Re: [PATCH] x86/shstk: Provide kernel command line knob to disable

Next message: Harry Wentland: "Re: [PATCH v5 0/3] Add &quot;link bpc&quot; DRM property"
Previous message: Ronald Claveau: "Re: [PATCH 5/8] thermal: khadas-mcu-fan: Add fan config from platform data Add regulator support"
In reply to: Mathias Krause: "Re: [PATCH] x86/shstk: Provide kernel command line knob to disable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Mathias Krause

Date: Thu Apr 02 2026 - 13:05:37 EST

On 02.04.26 18:53, Edgecombe, Rick P wrote:
> On Thu, 2026-04-02 at 18:04 +0200, Peter Zijlstra wrote:
>>> However, in at least one case the UEFI firmware was involved and I
>>> had to test&debug on bare metal. Having such a knob allows ruling
>>> out or pin-pointing CET as the cause more easily.
>>
>> Fair enough, although this should probably have made it in the
>> Changelog.
>>
>> Other than that,
>
> Some firmwares use supervisor shadow stack in SMM and have had issues
> with CR4.CET set. But these were BIOS crashes.

TIL! :D

>
> The other usefulness could be recovering from shadow stack crashes in
> early userspace that block boot.

Jepp. A chicken-bit is always nice to have, IMHO.

>
> Acked-by: Rick Edgecombe <rick.p.edgecombe@xxxxxxxxx>
>
> Could we add something to the docs though?

As the 'ibt=off' commandline option lacks documentation as well, I don't
think it's needed.

There are other parameters, e.g. "debug-alternative", that are useful
debugging tools but also lack documentation. The reason for that is
likely that these switches are meant for developers and these can 'git
grep -w __setup' easily to hunt for these.

Thanks,
Mathias