On Sat, Feb 18, 2023 at 01:13:52PM -0800, Rick Edgecombe wrote: > This series implements Shadow Stacks for userspace using x86's Control-flow > Enforcement Technology (CET). CET consists of two related security features: > shadow stacks and indirect branch tracking. This series implements just the > shadow stack part of this feature, and just for userspace. Okay, I've done some bare metal testing, and it all looks happy. The selftest passes, and I can can see the stack address mismatch get detected if I explicitly rewrite the saved function pointer on the stack: [INFO] Want normal flow [INFO] Found 0x401890 @ 0x7fff47cf2ef8 [INFO] Normal execution flow [INFO] Want to redirect [INFO] Found 0x401890 @ 0x7fff47cf2ef8 [INFO] Hijacked execution flow [INFO] Enabling shadow stack [INFO] Want to redirect [INFO] Found 0x401890 @ 0x7fff47cf2ef8 Segmentation fault (core dumped) Tested-by: Kees Cook <keescook@xxxxxxxxxxxx> -- Kees Cook
