12368 – CONFIG_VMAP_STACK is enabled on aarch64 and x86_64 only

Bug 12368 - CONFIG_VMAP_STACK is enabled on aarch64 and x86_64 only

Summary: CONFIG_VMAP_STACK is enabled on aarch64 and x86_64 only

Status:	CLOSED FIXED

Alias:	None

Product:	IPFire
Classification:	Unclassified
Component:	--- (show other bugs)
Version:	2
Hardware:	unspecified All

Importance:	Will affect an average number of users Security
Assignee:	Peter Müller
QA Contact:

URL:
Keywords:

Depends on:
Blocks:	KERNSEC
	Show dependency tree / graph

Reported:	2020-04-14 15:27 UTC by Peter Müller
Modified:	2022-04-06 17:25 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Peter Müller 2020-04-14 15:27:57 UTC

Quote from https://capsule8.com/blog/kernel-configuration-glossary/:

> Significance: High
> 
> Enable this if you want the use virtually-mapped kernel stacks with guard
> pages. This causes kernel stack overflows to be caught immediately rather than
> causing difficult-to-diagnose corruption.

Comment 1 Peter Müller 2020-06-09 17:27:29 UTC

https://patchwork.ipfire.org/patch/3174/

Comment 2 Peter MÃ¼ller 2022-04-06 17:25:56 UTC

This has been fixed meanwhile:

$ grep CONFIG_VMAP_STACK *
kernel.config.aarch64-ipfire:CONFIG_VMAP_STACK=y
kernel.config.riscv64-ipfire:CONFIG_VMAP_STACK=y
kernel.config.x86_64-ipfire:CONFIG_VMAP_STACK=y