On Mon, Feb 07 2022 at 14:39, Dave Hansen wrote:
> On 1/30/22 13:18, Rick Edgecombe wrote:
>> +config X86_SHADOW_STACK
>> + prompt "Intel Shadow Stack"
>> + def_bool n
>> + depends on AS_WRUSS
>> + depends on ARCH_HAS_SHADOW_STACK
>> + select ARCH_USES_HIGH_VMA_FLAGS
>> + help
>> + Shadow Stack protection is a hardware feature that detects function
>> + return address corruption. This helps mitigate ROP attacks.
>> + Applications must be enabled to use it, and old userspace does not
>> + get protection "for free".
>> + Support for this feature is present on Tiger Lake family of
>> + processors released in 2020 or later. Enabling this feature
>> + increases kernel text size by 3.7 KB.
>
> I guess the "2020" comment is still OK. But, given that it's on AMD and
> a could of other Intel models, maybe we should just leave this at:
>
> CPUs supporting shadow stacks were first released in 2020.
Yes.
> If we say anything. We mostly want folks to just go read the
> documentation if they needs more details.
Also the kernel text size increase blurb is pretty useless as that's a
number which is wrong from day one.
Thanks,
tglx
