On Tue, Feb 18, 2020 at 8:20 PM Randy Dunlap <rdunlap@xxxxxxxxxxxxx> wrote: > > Hi Sami, > > a couple of minor tweaks: > > On 2/18/20 4:08 PM, Sami Tolvanen wrote: > > diff --git a/arch/Kconfig b/arch/Kconfig > > index 98de654b79b3..66b34fd0df54 100644 > > --- a/arch/Kconfig > > +++ b/arch/Kconfig > > @@ -526,6 +526,40 @@ config STACKPROTECTOR_STRONG > > about 20% of all kernel functions, which increases the kernel code > > size by about 2%. > > > > +config ARCH_SUPPORTS_SHADOW_CALL_STACK > > + bool > > + help > > + An architecture should select this if it supports Clang's Shadow > > + Call Stack, has asm/scs.h, and implements runtime support for shadow > > + stack switching. > > + > > +config SHADOW_CALL_STACK > > + bool "Clang Shadow Call Stack" > > + depends on ARCH_SUPPORTS_SHADOW_CALL_STACK > > + help > > + This option enables Clang's Shadow Call Stack, which uses a > > + shadow stack to protect function return addresses from being > > + overwritten by an attacker. More information can be found from > > found in > > > + Clang's documentation: > > + > > + https://clang.llvm.org/docs/ShadowCallStack.html > > + > > + Note that security guarantees in the kernel differ from the ones > > + documented for user space. The kernel must store addresses of shadow > > + stacks used by other tasks and interrupt handlers in memory, which > > + means an attacker capable reading and writing arbitrary memory may > > capable of Thanks, Randy! I'll fix these in the next version. Sami
