Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a7f21069 authored by Sami Tolvanen's avatar Sami Tolvanen
Browse files

FROMLIST: add support for Clang's Shadow Call Stack (SCS) 

This change adds generic support for Clang's Shadow Call Stack,
which uses a shadow stack to protect return addresses from being
overwritten by an attacker. Details are available here:

  https://clang.llvm.org/docs/ShadowCallStack.html

Note that security guarantees in the kernel differ from the
ones documented for user space. The kernel must store addresses
of shadow stacks used by other tasks and interrupt handlers in
memory, which means an attacker capable reading and writing
arbitrary memory may be able to locate them and hijack control
flow by modifying shadow stacks that are not currently in use.

Bug: 145210207
Change-Id: Ia5f1650593fa95da4efcf86f84830a20989f161c
(am from https://lore.kernel.org/patchwork/patch/1149054/

)
Reviewed-by: default avatarKees Cook <keescook@chromium.org>
Reviewed-by: default avatarMiguel Ojeda <miguel.ojeda.sandonis@gmail.com>
Signed-off-by: default avatarSami Tolvanen <samitolvanen@google.com>
parent 89384505
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment