Re: [PATCH v5 1/3] x86/cpu: Clear feature bits disabled at compile-time

[Maciej Wieczor-Retman]

On 2026-02-12 at 16:58:08 +0100, Borislav Petkov wrote:
>On Thu, Feb 12, 2026 at 03:34:38PM +0000, Maciej Wieczor-Retman wrote:
>> From: Maciej Wieczor-Retman <maciej.wieczor-retman@xxxxxxxxx>
>>
>> If some config options are disabled during compile time, they still are
>> enumerated in macros that use the x86_capability bitmask - cpu_has() or
>> this_cpu_has().
>>
>> The features are also visible in /proc/cpuinfo even though they are not
>> enabled - which is contrary to what the documentation states about the
>> file. Examples of such feature flags are lam, fred, sgx, ibrs_enhanced,
>> split_lock_detect, user_shstk, avx_vnni and enqcmd.
>
>I'm still unclear as to when did we break this? Did it ever work as
>documented?

I went as far back as the stable kernels go, to test separate backports and I'm
pretty sure this behavior was always there. At one point it was just documented
that is should work in a specific way which right now it doesn't.

>I wanna say yes, I've seen this turning off a feature removes it from
>/proc/cpuinfo but I don't remember any details...

I believe, previously, the only affected features were the ones that were
specifically listed with their complementary CONFIG options in the
disabled-features.h. But most of the older ones are locked behind EXPERT config
option if one would want to compile-time disable them. When looking at 5.15.x I
noticed SGX was there when it was not compiled for example. But at 5.10.x there
were no non-EXPERT features (at least none visible on the machine I was using to
test).

>> Through the cpufeaturemasks.awk script add a DISABLED_MASK_INITIALIZER
>> macro that creates an initializer list filled with DISABLED_MASKx
>> bitmasks.
>>
>> At the same time add a REQUIRED_MASK_INITIALIZER that can be used for a
>> sanity check of whether all the required feature bits are set at the end
>> of cpu identification.
>>
>> Initialize the cpu_caps_cleared array with the autogenerated disabled
>> bitmask. apply_forced_caps() will clear the corresponding bits in
>> boot_cpu_data.x86_capability[] and other secondary cpus'
>> cpu_data.x86_capability[]. Thus features disabled at compile time won't
>> show up in /proc/cpuinfo.
>
>Can you please stop explaining the diff? I can read the diff. Put in the
>commit message non-obvious text which is important. Not what you're doing.
>
>Check all your commit messages pls.

Sure, I'll revise these.

>
>Thx.
>
>--
>Regards/Gruss,
>    Boris.
>
>https://people.kernel.org/tglx/notes-about-netiquette

-- 
Kind regards
Maciej Wieczór-Retman