The Intel Shadow Stack help that’s a part of their Management-flow Enforcement Expertise (CET) has lastly been merged for the Linux 6.6 kernel after it was beforehand rejected by Linus Torvalds.
For years Intel has been engaged on CET / Shadow Stack help for Linux for defending in opposition to return-oriented programming (ROP) assaults with Tiger Lake processors and newer.
Intel engineers had submitted Shadow Stack for Linux 6.4 however then it was finally rejected by Linus Torvalds. When reviewing the code, the Linux creator discovered numerous points with it and determined in opposition to accepting it for the v6.4 merge window.
Now after the code was cleaned up and additional iterated, it was re-submitted for the Linux 6.6 cycle. Intel’s Dave Hansen defined within the pull request:
“That is the lengthy awaited x86 shadow stack help. We first despatched this your means for six.4 in a kind that was tougher to assessment.
Since then, the principle deltas addressed considerations round pte_mkwrite() and the Soiled bit shifting logic. These are largely unchanged from the v9 model of the patchset in June.
There may be one last-minute repair in right here to wash up a sparse warnings, however it shouldn’t even have an effect on code era.”
Linus Torvalds right this moment determined to merge the Shadow Stack (shstk) code for this merge window. Thus this safety function contributed by Intel for his or her trendy CPUs in addition to newer AMD CPUs is able to go along with Linux 6.6+.
