mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-05 00:20:32 +00:00
d08b9f0ca6
This change adds generic support for Clang's Shadow Call Stack, which uses a shadow stack to protect return addresses from being overwritten by an attacker. Details are available here: https://clang.llvm.org/docs/ShadowCallStack.html Note that security guarantees in the kernel differ from the ones documented for user space. The kernel must store addresses of shadow stacks in memory, which means an attacker capable reading and writing arbitrary memory may be able to locate them and hijack control flow by modifying the stacks. Signed-off-by: Sami Tolvanen <samitolvanen@google.com> Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: Miguel Ojeda <miguel.ojeda.sandonis@gmail.com> [will: Numerous cosmetic changes] Signed-off-by: Will Deacon <will@kernel.org> |
||
|---|---|---|
| .. | ||
| calibrate.c | ||
| do_mounts.c | ||
| do_mounts.h | ||
| do_mounts_initrd.c | ||
| do_mounts_md.c | ||
| do_mounts_rd.c | ||
| init_task.c | ||
| initramfs.c | ||
| Kconfig | ||
| main.c | ||
| Makefile | ||
| noinitramfs.c | ||
| version.c | ||