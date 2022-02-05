Ads are what have allowed this site to be maintained for the past 16 years.

Intel has for a while been posting Linux kernel patches for implementing Control Flow Enforcement (CET) technology, both for the Indirect Branch Tracking and Shadow Stack features. However, as written about earlier this week, Intel is focusing on the shadow stack support for user-space . The patches posted this past week by Intel for Linux Shadow Stack for User-Space support was limited to their own processors but fortunately it's appearing to be work out fine for AMD CPUs too.The shadow stack functionality is about defending against return-oriented programming (ROP) attacks. The Shadow Stack keeps a copy of each CALL and upon a return (RET) will check the return address stored in the normal stack to verify it matches the contents of the Shadow Stack otherwise will generate a fault.



An Intel graphic on Shadow Stack as part of CET.

With the 35 patches posted this past week, the code was limited to being enabled with Intel CPUs given that is what Intel engineers have been obviously testing. But AMD Zen 3 processors also support the Shadow Stack functionality and as acknowledged in the Intel patches there was just a lack of being able to test these patches there.



This patch can hopefully be dropped now that there is AMD testing.