[RFC PATCH 3/4] mm: Add kconfig entries for user stack pointer checking

[Will Deacon]

Provide Kconfig entries to enable/disable user stack pointer checking
and also for architectures to expose the system call controls via
prctl() once they have augmented their system call entry path to perform
the necessary checks.

Cc: Kees Cook <keescook@xxxxxxxxxxxx>
Cc: Jann Horn <jannh@xxxxxxxxxx>
Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Cc: Matthew Wilcox <willy@xxxxxxxxxxxxx>
Cc: Michal Hocko <mhocko@xxxxxxxx>
Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
Signed-off-by: Will Deacon <will.deacon@xxxxxxx>
---
 mm/Kconfig | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/mm/Kconfig b/mm/Kconfig
index 25c71eb8a7db..35f044162501 100644
--- a/mm/Kconfig
+++ b/mm/Kconfig
@@ -758,4 +758,21 @@ config GUP_BENCHMARK
 config ARCH_HAS_PTE_SPECIAL
 	bool
 
+config USER_STACK_POINTER_CHECKS
+	bool "Check user stack pointer points to stack pages"
+	depends on MMU
+	default y
+	help
+	  This feature can be used to enforce that the user stack pointer
+	  points to either the kernel-allocated user stack or a mapping
+	  created with the MAP_STACK flag.
+
+	  By default, no checks are performed, and an application must
+	  opt-in via the PR_SP_CHECK prctl() system call if it wishes to
+	  enable checking. Checking can be independently controlled for
+	  system calls and page fault handling.
+
+config ARCH_HAS_USP_CHECK_SYSCALL
+	bool
+
 endmenu
-- 
2.11.0