Re: [PATCH v8 1/3] x86/cpu: Clear feature bits disabled at compile-time
From: Borislav Petkov
Date: Mon Mar 02 2026 - 14:32:15 EST
On Mon, Mar 02, 2026 at 03:25:10PM +0000, Maciej Wieczor-Retman wrote:
> From: Maciej Wieczor-Retman <maciej.wieczor-retman@xxxxxxxxx>
>
> If some config options are disabled during compile time, they still are
> enumerated in macros that use the x86_capability bitmask - cpu_has() or
> this_cpu_has().
>
> The features are also visible in /proc/cpuinfo even though they are not
> enabled - which is contrary to what the documentation states about the
> file. Examples of such feature flags are lam, fred, sgx, ibrs_enhanced,
> split_lock_detect, user_shstk, avx_vnni and enqcmd.
>
> Once the cpu_caps_cleared array is initialized with the autogenerated
> disabled bitmask apply_forced_caps() will clear the corresponding bits
> in boot_cpu_data.x86_capability[] and other secondary cpus'
All your text: s/cpu/CPU/g
> cpu_data.x86_capability[]. Thus features disabled at compile time won't
> show up in /proc/cpuinfo.
>
> Reported-by: Farrah Chen <farrah.chen@xxxxxxxxx>
> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=220348
> Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman@xxxxxxxxx>
> Cc: <stable@xxxxxxxxxxxxxxx> # 6.18.x
So why is this going to stable anyway?
What is the serious issue this is fixing? Really...?
> ---
> Changelog v6:
> - Remove patch message portions that are not just describing the diff.
>
> arch/x86/kernel/cpu/common.c | 3 ++-
> arch/x86/tools/cpufeaturemasks.awk | 6 ++++++
> 2 files changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
> index 1c3261cae40c..9aa11224a038 100644
> --- a/arch/x86/kernel/cpu/common.c
> +++ b/arch/x86/kernel/cpu/common.c
> @@ -732,7 +732,8 @@ static const char *table_lookup_model(struct cpuinfo_x86 *c)
>
> /* Aligned to unsigned long to avoid split lock in atomic bitmap ops */
> -__u32 cpu_caps_cleared[NCAPINTS + NBUGINTS] __aligned(sizeof(unsigned long));
> +__u32 cpu_caps_cleared[NCAPINTS + NBUGINTS] __aligned(sizeof(unsigned long)) =
> + DISABLED_MASK_INITIALIZER;
DISABLED_MASK_INIT is kinda obvious already.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette