ANDROID: scs: use vmapped shadow stacks by default
Enable CONFIG_SHADOW_CALL_STACK_VMAP by default, and as we allocate a full page for the stack, allow the kernel use all of it. Bug: 169781940 Change-Id: Ie8eaa7f24e9bf10ff28a302ac98ad843b71c9c2a Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
This commit is contained in:
parent
b494bbca7a
commit
1eb128820e
@ -549,6 +549,7 @@ config SHADOW_CALL_STACK
|
||||
config SHADOW_CALL_STACK_VMAP
|
||||
bool "Use virtually mapped shadow call stacks"
|
||||
depends on SHADOW_CALL_STACK
|
||||
default y
|
||||
help
|
||||
Use virtually mapped shadow call stacks. Selecting this option
|
||||
provides better stack exhaustion protection, but increases per-thread
|
||||
|
@ -14,12 +14,17 @@
|
||||
|
||||
#ifdef CONFIG_SHADOW_CALL_STACK
|
||||
|
||||
#ifdef CONFIG_SHADOW_CALL_STACK_VMAP
|
||||
#define SCS_SIZE PAGE_SIZE
|
||||
#else
|
||||
/*
|
||||
* In testing, 1 KiB shadow stack size (i.e. 128 stack frames on a 64-bit
|
||||
* architecture) provided ~40% safety margin on stack usage while keeping
|
||||
* memory allocation overhead reasonable.
|
||||
*/
|
||||
#define SCS_SIZE 1024UL
|
||||
#endif
|
||||
|
||||
#define GFP_SCS (GFP_KERNEL | __GFP_ZERO)
|
||||
|
||||
/*
|
||||
|
Loading…
Reference in New Issue
Block a user