ANDROID: scs: use vmapped shadow stacks by default

Enable CONFIG_SHADOW_CALL_STACK_VMAP by default, and as we allocate a full page for the stack, allow the kernel use all of it. Bug: 169781940 Change-Id: Ie8eaa7f24e9bf10ff28a302ac98ad843b71c9c2a Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
2020-10-14 13:24:28 -07:00 · 2020-10-14 13:24:28 -07:00 · 1eb128820e
commit 1eb128820e
parent b494bbca7a
2 changed files with 6 additions and 0 deletions
--- a/arch/Kconfig
+++ b/arch/Kconfig
@ -549,6 +549,7 @@ config SHADOW_CALL_STACK
 config SHADOW_CALL_STACK_VMAP
 	bool "Use virtually mapped shadow call stacks"
 	depends on SHADOW_CALL_STACK
+	default y
 	help
 	  Use virtually mapped shadow call stacks. Selecting this option
 	  provides better stack exhaustion protection, but increases per-thread
--- a/include/linux/scs.h
+++ b/include/linux/scs.h
@ -14,12 +14,17 @@

 #ifdef CONFIG_SHADOW_CALL_STACK

+#ifdef CONFIG_SHADOW_CALL_STACK_VMAP
+#define SCS_SIZE	PAGE_SIZE
+#else
 /*
 * In testing, 1 KiB shadow stack size (i.e. 128 stack frames on a 64-bit
 * architecture) provided ~40% safety margin on stack usage while keeping
 * memory allocation overhead reasonable.
 */
 #define SCS_SIZE	1024UL
+#endif
+
 #define GFP_SCS		(GFP_KERNEL | __GFP_ZERO)

 /*