Re: UMIP and clearcpuid=

Next message: Arnaldo Carvalho de Melo: "Re: [PATCH v2] perf build: Respect V=1 for Python extension builds"
Previous message: Doruk Tan Ozturk: "[PATCH net v2] tipc: fix slab-use-after-free Read in tipc_aead_decrypt_done"
In reply to: Ronan Pigott: "UMIP and clearcpuid="
Next in thread: Ronan Pigott: "Re: UMIP and clearcpuid="
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Borislav Petkov

Date: Wed Jun 10 2026 - 16:04:35 EST

On Wed, Jun 10, 2026 at 07:46:11PM +0000, Ronan Pigott wrote:
> In [1] the clearcpuid= flag was hidden, but afaik this remains the only way to
> disable UMIP.

The reason for wanting to disable it being?

> At the time UMIP was enabled, clearcpuid was apparently determined to be the
> appropriate method of disablement in [2],

Don't confuse "appropriate" with "might be good enough" ;)

> and it remains recommended by the documentation in [3].

That doc says:

"DO NOT USE this cmdline option in production - it is meant to be used only as
a quick’n’dirty debugging aid to rule out a feature-enabling code is the
culprit. If you use it, it’ll taint the kernel."

> If clearcpuid is no good, can we have a sanctioned method to disable UMIP
> protections instead then?

Let's figure out the use case first pls.

Thx.

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette