Post Syndicated from original https://lwn.net/Articles/900099/

Once upon a time, a simple stack overflow was enough to mount a
code-injection attack on a running system. In modern systems, though,
stacks are not executable and, as a result, simple overflow-based attacks
are no longer possible. In response, attackers have shifted to
control-flow attacks that make use of the code already present in the
target system. Hardware vendors have added a number of features intended to
thwart control-flow attacks; some of these features have better support
than other in the Linux kernel.