Re: [PATCH v10 05/26] x86/cet/shstk: Add Kconfig option for user-mode Shadow Stack

From: Dave Hansen
Date: Thu May 07 2020 - 11:55:22 EST

Next message: Yu-cheng Yu: "[PATCH v3 06/10] x86/fpu/xstate: Update sanitize_restored_xstate() for supervisor xstates"
Previous message: Daniel Borkmann: "Re: [PATCH v3] net: bpf: permit redirect from ingress L3 to egress L2 devices at near max mtu"
Next in thread: Yu-cheng Yu: "Re: [PATCH v10 05/26] x86/cet/shstk: Add Kconfig option for user-mode Shadow Stack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 4/29/20 3:07 PM, Yu-cheng Yu wrote:
> +config X86_INTEL_SHADOW_STACK_USER
> + prompt "Intel Shadow Stacks for user-mode"
> + def_bool n
> + depends on CPU_SUP_INTEL && X86_64
> + depends on AS_HAS_SHADOW_STACK
> + select ARCH_USES_HIGH_VMA_FLAGS
> + select X86_INTEL_CET
> + select ARCH_HAS_SHADOW_STACK

I called protection keys: X86_INTEL_MEMORY_PROTECTION_KEYS

AMD recently posted documentation which shows them implementing it as
well. The "INTEL_" is feeling now like a mistake.

Going forward, we should probably avoid sticking the company name on
them, if for no other reason than avoiding confusion and/or churn in the
future.

Shadow stacks, for instance, seem like something that another vendor
might implement one day. So, let's at least remove the "INTEL_" from
the config option names themselves. Mentioning Intel in the changelog
and the Kconfig help text is fine.

Next message: Yu-cheng Yu: "[PATCH v3 06/10] x86/fpu/xstate: Update sanitize_restored_xstate() for supervisor xstates"
Previous message: Daniel Borkmann: "Re: [PATCH v3] net: bpf: permit redirect from ingress L3 to egress L2 devices at near max mtu"
Next in thread: Yu-cheng Yu: "Re: [PATCH v10 05/26] x86/cet/shstk: Add Kconfig option for user-mode Shadow Stack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]