CONFIG_SHADOW_CALL_STACK: Shadow Call Stack

General informations

The Linux kernel configuration item CONFIG_SHADOW_CALL_STACK has multiple definitions:

Shadow Call Stack found in arch/Kconfig

The configuration item CONFIG_SHADOW_CALL_STACK:

• prompt: Shadow Call Stack
• type: bool
• depends on: ( CONFIG_ARCH_SUPPORTS_SHADOW_CALL_STACK ) && ( CONFIG_DYNAMIC_FTRACE_WITH_ARGS || CONFIG_DYNAMIC_FTRACE_WITH_REGS || ! CONFIG_FUNCTION_GRAPH_TRACER ) && ( CONFIG_MMU )
• defined in arch/Kconfig
• found in Linux kernels: 5.18–5.19, 6.0–6.8, 6.9-rc+HEAD

Help text

This option enables the compiler's Shadow Call Stack, which uses a shadow stack to protect function return addresses from being overwritten by an attacker. More information can be found in the compiler's documentation:

- Clang: https://clang.llvm.org/docs/ShadowCallStack.html - GCC: https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html#Instrumentation-Options

Note that security guarantees in the kernel differ from the ones documented for user space. The kernel must store addresses of shadow stacks in memory, which means an attacker capable of reading and writing arbitrary memory may be able to locate them and hijack control flow by modifying the stacks.

Clang Shadow Call Stack found in arch/Kconfig

The configuration item CONFIG_SHADOW_CALL_STACK:

• prompt: Clang Shadow Call Stack
• type: bool
• depends on: ( CONFIG_CC_IS_CLANG && CONFIG_ARCH_SUPPORTS_SHADOW_CALL_STACK ) && ( CONFIG_DYNAMIC_FTRACE_WITH_REGS || ! CONFIG_FUNCTION_GRAPH_TRACER )
• defined in arch/Kconfig
• found in Linux kernels: 5.8–5.17

Help text

This option enables Clang's Shadow Call Stack, which uses a shadow stack to protect function return addresses from being overwritten by an attacker. More information can be found in Clang's documentation:

https://clang.llvm.org/docs/ShadowCallStack.html

Note that security guarantees in the kernel differ from the ones documented for user space. The kernel must store addresses of shadow stacks in memory, which means an attacker capable of reading and writing arbitrary memory may be able to locate them and hijack control flow by modifying the stacks.

Hardware

LKDDb

Raw data from LKDDb:

• (none)

Sources

This page is automaticly generated with free (libre, open) software lkddb(see lkddb-sources).

The data is retrived from:

• Linux kernel
• Linux Kernel Driver DataBase (LKDDb)

Automatic links from Google (and ads)

Custom Search

Popular queries: