Re: [PATCH v5 1/3] x86/cpu: Clear feature bits disabled at compile-time

[H. Peter Anvin]

On February 12, 2026 8:23:58 AM PST, Maciej Wieczor-Retman <m.wieczorretman@xxxxx> wrote:
>On 2026-02-12 at 16:58:08 +0100, Borislav Petkov wrote:
>>On Thu, Feb 12, 2026 at 03:34:38PM +0000, Maciej Wieczor-Retman wrote:
>>> From: Maciej Wieczor-Retman <maciej.wieczor-retman@xxxxxxxxx>
>>>
>>> If some config options are disabled during compile time, they still are
>>> enumerated in macros that use the x86_capability bitmask - cpu_has() or
>>> this_cpu_has().
>>>
>>> The features are also visible in /proc/cpuinfo even though they are not
>>> enabled - which is contrary to what the documentation states about the
>>> file. Examples of such feature flags are lam, fred, sgx, ibrs_enhanced,
>>> split_lock_detect, user_shstk, avx_vnni and enqcmd.
>>
>>I'm still unclear as to when did we break this? Did it ever work as
>>documented?
>
>I went as far back as the stable kernels go, to test separate backports and I'm
>pretty sure this behavior was always there. At one point it was just documented
>that is should work in a specific way which right now it doesn't.
>
>>I wanna say yes, I've seen this turning off a feature removes it from
>>/proc/cpuinfo but I don't remember any details...
>
>I believe, previously, the only affected features were the ones that were
>specifically listed with their complementary CONFIG options in the
>disabled-features.h. But most of the older ones are locked behind EXPERT config
>option if one would want to compile-time disable them. When looking at 5.15.x I
>noticed SGX was there when it was not compiled for example. But at 5.10.x there
>were no non-EXPERT features (at least none visible on the machine I was using to
>test).
>
>>> Through the cpufeaturemasks.awk script add a DISABLED_MASK_INITIALIZER
>>> macro that creates an initializer list filled with DISABLED_MASKx
>>> bitmasks.
>>>
>>> At the same time add a REQUIRED_MASK_INITIALIZER that can be used for a
>>> sanity check of whether all the required feature bits are set at the end
>>> of cpu identification.
>>>
>>> Initialize the cpu_caps_cleared array with the autogenerated disabled
>>> bitmask. apply_forced_caps() will clear the corresponding bits in
>>> boot_cpu_data.x86_capability[] and other secondary cpus'
>>> cpu_data.x86_capability[]. Thus features disabled at compile time won't
>>> show up in /proc/cpuinfo.
>>
>>Can you please stop explaining the diff? I can read the diff. Put in the
>>commit message non-obvious text which is important. Not what you're doing.
>>
>>Check all your commit messages pls.
>
>Sure, I'll revise these.
>
>>
>>Thx.
>>
>>--
>>Regards/Gruss,
>>    Boris.
>>
>>https://people.kernel.org/tglx/notes-about-netiquette
>

As the original author of the code I'm pretty sure that bug was always there.