Lines Matching +full:pre +full:- +full:verified
1 .. SPDX-License-Identifier: GPL-2.0
4 Control-flow Enforcement Technology (CET) Shadow Stack
10 Control-flow Enforcement Technology (CET) covers several related x86 processor
20 control-protection fault. IBT verifies indirect CALL/JMP targets are intended
22 Stack and Indirect Branch Tracking. Today in the 64-bit kernel, only userspace
44 An application's CET capability is marked in its ELF note and can be verified
45 from readelf/llvm-readelf output::
47 readelf -n <application> | grep -a SHSTK
60 on a per-thread basis. The enablement status is inherited on clone, so if the
90 -EPERM if any of the passed feature are locked.
91 -ENOTSUPP if the feature is not supported by the hardware or
93 -EINVAL arguments (non existing feature, etc)
94 -EFAULT if could not copy information back to userspace
98 ARCH_SHSTK_SHSTK - Shadow stack
99 ARCH_SHSTK_WRSS - WRSS
118 -----------------
127 ------
134 When a signal happens, the old pre-signal state is pushed on the stack. When
138 verified and restored by the kernel. The kernel will also push the normal
144 |1...old SSP| - Pointer to old pre-signal ssp in sigframe token format
146 | ...| - Other state may be added in the future
158 ----
161 to be read-only and dirty. When a shadow stack PTE is not RO and dirty, a
168 is handled by page copy/re-use.
176 ----
179 userspace can choose to re-enable, or lock them.