Re: [PATCH] x86/cpu: Disable FRED when PTI is forced on

[H. Peter Anvin]

On April 21, 2026 9:31:36 AM PDT, Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx> wrote:
>
>From: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
>
>FRED and PTI were never intended to work together. No FRED hardware is
>vulnerable to Meltdown and all of it should have LASS anyway.
>Nevertheless, if you boot a system with pti=on and fred=on, the kernel
>tries to do what is asked of it and dies a horrible death on the first
>attempt to run userspace (since it never switches to the user page
>tables).
>
>Disable FRED when PTI is forced on, and print a warning about it.
>
>A quick brain dump about what a FRED+PTI implementation would look like
>is below. I'm not sure it would make any sense to do it, but never say
>never. All I know is that it's way too complicated to be worth it today.
>
><brain dump>
>The SWITCH_TO_USER/KERNEL_CR3 bits are simple to fix (or at least we
>have the assembly tools to do it already), as is sticking the FRED entry
>text in .entry.text (it's not in there today).
>
>The nasty part is the stacks. Today, the CPU pops into the kernel on
>MSR_IA32_FRED_RSP0 which is normal old kernel memory and not mapped to
>userspace. The hardware pushes gunk on to MSR_IA32_FRED_RSP0, which is
>currently the task stacks. MSR_IA32_FRED_RSP0 would need to point
>elsewhere, probably cpu_entry_stack(). Then, start playing games with
>stacks on entry/exit, including copying gunk to and from the task stack.
>
>While I'd *like* to have PTI everywhere, I'm not sure it's worth mucking
>up the FRED code with PTI kludges. If a user wants fast entry/exit, they
>use FRED. If you want PTI (and sekuritay), you certainly don't care
>about fast entry and FRED isn't going to help you *all* that much, so
>you can just stay with the IDT.
>
>Plus, FRED hardware should have LASS which gives you a similar security
>profile to PTI without the CR3 munging.
></brain dump>
>
>Signed-off-by: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
>Reported-by: Gayatri Kammela <Gayatri.Kammela@xxxxxxx>
>Cc: stable@xxxxxxxxxxxxxxx
>Cc: Andy Lutomirski <luto@xxxxxxxxxx>
>Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
>Cc: Thomas Gleixner <tglx@xxxxxxxxxx>
>Cc: Ingo Molnar <mingo@xxxxxxxxxx>
>Cc: Borislav Petkov <bp@xxxxxxxxx>
>Cc: x86@xxxxxxxxxx
>Cc: "H. Peter Anvin" <hpa@xxxxxxxxx>
>---
>
> b/arch/x86/mm/pti.c |    5 +++++
> 1 file changed, 5 insertions(+)
>
>diff -puN arch/x86/mm/pti.c~fred-vs-kpti arch/x86/mm/pti.c
>--- a/arch/x86/mm/pti.c~fred-vs-kpti	2026-04-21 08:37:01.124709928 -0700
>+++ b/arch/x86/mm/pti.c	2026-04-21 08:41:11.219700206 -0700
>@@ -105,6 +105,11 @@ void __init pti_check_boottime_disable(v
> 		pr_debug("PTI enabled, disabling INVLPGB\n");
> 		setup_clear_cpu_cap(X86_FEATURE_INVLPGB);
> 	}
>+
>+	if (cpu_feature_enabled(X86_FEATURE_FRED)) {
>+		pr_debug("PTI enabled, disabling FRED\n");
>+		setup_clear_cpu_cap(X86_FEATURE_FRED);
>+	}
> }
> 
> static int __init pti_parse_cmdline(char *arg)
>_

Acked-by: H. Peter Anvin (Intel) <hpa@xxxxxxxxx>