Linux 4.9 On x86_64 To Support Vmapped Stacks

With the forthcoming Linux 4.9 kernel, x86_64 builds will support CONFIG_VMAP_STACK where kernel stacks are allocated with vmalloc_node for greater security.

Following a lot of work queued for Linux 4.9 and some prep changes merged in earlier 4.8 kernel, Linux on x86_64 will support vmapped stacks by supporting the HAVE_ARCH_VMAP_STACK / CONFIG_VMAP_STACK build-time options. When the option is selected to use virtually-mapped kernel stacks with guard pages, kernel stack overflows are caught immediately as opposed to "difficult-to-diagnose corruption".

The Linux GrSecurity patches previously provided similar functionality via the GRKERNSEC_KSTACKOVERFLOW option. The only downside to this current work is that it doesn't support KASAN (Kernel Address Sanitizer).

With CONFIG_VMAP_STACK enabled there is also an optimization for helping heavy forking workloads.

This vmapped stack work is landing via the x86/asm pull request. Also in there is support for enabling KASLR on vmemmapped memory regions. KASLR, of course, being short for Kernel Address Space Layout Randomization.