Re: [PATCH] x86/cpu: Disable FRED when PTI is forced on

From: Borislav Petkov

Date: Tue Apr 21 2026 - 12:59:14 EST

On Tue, Apr 21, 2026 at 09:31:36AM -0700, Dave Hansen wrote:
>
> From: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
>
> FRED and PTI were never intended to work together. No FRED hardware is
> vulnerable to Meltdown and all of it should have LASS anyway.
> Nevertheless, if you boot a system with pti=on and fred=on, the kernel
> tries to do what is asked of it and dies a horrible death on the first
> attempt to run userspace (since it never switches to the user page
> tables).
>
> Disable FRED when PTI is forced on, and print a warning about it.
>
> A quick brain dump about what a FRED+PTI implementation would look like
> is below. I'm not sure it would make any sense to do it, but never say
> never. All I know is that it's way too complicated to be worth it today.

... and if anyone attempts it, they better justify the effort and overhead.

> <brain dump>
> The SWITCH_TO_USER/KERNEL_CR3 bits are simple to fix (or at least we
> have the assembly tools to do it already), as is sticking the FRED entry
> text in .entry.text (it's not in there today).
>
> The nasty part is the stacks. Today, the CPU pops into the kernel on
> MSR_IA32_FRED_RSP0 which is normal old kernel memory and not mapped to
> userspace. The hardware pushes gunk on to MSR_IA32_FRED_RSP0, which is
> currently the task stacks. MSR_IA32_FRED_RSP0 would need to point
> elsewhere, probably cpu_entry_stack(). Then, start playing games with
> stacks on entry/exit, including copying gunk to and from the task stack.
>
> While I'd *like* to have PTI everywhere, I'm not sure it's worth mucking
> up the FRED code with PTI kludges. If a user wants fast entry/exit, they
> use FRED. If you want PTI (and sekuritay), you certainly don't care
> about fast entry and FRED isn't going to help you *all* that much, so
> you can just stay with the IDT.
>
> Plus, FRED hardware should have LASS which gives you a similar security
> profile to PTI without the CR3 munging.
> </brain dump>
>
> Signed-off-by: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
> Reported-by: Gayatri Kammela <Gayatri.Kammela@xxxxxxx>
> Cc: stable@xxxxxxxxxxxxxxx
> Cc: Andy Lutomirski <luto@xxxxxxxxxx>
> Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
> Cc: Thomas Gleixner <tglx@xxxxxxxxxx>
> Cc: Ingo Molnar <mingo@xxxxxxxxxx>
> Cc: Borislav Petkov <bp@xxxxxxxxx>
> Cc: x86@xxxxxxxxxx
> Cc: "H. Peter Anvin" <hpa@xxxxxxxxx>
> ---

Yap, let's do the simplest thing first.

Reviewed-by: Borislav Petkov (AMD) <bp@xxxxxxxxx>

Thx.

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette