On Tue, 2016-06-21 at 11:12 -0700, Kees Cook wrote: > On Tue, Jun 21, 2016 at 10:27 AM, Andy Lutomirski > wrote: > > FWIW, it may be a while before this can be enabled in distro > > kernels. > > There are some code paths (*cough* crypto users *cough*) that think > > that calling sg_init_one with a stack address is a reasonable thing > > to > > do, and it doesn't work with a vmalloced stack.  grsecurity works > ... O_o ... > > Why does it not work on a vmalloced stack?? Because virt_to_page() does not work on vmalloced memory. -- All Rights Reversed.