Re: [PATCH v2] x86/fpu: Disable shstk if no CET_USER state

Next message: Ketil Johnsen: "[PATCH 5/8] drm/panthor: Minor scheduler refactoring"
Previous message: Chen-Yu Tsai: "Re: [PATCH v4 5/5] Allwinner: A523: add support for A523 THS0/1 controllers"
Next in thread: Borislav Petkov: "Re: [PATCH v2] x86/fpu: Disable shstk if no CET_USER state"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Borislav Petkov

Date: Tue May 05 2026 - 10:11:22 EST

On Thu, Apr 09, 2026 at 01:30:19PM -0700, Dave Hansen wrote:
> On 4/8/26 07:30, David Kaplan wrote:
> > + if (boot_cpu_has(X86_FEATURE_USER_SHSTK) &&
> > + !(fpu_kernel_cfg.max_features & XFEATURE_MASK_CET_USER)) {
> > + /*
> > + * The kernel relies on XSAVES/XRSTORS to context switch shadow
> > + * stack state. If this isn't present, disable user shadow
> > + * stacks.
> > + */
> > + pr_err("x86/fpu: CET_USER not supported in xstate when CET is supported. Disabling shadow stacks.\n");
> > + setup_clear_cpu_cap(X86_FEATURE_USER_SHSTK);
> > + }
>
> Are there any more of these? I'm wondering if we want a table that's
> effectively the reverse of xsave_cpuid_features[].
>
> Maybe X86_FEATURE_ENQCMD at least?

Frankly, I'd like to not do anything here. If the HV is misconfigured, then it
crashing and burning as early is possible is better than us going out of our
way to try to fix up things...

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette