvanen <samitolvanen at google.com>
Thanks! I much prefer this to kmem. :)
Reviewed-by: Kees Cook <keescook at chromium.org>
--
Kees Cook
More information about the linux-arm-kernel
mailing list