Re: [PATCH 02/35] x86/cet/shstk: Add Kconfig option for Shadow Stack

[Thomas Gleixner]

On Mon, Feb 07 2022 at 14:39, Dave Hansen wrote:

> On 1/30/22 13:18, Rick Edgecombe wrote:
>> +config X86_SHADOW_STACK
>> +	prompt "Intel Shadow Stack"
>> +	def_bool n
>> +	depends on AS_WRUSS
>> +	depends on ARCH_HAS_SHADOW_STACK
>> +	select ARCH_USES_HIGH_VMA_FLAGS
>> +	help
>> +	  Shadow Stack protection is a hardware feature that detects function
>> +	  return address corruption.  This helps mitigate ROP attacks.
>> +	  Applications must be enabled to use it, and old userspace does not
>> +	  get protection "for free".
>> +	  Support for this feature is present on Tiger Lake family of
>> +	  processors released in 2020 or later.  Enabling this feature
>> +	  increases kernel text size by 3.7 KB.
>
> I guess the "2020" comment is still OK.  But, given that it's on AMD and
> a could of other Intel models, maybe we should just leave this at:
>
> 	CPUs supporting shadow stacks were first released in 2020.

Yes.

> If we say anything.  We mostly want folks to just go read the
> documentation if they needs more details.

Also the kernel text size increase blurb is pretty useless as that's a
number which is wrong from day one.

Thanks,

        tglx