Re: [PATCH 02/35] x86/cet/shstk: Add Kconfig option for Shadow Stack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 1/30/22 13:18, Rick Edgecombe wrote:
> +config X86_SHADOW_STACK
> +	prompt "Intel Shadow Stack"
> +	def_bool n
> +	depends on AS_WRUSS
> +	depends on ARCH_HAS_SHADOW_STACK
> +	select ARCH_USES_HIGH_VMA_FLAGS
> +	help
> +	  Shadow Stack protection is a hardware feature that detects function
> +	  return address corruption.  This helps mitigate ROP attacks.
> +	  Applications must be enabled to use it, and old userspace does not
> +	  get protection "for free".
> +	  Support for this feature is present on Tiger Lake family of
> +	  processors released in 2020 or later.  Enabling this feature
> +	  increases kernel text size by 3.7 KB.

I guess the "2020" comment is still OK.  But, given that it's on AMD and
a could of other Intel models, maybe we should just leave this at:

	CPUs supporting shadow stacks were first released in 2020.

If we say anything.  We mostly want folks to just go read the
documentation if they needs more details.



[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux