Intel Revs New Linux Patches Providing For Shadow Stacks For User-Space

Written by Michael Larabel in Intel on 31 January 2022 at 06:08 AM EST. 3 Comments
For years Intel has been working on Linux patches for supporting their Control-Flow Enforcement Technology (CET) with Indirect Branch Tracking and Shadow Stack support. It's been in the works for years and through many revisions while now they are pursuing a new route and focusing just on the Shadow Stack user-space functionality.

The shadow stack functionality is focused on defending against return-oriented programming (ROP) attacks. The Shadow Stack keeps a copy of each CALL and upon a return (RET) will check the return address stored in the normal stack to verify it matches the contents of the Shadow Stack otherwise will generate a fault.

Intel Shadow Stack support is back in the works for Linux.

Intel has supported CET going back to Tiger Lake systems with Indirect Branch Tracking as part of that for fighting off JOP/COP attacks too. While there have been IBT Linux patches worked on, moving forward Intel is focusing just on the Shadow Stack user-space support to get upstreamed for the mainline Linux kernel. That's the plan at least for the near-term with the IBT patches now taking a back-seat.

Intel's Rick Edgecombe noted in a new patch series on Sunday:
This is a slight reboot of the userspace CET series. I will be taking over the series from Yu-cheng. Per some internal recommendations, I’ve reset the version number and am calling it a new series. Hopefully, it doesn’t cause confusion.

The new plan is to upstream only userspace Shadow Stack support at this point. IBT can follow later, but for now I’ll focus solely on the most in-demand and widely available (with the feature on AMD CPUs now) part of CET.

So now we are at the set of 35 patches being proposed for shadow-stacks for user-space. Not only is this focused on enhancing security with modern x86_64 processors, but Google is also looking at using shadow stacks for improving tracing with better performance and reliability.

With the new patch series is a new system call for shadow stack allocation, changes to ensure older binaries will not break, and more. While the latest AMD Ryzen 5000 series processors can support shadow stacks too, the current patches are specifically limited to Intel CPUs. The plan is to permit AMD CPU support for user-space shadow stacks once someone(s) has tested it out -- hopefully that will happen prior to the patches being merged.

We'll see if this new Shadow Stacks for User-Space series gets picked up more quickly than the prior stalled CET patch series.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week