On Thu, Jan 19, 2023 at 01:22:40PM -0800, Rick Edgecombe wrote: > From: Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx> > > Shadow stack provides protection for applications against function return > address corruption. It is active when the processor supports it, the > kernel has CONFIG_X86_SHADOW_STACK enabled, and the application is built > for the feature. This is only implemented for the 64-bit kernel. When it > is enabled, legacy non-shadow stack applications continue to work, but > without protection. > > Since there is another feature that utilizes CET (Kernel IBT) that will > share implementation with shadow stacks, create CONFIG_CET to signify > that at least one CET feature is configured. > > Tested-by: Pengfei Xu <pengfei.xu@xxxxxxxxx> > Tested-by: John Allen <john.allen@xxxxxxx> > Signed-off-by: Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx> Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> -- Kees Cook
