Function returns could unwind stacks beyond its allocated area. We do not merge shadow stack areas. This and VMA guards prevent shadow stack underflow. Signed-off-by: Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx> --- mm/mmap.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/mm/mmap.c b/mm/mmap.c index de2d0faa1c61..fa581ced3f56 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -1123,6 +1123,12 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, if (vm_flags & VM_SPECIAL) return NULL; + /* + * Do not merge shadow stack areas. + */ + if (vm_flags & VM_SHSTK) + return NULL; + if (prev) next = prev->vm_next; else -- 2.17.1
