On Fri, Dec 02, 2022 at 04:35:59PM -0800, Rick Edgecombe wrote: > Applications and loaders can have logic to decide whether to enable > shadow stack. They usually don't report whether shadow stack has been > enabled or not, so there is no way to verify whether an application > actually is protected by shadow stack. > > Add two lines in /proc/$PID/status to report enabled and locked features. > > Since, this involves referring to arch specific defines in asm/prctl.h, > implement an arch breakout to emit the feature lines. > > Tested-by: Pengfei Xu <pengfei.xu@xxxxxxxxx> > Tested-by: John Allen <john.allen@xxxxxxx> > Signed-off-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx> Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> -- Kees Cook
