Navigation: Linux Kernel Driver DataBase - web LKDDB: Main index - S index

CONFIG_SHADOW_CALL_STACK: Clang Shadow Call Stack

General informations

The Linux kernel configuration item CONFIG_SHADOW_CALL_STACK:

Help text

This option enables Clang's Shadow Call Stack, which uses a shadow stack to protect function return addresses from being overwritten by an attacker. More information can be found in Clang's documentation:

https://clang.llvm.org/docs/ShadowCallStack.html

Note that security guarantees in the kernel differ from the ones documented for user space. The kernel must store addresses of shadow stacks in memory, which means an attacker capable of reading and writing arbitrary memory may be able to locate them and hijack control flow by modifying the stacks.

Hardware

LKDDb

Raw data from LKDDb:

Sources

This page is automaticly generated with free (libre, open) software lkddb(see lkddb-sources).

The data is retrived from:

Automatic links from Google (and ads)

Custom Search

Popular queries:

Navigation: Linux Kernel Driver DataBase - web LKDDB: main index - S index

Automatically generated (in year 2021). See also LKDDb sources on GitLab