> On Jan 29, 2021, at 11:42 AM, Dave Hansen <dave.hansen@xxxxxxxxx> wrote: > > On 1/27/21 1:25 PM, Yu-cheng Yu wrote: >> + help >> + Control-flow protection is a hardware security hardening feature >> + that detects function-return address or jump target changes by >> + malicious code. > > It's not really one feature. I also think it's not worth talking about > shadow stacks or indirect branch tracking in *here*. Leave that for > Documentation/. > > Just say: > > Control-flow protection is a set of hardware features which > place additional restrictions on indirect branches. These help > mitigate ROP attacks. > > ... and add more in the IBT patches. > >> Applications must be enabled to use it, and old >> + userspace does not get protection "for free". >> + Support for this feature is present on processors released in >> + 2020 or later. Enabling this feature increases kernel text size >> + by 3.7 KB. > > Did any CPUs ever get released that have this? If so, name them. If > not, time to change this to 2021, I think. Zen 3 :)
