On Tue, Nov 10, 2020 at 08:21:45AM -0800, Yu-cheng Yu wrote: > Control-flow Enforcement (CET) is a new Intel processor feature that blocks > return/jump-oriented programming attacks. Details are in "Intel 64 and > IA-32 Architectures Software Developer's Manual" [1]. > > CET can protect applications and the kernel. This series enables only > application-level protection, and has three parts: > > - Shadow stack [2], > - Indirect branch tracking [3], and > - Selftests [4]. > > I have run tests on these patches for quite some time, and they have been > very stable. Linux distributions with CET are available now, and Intel > processors with CET are becoming available. It would be nice if CET > support can be accepted into the kernel. I will be working to address any > issues should they come up. > Is there a way to run these patches for testing? Bochs emulation or anything else? I presume you've been testing against violations of CET in user space? Can you share your testing? Balbir Singh.
