Intel Shadow Stack For Linux Hits Last-Minute Snag With Issue Raised By Torvalds

Written by Michael Larabel in Intel on 7 May 2023 at 06:01 AM EDT. 4 Comments
INTEL
Intel Shaodw Stack support was submitted for Linux 6.4 at the start of the merge window but now with this two-week merge window drawing to a close, it hasn't been pulled yet and Linus Torvalds raised technical issues with the proposed patches that now jeopardize its arrival this cycle.

Shadow Stack support is part of Control-flow Enforcement Technology (CET) and has been found in Intel CPUs since Tiger Lake. The Intel Shadow Stack functionality is intended to provide return address protection to defend against ROP attacks. It's been a long-time coming for getting the Linux kernel's Shadow Stack support into the mainline kernel and now it runs the risk of being pushed back from Linux 6.4.


Linus Torvalds this weekend only got around to reviewing the code closely and already he found one issue with a bug that would affect non-x86_64 kernels. He explained in a mailing list post:
"So I'm going through the original pull request now - I was really hoping to have been able to do that earlier, but there kept being all these small pending other issues.

And I'm about a quarter in, haven't even gotten to the meat yet, and I've already found a bug.
...
End result: all those architectures that do *not* want the vma argument don't need to do any extra work, and they just implement the old version, and the only thing that happened was that it was renamed.

Because I really don't want to pull this series as-is, when I found what looks like a "this broke an architecture that DOES NOT EVEN CARE" bug in the series.

And yes, my bad for not getting to this earlier to notice this.

Or alternatively - your bad for not going through this with a fine comb like I started doing."

There's been further comments on the mailing list since over the technical nature of this bug, but long story short, Linus isn't pulling these patches as-is. It remains to be seen if there will be a last minute updated patch series or if Torvalds will entertain pulling these patches late past 6.4-rc1, but it's increasingly likely that the Intel Shadow Stack support will be delayed to v6.5+ given this last minute bug being pointed out and Torvalds not even being through in reviewing these patches in full.
4 Comments
Related News
New Intel P-State Linux Driver Patches To Better Handle Hybrid Core CPUs
Intel Talks Up Their Latest Compiler Toolchain Enhancements For AVX10.1, AMX & More
Rework For Intel CPU Model Handling To Land With Linux 6.10
Linux 6.10 Adding Intel Low-Latency Hint To Aggressively Boost GT Frequency For GPU Compute
Intel Releases OpenVINO 2024.1 With More Gen AI & LLM Features
Intel ANV Vulkan Driver Enables VK_KHR_shader_float_controls2
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
systemd Rolling Out "run0" As sudo Alternative
Linux Mint Looks To Fork More GNOME Software, Make XApp More Independent
Microsoft Updates Cascadia Code: Its Open-Source Font For Developers
Rust-Written Redox OS Gets USB Keyboards & Mice Working
NetBSD On The State & Future Of X.Org/X11
Wine 9.8 Fixes Nearly 20 Year Old Bug For Installing Microsoft Office 97
Valve Working On Explicit Sync Support For "NVK" NVIDIA Vulkan Driver
Valve Publishes Steam Survey Numbers For April 2024