diff options
| author | Rick Edgecombe <[email protected]> | 2023-06-12 17:10:32 -0700 |
|---|---|---|
| committer | Rick Edgecombe <[email protected]> | 2023-07-11 14:12:18 -0700 |
| commit | 18e66b695e787374ca762ecdeaa1ab5e3772af94 (patch) | |
| tree | fe0c977a5b99541f1cb81dc32f97758d2b5ce799 /lib/test_fortify/write_overflow-strncpy-src.c | |
| parent | fb47a799cc5ccc469c63e9174f2ad555a21ba2a1 (diff) | |
x86/shstk: Add Kconfig option for shadow stack
Shadow stack provides protection for applications against function return
address corruption. It is active when the processor supports it, the
kernel has CONFIG_X86_SHADOW_STACK enabled, and the application is built
for the feature. This is only implemented for the 64-bit kernel. When it
is enabled, legacy non-shadow stack applications continue to work, but
without protection.
Since there is another feature that utilizes CET (Kernel IBT) that will
share implementation with shadow stacks, create CONFIG_CET to signify
that at least one CET feature is configured.
Co-developed-by: Yu-cheng Yu <[email protected]>
Signed-off-by: Yu-cheng Yu <[email protected]>
Signed-off-by: Rick Edgecombe <[email protected]>
Signed-off-by: Dave Hansen <[email protected]>
Reviewed-by: Borislav Petkov (AMD) <[email protected]>
Reviewed-by: Kees Cook <[email protected]>
Acked-by: Mike Rapoport (IBM) <[email protected]>
Tested-by: Pengfei Xu <[email protected]>
Tested-by: John Allen <[email protected]>
Tested-by: Kees Cook <[email protected]>
Link: https://lore.kernel.org/all/20230613001108.3040476-7-rick.p.edgecombe%40intel.com
Diffstat (limited to 'lib/test_fortify/write_overflow-strncpy-src.c')
0 files changed, 0 insertions, 0 deletions