Re: [PATCH v16 02/26] x86/cet/shstk: Add Kconfig option for user-mode control-flow protection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 12/29/2020 4:39 AM, Borislav Petkov wrote:

On Wed, Dec 09, 2020 at 02:22:56PM -0800, Yu-cheng Yu wrote:

Shadow Stack provides protection against function return address
corruption.  It is active when the processor supports it, the kernel has
CONFIG_X86_CET_USER, and the application is built for the feature.

		     ^
		   enabled.


This is only implemented for the 64-bit kernel.  When it is enabled, legacy
non-Shadow Stack applications continue to work, but without protection.

Signed-off-by: Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx>
---
  arch/x86/Kconfig           | 22 ++++++++++++++++++++++
  arch/x86/Kconfig.assembler |  5 +++++
  2 files changed, 27 insertions(+)


Rest looks good, thanks.



Thanks!  I will re-base to v5.11-rc1 and send out a new version.

--
Yu-cheng
[Index of Archives]     [Linux Kernel]     [Kernel Newbies]     [x86 Platform Driver]     [Netdev]     [Linux Wireless]     [Netfilter]     [Bugtraq]     [Linux Filesystems]     [Yosemite Discussion]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Device Mapper]

  Powered by Linux