Re: [PATCH v2 02/39] x86/cet/shstk: Add Kconfig option for Shadow Stack

From: Edgecombe, Rick P
Date: Mon Oct 03 2022 - 15:53:18 EST


On Mon, 2022-10-03 at 10:25 -0700, Kees Cook wrote:
> > +config X86_SHADOW_STACK
> > + prompt "X86 Shadow Stack"
> > + def_bool n
>
> I hope we can switch this to "default y" soon, given it's a hardware
> feature that is disabled at runtime when not available.

Hmm, yes. Not sure on this. I'm inclined to leave it as is for now.

>
> > + depends on ARCH_HAS_SHADOW_STACK
>
> Doesn't this depend on AS_WRUSS too?

Yes, this got messed up when this patch went to and from the CET KVM
series.

Thanks!