On 12/29/2020 4:39 AM, Borislav Petkov wrote:
On Wed, Dec 09, 2020 at 02:22:56PM -0800, Yu-cheng Yu wrote:
Shadow Stack provides protection against function return address
corruption. It is active when the processor supports it, the kernel has
CONFIG_X86_CET_USER, and the application is built for the feature.
^
enabled.
This is only implemented for the 64-bit kernel. When it is enabled, legacy
non-Shadow Stack applications continue to work, but without protection.
Signed-off-by: Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx>
---
arch/x86/Kconfig | 22 ++++++++++++++++++++++
arch/x86/Kconfig.assembler | 5 +++++
2 files changed, 27 insertions(+)
Rest looks good, thanks.
Thanks! I will re-base to v5.11-rc1 and send out a new version.
--
Yu-cheng