Re: [PATCH v17 00/26] Control-flow Enforcement: Shadow Stack
From: Yu, Yu-cheng <hidden>
Date: 2021-01-04 20:09:38
Also in:
linux-arch, linux-doc, linux-mm, lkml
From: Yu, Yu-cheng <hidden>
Date: 2021-01-04 20:09:38
Also in:
linux-arch, linux-doc, linux-mm, lkml
On 12/29/2020 1:30 PM, Yu-cheng Yu wrote:
Control-flow Enforcement (CET) is a new Intel processor feature that blocks return/jump-oriented programming attacks. Details are in "Intel 64 and IA-32 Architectures Software Developer's Manual" [1]. CET can protect applications and the kernel. This series enables only application-level protection, and has three parts: - Shadow stack [2], - Indirect branch tracking [3], and - Selftests [4]. I have run tests on these patches for quite some time, and they have been very stable. Linux distributions with CET are available now, and Intel processors with CET are already on the market. It would be nice if CET support can be accepted into the kernel. I will be working to address any issues should they come up. Changes in v17: - Rebase to v5.11-rc1.
Hi Reviewers, After a few revisions/re-bases, I have dropped some Reviewed-by tags. This revision is only a re-base to the latest Linus tree. Please kindly comment if there are anything still not resolved, and I appreciate very much Reviewed-by/Acked-by tags to satisfactory patches. -- Thanks, Yu-cheng