Re: [PATCH v17 00/26] Control-flow Enforcement: Shadow Stack

From: Yu, Yu-cheng
Date: Mon Jan 04 2021 - 15:09:21 EST

Next message: Alexandre Ghiti: "[RFC PATCH 10/12] riscv: Use pgtable_l4_enabled to output mmu type in cpuinfo"
Previous message: Alexandre Ghiti: "[RFC PATCH 09/12] riscv: Allow user to downgrade to sv39 when hw supports sv48"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 12/29/2020 1:30 PM, Yu-cheng Yu wrote:

Control-flow Enforcement (CET) is a new Intel processor feature that blocks
return/jump-oriented programming attacks. Details are in "Intel 64 and
IA-32 Architectures Software Developer's Manual" [1].

CET can protect applications and the kernel. This series enables only
application-level protection, and has three parts:

- Shadow stack [2],
- Indirect branch tracking [3], and
- Selftests [4].

I have run tests on these patches for quite some time, and they have been
very stable. Linux distributions with CET are available now, and Intel
processors with CET are already on the market. It would be nice if CET
support can be accepted into the kernel. I will be working to address any
issues should they come up.

Changes in v17:
- Rebase to v5.11-rc1.

Hi Reviewers,

After a few revisions/re-bases, I have dropped some Reviewed-by tags. This revision is only a re-base to the latest Linus tree. Please kindly comment if there are anything still not resolved, and I appreciate very much Reviewed-by/Acked-by tags to satisfactory patches.

--
Thanks,
Yu-cheng

Next message: Alexandre Ghiti: "[RFC PATCH 10/12] riscv: Use pgtable_l4_enabled to output mmu type in cpuinfo"
Previous message: Alexandre Ghiti: "[RFC PATCH 09/12] riscv: Allow user to downgrade to sv39 when hw supports sv48"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]