On 1/30/22 13:18, Rick Edgecombe wrote: > +config X86_SHADOW_STACK > + prompt "Intel Shadow Stack" > + def_bool n > + depends on AS_WRUSS > + depends on ARCH_HAS_SHADOW_STACK > + select ARCH_USES_HIGH_VMA_FLAGS > + help > + Shadow Stack protection is a hardware feature that detects function > + return address corruption. This helps mitigate ROP attacks. > + Applications must be enabled to use it, and old userspace does not > + get protection "for free". > + Support for this feature is present on Tiger Lake family of > + processors released in 2020 or later. Enabling this feature > + increases kernel text size by 3.7 KB. I guess the "2020" comment is still OK. But, given that it's on AMD and a could of other Intel models, maybe we should just leave this at: CPUs supporting shadow stacks were first released in 2020. If we say anything. We mostly want folks to just go read the documentation if they needs more details.
