Component Type: kbuild config

Description: Shadow Call Stack

More info: This option enables the compiler's Shadow Call Stack, which uses a shadow stack to protect function return addresses from being overwritten by an attacker. More information can be found in the compiler's documentation: - Clang: https://clang.llvm.org/docs/ShadowCallStack.html - GCC: https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html#Instrumentation-Options Note that security guarantees in the kernel differ from the ones documented for user space. The kernel must store addresses of shadow stacks in memory, which means an attacker capable of reading and writing arbitrary memory may be able to locate them and hijack control flow by modifying the stacks.

Build project: Kconfig (Linux kconfig) (Path: arch\Kconfig )

Other views: file explorer