Subj : [$] Shadow-stack control in clone3()
To   : All
From : LWN.net
Date : Tue Aug 26 2025 06:40:07

Shadow stacks are a control-flow-integrity feature designed to defend
against exploits that manipulate a thread's call stack.  The kernel first
gained support for hardware-implemented shadow
stacks, for the x86 architecture, in the 6.6 release; 64-bit Arm
support followed in 6.13.  This feature does not give user space much
control over the allocation of shadow stacks for new threads, though; a patch
series from Mark Brown may, after many attempts, finally be about
to change that situation.

https://lwn.net/Articles/1034442/
--- SBBSecho 3.29-Linux
 * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (86:200/23)

.