On Fri, Dec 02, 2022 at 04:35:29PM -0800, Rick Edgecombe wrote: > From: Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx> > > Shadow Stack provides protection for applications against function return > address corruption. It is active when the processor supports it, the > kernel has CONFIG_X86_SHADOW_STACK enabled, and the application is built > for the feature. This is only implemented for the 64-bit kernel. When it > is enabled, legacy non-Shadow Stack applications continue to work, but > without protection. > > Since there is another feature that utilizes CET (Kernel IBT) that will > share implementation with Shadow Stacks, create CONFIG_CET to signify > that at least one CET feature is configured. > > Tested-by: Pengfei Xu <pengfei.xu@xxxxxxxxx> > Tested-by: John Allen <john.allen@xxxxxxx> > Signed-off-by: Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx> Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> -- Kees Cook