Intel Shadow Stack For Linux Hits Last-Minute Snag With Issue Raised By Torvalds

Written by Michael Larabel in Intel on 7 May 2023 at 06:01 AM EDT. 4 Comments
INTEL
Intel Shaodw Stack support was submitted for Linux 6.4 at the start of the merge window but now with this two-week merge window drawing to a close, it hasn't been pulled yet and Linus Torvalds raised technical issues with the proposed patches that now jeopardize its arrival this cycle.

Shadow Stack support is part of Control-flow Enforcement Technology (CET) and has been found in Intel CPUs since Tiger Lake. The Intel Shadow Stack functionality is intended to provide return address protection to defend against ROP attacks. It's been a long-time coming for getting the Linux kernel's Shadow Stack support into the mainline kernel and now it runs the risk of being pushed back from Linux 6.4.


Linus Torvalds this weekend only got around to reviewing the code closely and already he found one issue with a bug that would affect non-x86_64 kernels. He explained in a mailing list post:
"So I'm going through the original pull request now - I was really hoping to have been able to do that earlier, but there kept being all these small pending other issues.

And I'm about a quarter in, haven't even gotten to the meat yet, and I've already found a bug.
...
End result: all those architectures that do *not* want the vma argument don't need to do any extra work, and they just implement the old version, and the only thing that happened was that it was renamed.

Because I really don't want to pull this series as-is, when I found what looks like a "this broke an architecture that DOES NOT EVEN CARE" bug in the series.

And yes, my bad for not getting to this earlier to notice this.

Or alternatively - your bad for not going through this with a fine comb like I started doing."

There's been further comments on the mailing list since over the technical nature of this bug, but long story short, Linus isn't pulling these patches as-is. It remains to be seen if there will be a last minute updated patch series or if Torvalds will entertain pulling these patches late past 6.4-rc1, but it's increasingly likely that the Intel Shadow Stack support will be delayed to v6.5+ given this last minute bug being pointed out and Torvalds not even being through in reviewing these patches in full.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week