On 1/29/2021 11:42 AM, Dave Hansen wrote:
On 1/27/21 1:25 PM, Yu-cheng Yu wrote:
+ help
+ Control-flow protection is a hardware security hardening feature
+ that detects function-return address or jump target changes by
+ malicious code.
It's not really one feature. I also think it's not worth talking about
shadow stacks or indirect branch tracking in *here*. Leave that for
Documentation/.
Just say:
Control-flow protection is a set of hardware features which
place additional restrictions on indirect branches. These help
mitigate ROP attacks.
... and add more in the IBT patches.
Applications must be enabled to use it, and old
+ userspace does not get protection "for free".
+ Support for this feature is present on processors released in
+ 2020 or later. Enabling this feature increases kernel text size
+ by 3.7 KB.
Did any CPUs ever get released that have this? If so, name them. If
not, time to change this to 2021, I think.
Ok. I will update this.
Yu-cheng