Re: [PATCH v5 1/3] x86/cpu: Clear feature bits disabled at compile-time

[Borislav Petkov]

On Thu, Feb 12, 2026 at 03:34:38PM +0000, Maciej Wieczor-Retman wrote:
> From: Maciej Wieczor-Retman <maciej.wieczor-retman@xxxxxxxxx>
> 
> If some config options are disabled during compile time, they still are
> enumerated in macros that use the x86_capability bitmask - cpu_has() or
> this_cpu_has().
> 
> The features are also visible in /proc/cpuinfo even though they are not
> enabled - which is contrary to what the documentation states about the
> file. Examples of such feature flags are lam, fred, sgx, ibrs_enhanced,
> split_lock_detect, user_shstk, avx_vnni and enqcmd.

I'm still unclear as to when did we break this? Did it ever work as
documented?

I wanna say yes, I've seen this turning off a feature removes it from
/proc/cpuinfo but I don't remember any details...

> Through the cpufeaturemasks.awk script add a DISABLED_MASK_INITIALIZER
> macro that creates an initializer list filled with DISABLED_MASKx
> bitmasks.
> 
> At the same time add a REQUIRED_MASK_INITIALIZER that can be used for a
> sanity check of whether all the required feature bits are set at the end
> of cpu identification.
> 
> Initialize the cpu_caps_cleared array with the autogenerated disabled
> bitmask. apply_forced_caps() will clear the corresponding bits in
> boot_cpu_data.x86_capability[] and other secondary cpus'
> cpu_data.x86_capability[]. Thus features disabled at compile time won't
> show up in /proc/cpuinfo.

Can you please stop explaining the diff? I can read the diff. Put in the
commit message non-obvious text which is important. Not what you're doing.

Check all your commit messages pls.

Thx.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette