On Mon, 2022-10-03 at 10:25 -0700, Kees Cook wrote: > > +config X86_SHADOW_STACK > > + prompt "X86 Shadow Stack" > > + def_bool n > > I hope we can switch this to "default y" soon, given it's a hardware > feature that is disabled at runtime when not available. Hmm, yes. Not sure on this. I'm inclined to leave it as is for now. > > > + depends on ARCH_HAS_SHADOW_STACK > > Doesn't this depend on AS_WRUSS too? Yes, this got messed up when this patch went to and from the CET KVM series. Thanks!
