On Thu, Jun 7, 2018 at 9:02 AM Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx> wrote: > > On Thu, 2018-06-07 at 08:47 -0700, Andy Lutomirski wrote: > > On Thu, Jun 7, 2018 at 7:40 AM Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx> wrote: > > > > > > Introduce Kconfig option X86_INTEL_SHADOW_STACK_USER. > > > > > > An application has shadow stack protection when all the following are > > > true: > > > > > > (1) The kernel has X86_INTEL_SHADOW_STACK_USER enabled, > > > (2) The running processor supports the shadow stack, > > > (3) The application is built with shadow stack enabled tools & libs > > > and, and at runtime, all dependent shared libs can support shadow > > > stack. > > > > > > If this kernel config option is enabled, but (2) or (3) above is not > > > true, the application runs without the shadow stack protection. > > > Existing legacy applications will continue to work without the shadow > > > stack protection. > > > > > > The user-mode shadow stack protection is only implemented for the > > > 64-bit kernel. Thirty-two bit applications are supported under the > > > compatibility mode. > > > > > > > The 64-bit only part seems entirely reasonable. So please make the > > code 64-bit only :) > > Yes, I will remove changes in "arch/x86/entry/entry32.S". > We still want to support x32/ia32 in the 64-bit kernel, right? > Yes, I think. But that's not in entry_32.S >