Re: [PATCH 1/8] arm64: Enable VMAP_STACK support

[Breno Leitao <leitao@debian.org>]

Hello Mark,

On Mon, Jul 07, 2025 at 06:23:09PM +0100, Mark Rutland wrote:
> On Mon, Jul 07, 2025 at 09:01:01AM -0700, Breno Leitao wrote:
> > Enable virtually mapped kernel stacks for ARM64. This provides better
> > stack overflow detection and improved security by mapping kernel stacks
> > in vmalloc space rather than using direct mapping.
> > 
> > VMAP_STACK helps catch stack overflows early by placing guard pages
> > around kernel stacks, and also provides better isolation between
> > kernel stacks and other kernel data structures.
> > 
> > All dependencies are satisfied for arm64: HAVE_ARCH_VMAP_STACK is
> > already selected above, and KASAN_VMALLOC is selected when KASAN is
> > enabled, meeting the KASAN dependency requirements.
> 
> I reckon it might be better to say something like:
> 
> | arm64: Mandate VMAP_STACK
> |
> | On arm64, VMAP_STACK has been enabled by default for a while now, and
> | the only reason to disable it was a historical lack of support for
> | KASAN_VMALLOC. Today there's no good reason to disable VMAP_STACK.
> |
> | Mandate VMAP_STACK, which will allow code to be simplified in
> | subsequent patches.
> 
> ... to make it clear that we're not changing the default, and we are
> removing the ability to deselect VMAP_STACK.
> 
> Either way, the patch itself looks good to me.

Thanks for the suggestion. I will update and respin.

Thanks for the review,
--breno