On 1/27/21 1:25 PM, Yu-cheng Yu wrote:
> + help
> + Control-flow protection is a hardware security hardening feature
> + that detects function-return address or jump target changes by
> + malicious code.
It's not really one feature. I also think it's not worth talking about
shadow stacks or indirect branch tracking in *here*. Leave that for
Documentation/.
Just say:
Control-flow protection is a set of hardware features which
place additional restrictions on indirect branches. These help
mitigate ROP attacks.
... and add more in the IBT patches.
> Applications must be enabled to use it, and old
> + userspace does not get protection "for free".
> + Support for this feature is present on processors released in
> + 2020 or later. Enabling this feature increases kernel text size
> + by 3.7 KB.
Did any CPUs ever get released that have this? If so, name them. If
not, time to change this to 2021, I think.
