[$] Kernel support for hardware-based control-flow integrity

Once upon a time, a simple stack overflow was enough to mount acode-injection attack on a running system. In modern systems, though,stacks are not executable and, as a result, simple overflow-based attacksare no longer possible. In response, attackers have shifted tocontrol-flow attacks that make use of the code already present in thetarget system. Hardware vendors have added a number of features intended tothwart control-flow attacks; some of these features have better supportthan others in the Linux kernel.