Intel Shadow Stack Finally Merged For Linux 6.6

Written by Michael Larabel in Intel on 31 August 2023 at 05:04 PM EDT. 3 Comments
INTEL
The Intel Shadow Stack support that is part of their Control-flow Enforcement Technology (CET) has finally been merged for the Linux 6.6 kernel after it was previously rejected by Linus Torvalds.

For years Intel has been working on CET / Shadow Stack support for Linux for defending against return-oriented programming (ROP) attacks with Tiger Lake processors and newer.

Intel Shadow Stack


Intel engineers had submitted Shadow Stack for Linux 6.4 but then it was ultimately rejected by Linus Torvalds. When reviewing the code, the Linux creator found various issues with it and decided against accepting it for the v6.4 merge window.

Now after the code was cleaned up and further iterated, it was re-submitted for the Linux 6.6 cycle. Intel's Dave Hansen explained in the pull request:
"This is the long awaited x86 shadow stack support. We first sent this your way for 6.4 in a form that was harder to review.

Since then, the main deltas addressed concerns around pte_mkwrite() and the Dirty bit shifting logic. These are mostly unchanged from the v9 version of the patchset in June.

There is one last-minute fix in here to clean up a sparse warnings, but it should not even affect code generation."

Linus Torvalds today decided to merge the Shadow Stack (shstk) code for this merge window. Thus this security feature contributed by Intel for their modern CPUs as well as newer AMD CPUs is ready to go with Linux 6.6+.
3 Comments
Related News
Intel P-State Energy Aware Scheduling Patches Updated For Lunar Lake
Intel Lands "Round Robin Strict" Driver Optimization For Helping Battlemage/Xe2
Intel Looking To Raise SPIR-V Backend To Becoming An Official LLVM Target
Intel Panther Lake & Clearwater Forest Power Management Patches For Linux 6.14
Intel Begins Readying Graphics Driver Changes For The Linux 6.14 Kernel
UMD Direct Submission "Proof Of Concept" For The Intel Xe Linux Driver
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features
NTSYNC Linux Patches Revived To Help Boost Steam Play Gaming Performance
Rust-Based, Memory-Safe PNG Decoders "Vastly Outperform" C-Based PNG Libraries