Re: [PATCH 02/35] x86/cet/shstk: Add Kconfig option for Shadow Stack

[Edgecombe, Rick P]

On Tue, 2022-02-08 at 09:41 +0100, Thomas Gleixner wrote:
> On Mon, Feb 07 2022 at 14:39, Dave Hansen wrote:
> 
> > On 1/30/22 13:18, Rick Edgecombe wrote:
> > > +config X86_SHADOW_STACK
> > > +    prompt "Intel Shadow Stack"
> > > +    def_bool n
> > > +    depends on AS_WRUSS
> > > +    depends on ARCH_HAS_SHADOW_STACK
> > > +    select ARCH_USES_HIGH_VMA_FLAGS
> > > +    help
> > > +      Shadow Stack protection is a hardware feature that detects
> > > function
> > > +      return address corruption.  This helps mitigate ROP
> > > attacks.
> > > +      Applications must be enabled to use it, and old userspace
> > > does not
> > > +      get protection "for free".
> > > +      Support for this feature is present on Tiger Lake family
> > > of
> > > +      processors released in 2020 or later.  Enabling this
> > > feature
> > > +      increases kernel text size by 3.7 KB.
> > 
> > I guess the "2020" comment is still OK.  But, given that it's on
> > AMD and
> > a could of other Intel models, maybe we should just leave this at:
> > 
> >        CPUs supporting shadow stacks were first released in 2020.
> 
> Yes.
> 
> > If we say anything.  We mostly want folks to just go read the
> > documentation if they needs more details.
> 
> Also the kernel text size increase blurb is pretty useless as that's
> a
> number which is wrong from day one.

Makes sense. Thanks.