Re: [PATCH v3] x86/cpufeatures: Make X86_FEATURE_SHSTK clearcpuid-able

Next message: Vladimir Oltean: "Re: [PATCH 1/2 v3] phy: ti: pipe3: Fix clock resource leak on probe errors"
Previous message: Wander Lairson Costa: "Re: [PATCH 01/13] verification/rvgen: Switch LTL parser to Lark"
In reply to: Edgecombe, Rick P: "Re: [PATCH v3] x86/cpufeatures: Make X86_FEATURE_SHSTK clearcpuid-able"
Next in thread: Edgecombe, Rick P: "Re: [PATCH v3] x86/cpufeatures: Make X86_FEATURE_SHSTK clearcpuid-able"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Mathias Krause

Date: Fri May 15 2026 - 12:37:28 EST

On 5/14/26 18:59, Borislav Petkov wrote:
> On Thu, May 14, 2026 at 06:09:32PM +0200, Mathias Krause wrote:
>> Allow X86_FEATURE_SHST to be disabled through the kernel commandline via
>> 'clearcpuid=shstk' as 'nousershstk' would still enable CR4.CET even if
>> no CET features are in use.
>
> clearcpuid= taints the kernel because that cmdline option is not supposed to
> be used except for debugging crap... and alas people are still using it. No
> wonder... :-\

Funny to see how x86 maintainer options completely disagree on this, see
https://lore.kernel.org/lkml/739e4dd0-84a3-4b37-8cc3-b7ec59737010@xxxxxxxxx/

>
> Anyway, "nousershstk" should disable the CR4 bit too.
>

No, it should not, as that's only for the user portion
(X86_FEATURE_USER_SHSTK != X86_FEATURE_SHSTK).

Even though there is (currently) no kernel level shadow stack support,
KVM may still want to pass it down to guests for their usage -- even if
the host *userland* shouldn't make use of it because of "nousershstk".

Thanks,
Mathias