BACKPORT: mm: Implement stack frame object validation

This creates per-architecture function arch_within_stack_frames() that should validate if a given object is contained by a kernel stack frame. Initial implementation is on x86. This is based on code from PaX. Signed-off-by: Kees Cook <keescook@chromium.org> Change-Id: I1f3b299bb8991d65dcdac6af85d633d4b7776df1 (cherry picked from commit 0f60a8efe4005ab5e65ce000724b04d4ca04a199) Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
author: Kees Cook <keescook@chromium.org> 2016-07-12 16:19:48 -0700
committer: Sami Tolvanen <samitolvanen@google.com> 2016-09-06 15:53:23 +0000
commit: c30d7340ee0b167a45cd8d6d5c48add8f62db9a5 (patch)
tree: 908a52d94320f9ef45ddb567c7ab7f8f8a483063 /arch/Kconfig
parent: 1e701cdc5bbce1f5561ee25ff8709a18dc0b2282 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/arch/Kconfig b/arch/Kconfig
index 31a318a56d98..98f64ad1caf1 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -423,6 +423,15 @@ config CC_STACKPROTECTOR_STRONG
 
 endchoice
 
+config HAVE_ARCH_WITHIN_STACK_FRAMES
+	bool
+	help
+	  An architecture should select this if it can walk the kernel stack
+	  frames to determine if an object is part of either the arguments
+	  or local variables (i.e. that it excludes saved return addresses,
+	  and similar) by implementing an inline arch_within_stack_frames(),
+	  which is used by CONFIG_HARDENED_USERCOPY.
+
 config HAVE_CONTEXT_TRACKING
 	bool
 	help
author	Kees Cook <keescook@chromium.org>	2016-07-12 16:19:48 -0700
committer	Sami Tolvanen <samitolvanen@google.com>	2016-09-06 15:53:23 +0000
commit	c30d7340ee0b167a45cd8d6d5c48add8f62db9a5 (patch)
tree	908a52d94320f9ef45ddb567c7ab7f8f8a483063 /arch/Kconfig
parent	1e701cdc5bbce1f5561ee25ff8709a18dc0b2282 (diff)