On Thu, Jun 7, 2018 at 7:40 AM Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx> wrote: > > Introduce Kconfig option X86_INTEL_SHADOW_STACK_USER. > > An application has shadow stack protection when all the following are > true: > > (1) The kernel has X86_INTEL_SHADOW_STACK_USER enabled, > (2) The running processor supports the shadow stack, > (3) The application is built with shadow stack enabled tools & libs > and, and at runtime, all dependent shared libs can support shadow > stack. > > If this kernel config option is enabled, but (2) or (3) above is not > true, the application runs without the shadow stack protection. > Existing legacy applications will continue to work without the shadow > stack protection. > > The user-mode shadow stack protection is only implemented for the > 64-bit kernel. Thirty-two bit applications are supported under the > compatibility mode. > The 64-bit only part seems entirely reasonable. So please make the code 64-bit only :)
