Re: [PATCH] x86/shstk: Provide kernel command line knob to disable

Next message: SeongJae Park: "[PATCH 3/3] mm/damon: add synchronous commit for commit_inputs"
Previous message: SeongJae Park: "[PATCH 2/3] Docs/admin-guide/mm/damon: fix 'parametrs' typo"
In reply to: Peter Zijlstra: "Re: [PATCH] x86/shstk: Provide kernel command line knob to disable"
Next in thread: Peter Zijlstra: "Re: [PATCH] x86/shstk: Provide kernel command line knob to disable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Mathias Krause

Date: Thu Apr 02 2026 - 12:01:21 EST

On 02.04.26 17:54, Peter Zijlstra wrote:
> On Thu, Apr 02, 2026 at 05:44:05PM +0200, Mathias Krause wrote:
>> Provide a kernel command line option 'shstk=off' to disable CET shadow
>> stacks, much like 'ibt=off' can be used to disable CET IBT.
>>
>> With both set to off, it avoids setting CR4.CET on capable hardware to
>> allow debugging related issues during early boot.
>
> Why though?

I ran into related issues three times in the past now, where the lack of
early exception handling and the lack of a knob to disable CR4.CET=1
enabling made debugging this a real PITA. Now, with QEMU having gained
CET virtualization support, that may be less of an issue. However, in at
least one case the UEFI firmware was involved and I had to test&debug on
bare metal. Having such a knob allows ruling out or pin-pointing CET as
the cause more easily.

Thanks,
Mathias