On Wed, Dec 21, 2022 at 12:37:51AM +0000, Edgecombe, Rick P wrote:
> You mean having separate paths for kernel IBT and user shadow stack
> that compile out? I guess it could just all be in place if
> CONFIG_X86_CET is in place.
>
> I don't know, I thought it was relatively clean, but I can remove it.
Yeah, I'm wondering if we really need the ifdeffery. I always question
ifdeffery because it is a) ugly, b) a mess to deal with and having it is
not really worth it. Yeah, we save a couple of KBs, big deal.
What would practically happen is, shadow stack will be default-enabled
on the majority of kernels out there - distro ones - so it will be
enabled practically everywhere.
And it'll be off only in some self-built kernels which are the very
small minority.
And how much are the space savings with the whole set applied, with and
without the Kconfig item enabled? Probably only a couple of KBs.
And if so, I'm thinking we could at least make the traps.c stuff
unconditional - it'll be there but won't run. Unless we get some weird
#CP but it'll be caught by do_unexpected_cp().
And you have feature tests everywhere so it's not like it'll get
"misused".
And when you do that, you'll have everything a lot simpler, a lot less
Kconfig items to build-test and all good.
Right?
Or am I completely way off into the weeds here and am missing an
important aspect...?
Thx.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
