Re: [PATCH v8 1/3] x86/cpu: Clear feature bits disabled at compile-time
From: Maciej Wieczor-Retman
Date: Mon Mar 02 2026 - 14:50:44 EST
On 2026-03-02 at 20:31:42 +0100, Borislav Petkov wrote:
>On Mon, Mar 02, 2026 at 03:25:10PM +0000, Maciej Wieczor-Retman wrote:
>> From: Maciej Wieczor-Retman <maciej.wieczor-retman@xxxxxxxxx>
>>
>> If some config options are disabled during compile time, they still are
>> enumerated in macros that use the x86_capability bitmask - cpu_has() or
>> this_cpu_has().
>>
>> The features are also visible in /proc/cpuinfo even though they are not
>> enabled - which is contrary to what the documentation states about the
>> file. Examples of such feature flags are lam, fred, sgx, ibrs_enhanced,
>> split_lock_detect, user_shstk, avx_vnni and enqcmd.
>>
>> Once the cpu_caps_cleared array is initialized with the autogenerated
>> disabled bitmask apply_forced_caps() will clear the corresponding bits
>> in boot_cpu_data.x86_capability[] and other secondary cpus'
>
>All your text: s/cpu/CPU/g
Sure, I'll change it.
>
>> cpu_data.x86_capability[]. Thus features disabled at compile time won't
>> show up in /proc/cpuinfo.
>>
>> Reported-by: Farrah Chen <farrah.chen@xxxxxxxxx>
>> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=220348
>> Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman@xxxxxxxxx>
>> Cc: <stable@xxxxxxxxxxxxxxx> # 6.18.x
>
>So why is this going to stable anyway?
>
>What is the serious issue this is fixing? Really...?
The documentation from at least 5.10 onwards promises to have flags in cpuinfo
only if they're truly compiled and enabled. So I thought that incosistency can
be corrected from that point on. For the 6.18 stable kernel this particular
patch applies cleanly because it already started using the awk script. For the
older ones I took Greg's advice and prepared separate patch that worked before
the awk script was introduced.
>> ---
>> Changelog v6:
>> - Remove patch message portions that are not just describing the diff.
>>
>> arch/x86/kernel/cpu/common.c | 3 ++-
>> arch/x86/tools/cpufeaturemasks.awk | 6 ++++++
>> 2 files changed, 8 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
>> index 1c3261cae40c..9aa11224a038 100644
>> --- a/arch/x86/kernel/cpu/common.c
>> +++ b/arch/x86/kernel/cpu/common.c
>> @@ -732,7 +732,8 @@ static const char *table_lookup_model(struct cpuinfo_x86 *c)
>>
>> /* Aligned to unsigned long to avoid split lock in atomic bitmap ops */
>> -__u32 cpu_caps_cleared[NCAPINTS + NBUGINTS] __aligned(sizeof(unsigned long));
>> +__u32 cpu_caps_cleared[NCAPINTS + NBUGINTS] __aligned(sizeof(unsigned long)) =
>> + DISABLED_MASK_INITIALIZER;
>
>DISABLED_MASK_INIT is kinda obvious already.
Okay, I'll shorten it.
>
>--
>Regards/Gruss,
> Boris.
>
>https://people.kernel.org/tglx/notes-about-netiquette
--
Kind regards
Maciej Wieczór-Retman