summaryrefslogtreecommitdiff
path: root/arch/Kconfig
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2016-07-13 02:19:48 +0300
committerKees Cook <keescook@chromium.org>2016-07-27 00:41:47 +0300
commit0f60a8efe4005ab5e65ce000724b04d4ca04a199 (patch)
treea71bc07c426721394f3156318b2220d8f6299c07 /arch/Kconfig
parent7c15d9bb8231f998ae7dc0b72415f5215459f7fb (diff)
downloadlinux-0f60a8efe4005ab5e65ce000724b04d4ca04a199.tar.xz
mm: Implement stack frame object validation
This creates per-architecture function arch_within_stack_frames() that should validate if a given object is contained by a kernel stack frame. Initial implementation is on x86. This is based on code from PaX. Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'arch/Kconfig')
-rw-r--r--arch/Kconfig9
1 files changed, 9 insertions, 0 deletions
diff --git a/arch/Kconfig b/arch/Kconfig
index 15996290fed4..ef86cded5402 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -424,6 +424,15 @@ config CC_STACKPROTECTOR_STRONG
endchoice
+config HAVE_ARCH_WITHIN_STACK_FRAMES
+ bool
+ help
+ An architecture should select this if it can walk the kernel stack
+ frames to determine if an object is part of either the arguments
+ or local variables (i.e. that it excludes saved return addresses,
+ and similar) by implementing an inline arch_within_stack_frames(),
+ which is used by CONFIG_HARDENED_USERCOPY.
+
config HAVE_CONTEXT_TRACKING
bool
help