mm: Implement stack frame object validation

This creates per-architecture function arch_within_stack_frames() that should validate if a given object is contained by a kernel stack frame. Initial implementation is on x86. This is based on code from PaX. Signed-off-by: Kees Cook <keescook@chromium.org> (cherry picked from commit 0f60a8efe4005ab5e65ce000724b04d4ca04a199) Signed-off-by: Alex Shi <alex.shi@linaro.org> Conflicts: skip EBPF_JIT in arch/x86/Kconfig
author: Kees Cook <keescook@chromium.org> 2016-07-12 16:19:48 -0700
committer: Alex Shi <alex.shi@linaro.org> 2016-08-27 11:23:38 +0800
commit: fdb92b0de361f9043f359a1de52e2bedd9da4599 (patch)
tree: b78643598b82f60e0dd5c34456cb8701f48a9516 /arch/Kconfig
parent: 472dd6904d7bfd38d86ec3b8071b7260b51c290d (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/arch/Kconfig b/arch/Kconfig
index 4e949e58b192..d4d9845530f1 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -423,6 +423,15 @@ config CC_STACKPROTECTOR_STRONG
 
 endchoice
 
+config HAVE_ARCH_WITHIN_STACK_FRAMES
+	bool
+	help
+	  An architecture should select this if it can walk the kernel stack
+	  frames to determine if an object is part of either the arguments
+	  or local variables (i.e. that it excludes saved return addresses,
+	  and similar) by implementing an inline arch_within_stack_frames(),
+	  which is used by CONFIG_HARDENED_USERCOPY.
+
 config HAVE_CONTEXT_TRACKING
 	bool
 	help
author	Kees Cook <keescook@chromium.org>	2016-07-12 16:19:48 -0700
committer	Alex Shi <alex.shi@linaro.org>	2016-08-27 11:23:38 +0800
commit	fdb92b0de361f9043f359a1de52e2bedd9da4599 (patch)
tree	b78643598b82f60e0dd5c34456cb8701f48a9516 /arch/Kconfig
parent	472dd6904d7bfd38d86ec3b8071b7260b51c290d (diff)