For more than one year Arm engineers have been working on [1]Guarded Control Stack "GCS" support for the Linux kernel as a means of protecting against return-oriented programming (ROP) sttacks with modern AArch64 processors. It looks like for Linux 6.13 this Arm GCS support will be ready for upstreaming.

Arm's Guarded Control Stack is of similar intent to Intel's Shadow Stack. The Guarded Control Stack is hardware-protected stacks of return addresses to harden the system against ROP attacks. GCS also makes it easier for gathering call stacks for applications when dealing with system profiling. With the hardware enforcement, GCS requires support by the SoC/core for supporting this functionality.

Over the past year the Guarded Control Stack code has been through thirteen rounds of revisions and review on the Linux kernel mailing list. The GCS patches were queued last week into [2]arm64/linux.git as the staging area for new ARM64 architecture code for the Linux kernel.

Given the GCS code now being queued up, this will likely be submitted for the Linux 6.13 merge window next month -- barring any last minute issues from coming up in the code.



[1] https://www.phoronix.com/news/Arm-Guarded-Control-Stack-Linux

[2] https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git/log/