Re: [PATCH v3] x86/cpufeatures: Make X86_FEATURE_SHSTK clearcpuid-able
From: Edgecombe, Rick P
Date: Thu May 14 2026 - 13:02:19 EST
On Thu, 2026-05-14 at 18:09 +0200, Mathias Krause wrote:
> Allow X86_FEATURE_SHST to be disabled through the kernel commandline via
> 'clearcpuid=shstk' as 'nousershstk' would still enable CR4.CET even if
> no CET features are in use.
>
> This, in combination with disabling IBT as well, e.g. via
> 'clearcpuid=shstk,ibt' allows to fully disable CR4.CET enabling on
> capable hardware, which in turn allows debugging CET-related issues
> during early boot.
>
> Signed-off-by: Mathias Krause <minipli@xxxxxxxxxxxxxx>
> ---
> v3:
> - switch to clearcpuid-based approach
> v2: https://lore.kernel.org/lkml/20260402173606.1096172-1-minipli@xxxxxxxxxxxxxx/
>
> arch/x86/include/asm/cpufeatures.h | 2 +-
To the general approach:
Acked-by: Rick Edgecombe <rick.p.edgecombe@xxxxxxxxx>
> tools/arch/x86/include/asm/cpufeatures.h | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
> index 1d506e5d6f46..75cc39037df6 100644
> --- a/arch/x86/include/asm/cpufeatures.h
> +++ b/arch/x86/include/asm/cpufeatures.h
> @@ -393,7 +393,7 @@
> #define X86_FEATURE_OSPKE (16*32+ 4) /* "ospke" OS Protection Keys Enable */
> #define X86_FEATURE_WAITPKG (16*32+ 5) /* "waitpkg" UMONITOR/UMWAIT/TPAUSE Instructions */
> #define X86_FEATURE_AVX512_VBMI2 (16*32+ 6) /* "avx512_vbmi2" Additional AVX512 Vector Bit Manipulation Instructions */
> -#define X86_FEATURE_SHSTK (16*32+ 7) /* Shadow stack */
> +#define X86_FEATURE_SHSTK (16*32+ 7) /* "shstk" CET Shadow Stack */
I hate to generate another version but adding CET here is an unnecessary change.
IBT doesn't match then.
> #define X86_FEATURE_GFNI (16*32+ 8) /* "gfni" Galois Field New Instructions */
> #define X86_FEATURE_VAES (16*32+ 9) /* "vaes" Vector AES */
> #define X86_FEATURE_VPCLMULQDQ (16*32+10) /* "vpclmulqdq" Carry-Less Multiplication Double Quadword */
> diff --git a/tools/arch/x86/include/asm/cpufeatures.h b/tools/arch/x86/include/asm/cpufeatures.h
> index 86d17b195e79..fcbe633e1f76 100644
> --- a/tools/arch/x86/include/asm/cpufeatures.h
> +++ b/tools/arch/x86/include/asm/cpufeatures.h
> @@ -393,7 +393,7 @@
> #define X86_FEATURE_OSPKE (16*32+ 4) /* "ospke" OS Protection Keys Enable */
> #define X86_FEATURE_WAITPKG (16*32+ 5) /* "waitpkg" UMONITOR/UMWAIT/TPAUSE Instructions */
> #define X86_FEATURE_AVX512_VBMI2 (16*32+ 6) /* "avx512_vbmi2" Additional AVX512 Vector Bit Manipulation Instructions */
> -#define X86_FEATURE_SHSTK (16*32+ 7) /* Shadow stack */
> +#define X86_FEATURE_SHSTK (16*32+ 7) /* "shstk" CET Shadow Stack */
> #define X86_FEATURE_GFNI (16*32+ 8) /* "gfni" Galois Field New Instructions */
> #define X86_FEATURE_VAES (16*32+ 9) /* "vaes" Vector AES */
> #define X86_FEATURE_VPCLMULQDQ (16*32+10) /* "vpclmulqdq" Carry-Less Multiplication Double Quadword */