Re: [PATCH 02/35] x86/cet/shstk: Add Kconfig option for Shadow Stack
From: Dave Hansen
Date: Mon Feb 07 2022 - 17:40:07 EST
On 1/30/22 13:18, Rick Edgecombe wrote:
> +config X86_SHADOW_STACK
> + prompt "Intel Shadow Stack"
> + def_bool n
> + depends on AS_WRUSS
> + depends on ARCH_HAS_SHADOW_STACK
> + select ARCH_USES_HIGH_VMA_FLAGS
> + help
> + Shadow Stack protection is a hardware feature that detects function
> + return address corruption. This helps mitigate ROP attacks.
> + Applications must be enabled to use it, and old userspace does not
> + get protection "for free".
> + Support for this feature is present on Tiger Lake family of
> + processors released in 2020 or later. Enabling this feature
> + increases kernel text size by 3.7 KB.
I guess the "2020" comment is still OK. But, given that it's on AMD and
a could of other Intel models, maybe we should just leave this at:
CPUs supporting shadow stacks were first released in 2020.
If we say anything. We mostly want folks to just go read the
documentation if they needs more details.