Lines Matching +full:re +full:- +full:enabled
1 .. SPDX-License-Identifier: GPL-2.0
4 Control-flow Enforcement Technology (CET) Shadow Stack
10 Control-flow Enforcement Technology (CET) covers several related x86 processor
20 control-protection fault. IBT verifies indirect CALL/JMP targets are intended
22 Stack and Indirect Branch Tracking. Today in the 64-bit kernel, only userspace
34 To build a user shadow stack enabled kernel, Binutils v2.29 or LLVM v6 or later
45 from readelf/llvm-readelf output::
47 readelf -n <application> | grep -a SHSTK
58 Elf features should be enabled by the loader using the below arch_prctl's. They
60 on a per-thread basis. The enablement status is inherited on clone, so if the
61 feature is enabled on the first thread, it will propagate to all the thread's
73 Lock in features at their current enabled or disabled status. 'features'
76 set here cannot be enabled or disabled afterwards.
83 Copy the currently enabled features to the address passed in addr. The
90 -EPERM if any of the passed feature are locked.
91 -ENOTSUPP if the feature is not supported by the hardware or
93 -EINVAL arguments (non existing feature, etc)
94 -EFAULT if could not copy information back to userspace
98 ARCH_SHSTK_SHSTK - Shadow stack
99 ARCH_SHSTK_WRSS - WRSS
102 can only be enabled with shadow stack, and is automatically disabled
109 depending on what is enabled. The lines look like this::
118 -----------------
127 ------
134 When a signal happens, the old pre-signal state is pushed on the stack. When
135 shadow stack is enabled, the shadow stack specific state is pushed onto the
144 |1...old SSP| - Pointer to old pre-signal ssp in sigframe token format
146 | ...| - Other state may be added in the future
150 32 bit execution while shadow stack is enabled by the allocating shadow stacks
158 ----
161 to be read-only and dirty. When a shadow stack PTE is not RO and dirty, a
168 is handled by page copy/re-use.
176 ----
179 userspace can choose to re-enable, or lock them.