mm: Implement stack frame object validation

This creates per-architecture function arch_within_stack_frames() that should validate if a given object is contained by a kernel stack frame. Initial implementation is on x86. This is based on code from PaX. Signed-off-by: Kees Cook <keescook@chromium.org>
author: Kees Cook <keescook@chromium.org> 2016-07-12 16:19:48 -0700
committer: Kees Cook <keescook@chromium.org> 2016-07-26 14:41:47 -0700
commit: 0f60a8efe4005ab5e65ce000724b04d4ca04a199 (patch)
tree: a71bc07c426721394f3156318b2220d8f6299c07 /arch/Kconfig
parent: 7c15d9bb8231f998ae7dc0b72415f5215459f7fb (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/arch/Kconfig b/arch/Kconfig
index 15996290fed4..ef86cded5402 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -424,6 +424,15 @@ config CC_STACKPROTECTOR_STRONG
 
 endchoice
 
+config HAVE_ARCH_WITHIN_STACK_FRAMES
+	bool
+	help
+	  An architecture should select this if it can walk the kernel stack
+	  frames to determine if an object is part of either the arguments
+	  or local variables (i.e. that it excludes saved return addresses,
+	  and similar) by implementing an inline arch_within_stack_frames(),
+	  which is used by CONFIG_HARDENED_USERCOPY.
+
 config HAVE_CONTEXT_TRACKING
 	bool
 	help
author	Kees Cook <keescook@chromium.org>	2016-07-12 16:19:48 -0700
committer	Kees Cook <keescook@chromium.org>	2016-07-26 14:41:47 -0700
commit	0f60a8efe4005ab5e65ce000724b04d4ca04a199 (patch)
tree	a71bc07c426721394f3156318b2220d8f6299c07 /arch/Kconfig
parent	7c15d9bb8231f998ae7dc0b72415f5215459f7fb (diff)