Lines Matching refs:stack
14 CET introduces shadow stack and indirect branch tracking (IBT). A shadow stack
15 is a secondary stack allocated from memory which cannot be directly modified by
17 return address to both the normal stack and the shadow stack. Upon
18 function return, the processor pops the shadow stack copy and compares it
19 to the normal stack copy. If the two differ, the processor raises a
23 shadow stack and kernel IBT are supported.
28 To use userspace shadow stack you need HW that supports it, a kernel
34 To build a user shadow stack enabled kernel, Binutils v2.29 or LLVM v6 or later
38 CET. "user_shstk" means that userspace shadow stack is supported on the current
98 ARCH_SHSTK_SHSTK - Shadow stack
101 Currently shadow stack and WRSS are supported via this interface. WRSS
102 can only be enabled with shadow stack, and is automatically disabled
103 if shadow stack is disabled.
107 To check if an application is actually running with shadow stack, the
120 A task's shadow stack is allocated from memory to a fixed size of
121 MIN(RLIMIT_STACK, 4 GB). In other words, the shadow stack is allocated to
122 the maximum size of the normal stack, but capped to 4 GB. In the case
123 of the clone3 syscall, there is a stack size passed in and shadow stack
129 The main program and its signal handlers use the same shadow stack. Because
130 the shadow stack stores only return addresses, a large shadow stack covers
131 the condition that both the program stack and the signal alternate stack run
134 When a signal happens, the old pre-signal state is pushed on the stack. When
135 shadow stack is enabled, the shadow stack specific state is pushed onto the
136 shadow stack. Today this is only the old SSP (shadow stack pointer), pushed
139 restorer address to the shadow stack to help userspace avoid a shadow stack
142 So the shadow stack signal frame format is as follows::
149 32 bit ABI signals are not supported in shadow stack processes. Linux prevents
150 32 bit execution while shadow stack is enabled by the allocating shadow stacks
160 The shadow stack's vma has VM_SHADOW_STACK flag set; its PTEs are required
161 to be read-only and dirty. When a shadow stack PTE is not RO and dirty, a
162 shadow access triggers a page fault with the shadow stack access bit set
165 When a task forks a child, its shadow stack PTEs are copied and both the
166 parent's and the child's shadow stack PTEs are cleared of the dirty bit.
167 Upon the next shadow stack access, the resulting shadow stack page fault
170 When a pthread child is created, the kernel allocates a new shadow stack
171 for the new thread. New shadow stack creation behaves like mmap() with respect
172 to ASLR behavior. Similarly, on thread exit the thread's shadow stack is
178 On exec, shadow stack features are disabled by the kernel. At which point,