Intel's Linux Shadow Stack Patches Should Work Fine With AMD CPUs

Written by Michael Larabel in AMD on 5 February 2022 at 06:00 AM EST. 4 Comments
AMD
Intel has for a while been posting Linux kernel patches for implementing Control Flow Enforcement (CET) technology, both for the Indirect Branch Tracking and Shadow Stack features. However, as written about earlier this week, Intel is focusing on the shadow stack support for user-space. The patches posted this past week by Intel for Linux Shadow Stack for User-Space support was limited to their own processors but fortunately it's appearing to be work out fine for AMD CPUs too.

The shadow stack functionality is about defending against return-oriented programming (ROP) attacks. The Shadow Stack keeps a copy of each CALL and upon a return (RET) will check the return address stored in the normal stack to verify it matches the contents of the Shadow Stack otherwise will generate a fault.


An Intel graphic on Shadow Stack as part of CET.


With the 35 patches posted this past week, the code was limited to being enabled with Intel CPUs given that is what Intel engineers have been obviously testing. But AMD Zen 3 processors also support the Shadow Stack functionality and as acknowledged in the Intel patches there was just a lack of being able to test these patches there.


This patch can hopefully be dropped now that there is AMD testing.


Fortunately, an AMD Linux engineer has been testing the CET Shadow Stack patches and commented that the patches appear to be running fine on AMD processors - including when testing a patched CET version of the GNU C Library and passing various reference tests.

So assuming no issues turn up moving forward, the CET Shadow Stack support once finally mainlined into the Linux kernel should work for both Intel and AMD CPUs as a security improvement.
4 Comments
Related News
ASUS TUF GAMING X670E PLUS Seeing Linux Sensors Support
AMD Hardware Feedback Interface "HFI" Patches Updated For The Linux Kernel
AMD P-State Driver Improvements Getting Ready For Linux 6.14
New AMD XDNA Linux Driver Patches Add Ryzen AI NPU6 IP, Other Improvements
AMD NPU Firmware Upstreamed For The Ryzen AI AMDXDNA Driver Coming In Linux 6.14
AMD Per-Core Energy Counter Support Slated For Linux 6.14
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features