On Tue, Nov 24, 2020 at 11:59:39AM -0800, Sami Tolvanen wrote: > The kernel currently uses kmem_cache to allocate shadow call stacks, > which means an overflows may not be immediately detected and can > potentially result in another task's shadow stack to be overwritten. > > This change switches SCS to use virtually mapped shadow stacks for > tasks, which increases shadow stack size to a full page and provides > more robust overflow detection, similarly to VMAP_STACK. > > Signed-off-by: Sami Tolvanen <[email protected]>
Reviewed-by: Kees Cook <[email protected]> -- Kees Cook
