After being in development for years, Intel's shadow stack support is set to be merged for the upcoming Linux 6.4 cycle. The shadow stack support is part of Intel's Control-flow Enforcement Technology (CET) security functionality.

Last year with Linux 5.18 Intel CET's Indirect Branch Tracking (IBT) was merged while for Linux 6.4 this summer the other aspect of CET is landing: Shaodw Stack. Intel's Shadow Stack support with this kernel functionality and supported Intel processors allows for helping to defend against return-oriented programming (ROP) attacks. 

Intel began working on the CET / Shadow Stack support years ago and support worked its way into the GNU toolchain and related components while it took some time for the kernel bits to be all squared away. Intel originally announced CET all the way back in 2016 but it wasn't until 11th Gen Tiger Lake where Control-flow Enforcement Technology processors first appeared.

The link for this article located at Phoronix is no longer available.