Source: linux Version: 6.11.5-1 Severity: wishlist Tags: patch X-Debbugs-Cc: miguel.bernal.ma...@linux.intel.com, jair.gonza...@linux.intel.com
Dear Maintainer, Please enable the "X86 userspace shadow stack" (X86_USER_SHADOW_STACK). Shadow stack protection is a hardware feature that detects function return address corruption. This helps mitigate ROP (Return-oriented programming) attacks. Applications must be enabled to use it, and old userspace does not get protection "for free". Shadow stack works by maintaining a secondary (shadow) stack that cannot be directly modified by applications. When executing a CALL instruction, the processor pushes the return address to both the normal stack and to the special permission shadow stack. Upon RET, the processor pops the shadow stack copy and compares it to the normal stack copy. If the two differ, the processor raises a control protection fault. This implementation supports shadow stack on 64 bit kernels only, with support for 32 bit only via IA32 emulation. CPUs supporting shadow stacks were first released in 2020. See https://docs.kernel.org/arch/x86/shstk.html for more information. A MR was created with this proposal at: https://salsa.debian.org/kernel-team/linux/-/merge_requests/1253 Thanks, Miguel Bernal Marin
