Post Syndicated from original https://lwn.net/Articles/915728/

Shadow stacks are one of the methods employed to enforce control-flow
integrity and thwart attackers; they are a mechanism for fine-grained,
backward-edge protection. Most of the time, applications are not even
aware that shadow stacks are in use. As is so often the case, though, life
gets more complicated when the Checkpoint/Restore in Userspace
(CRIU) mechanism is in use. Not breaking CRIU turns out to be one of the
big challenges facing developers working to get user-space shadow-stack
support into the kernel.