Control Flow Integrity on RISC-V

The Linux project for RISC-V architectures is preparing to introduce support for user-space control-flow integrity (CFI). This implementation is based on the use of a shadow stack, a technique already adopted by Intel and AMD to improve system security.

Control flow integrity is a security mechanism that aims to prevent attacks that alter the normal execution flow of a program. A shadow stack is a copy of the call stack that is kept separate from the main stack. During execution, the system compares the shadow stack with the main stack to verify that there have been no unauthorized modifications. In case of discrepancies, the system can intervene to prevent the execution of malicious code.

This novelty represents a step forward for the security of applications running on RISC-V systems, making the platform more resistant to potential threats.