[$] Shadow stacks for user space

The call stack is a favorite target for attackers attempting to compromisea running process; if an attacker finds a way to overwrite a return addresson the stack, they can redirect control to code of their choosing, leadingto a situation best described as "game over". As a result, a great deal ofeffort has gone into protecting the stack. One technique that offerspromise is a shadow stack; support for shadow stacks is thus duly showing up invarious processors. Support for protecting user-space applications withshadow stacks is taking a bit longer; it is currently under discussionwithin the kernel community, but adding this feature is trickier than onemight think. Among other things, these patches have been around for longenough that they have developed some backward-compatibility problems oftheir own.