MAP_STACK Stack Register Checking Committed to -current

The MAP_STACK anti-ROP mechanism described in a recentarticlehas beencommittedto-current.Thecommit messageincludes:

Implement MAP_STACK option for mmap(). Synchronous faults (pagefault andsyscall) confirm the stack register points at MAP_STACK memory, otherwiseSIGSEGV is delivered. sigaltstack() and pthread_attr_setstack() are modifiedto create a MAP_STACK sub-region which satisfies alignment requirements.Observe that MAP_STACK can only be set/cleared by mmap(), which zeroes thecontents of the region -- there is no mprotect() equivalent operation, sothere is no MAP_STACK-adding gadget.This opportunistic software-emulation of a stack protection bit makesstack-pivot operations during ROPchain fragile (kind of like removing atool from the toolbox).