Re: [PATCH v3] x86/cpufeatures: Make X86_FEATURE_SHSTK clearcpuid-able

Next message: Adrian Hunter: "[PATCH V4 00/17] i3c: mipi-i3c-hci: DMA abort, recovery and related improvements"
Previous message: Jan Kara: "Re: [PATCH] ufs: Handle NULL return from ufs_get_locked_folio()"
In reply to: Mathias Krause: "Re: [PATCH v3] x86/cpufeatures: Make X86_FEATURE_SHSTK clearcpuid-able"
Next in thread: Edgecombe, Rick P: "Re: [PATCH v3] x86/cpufeatures: Make X86_FEATURE_SHSTK clearcpuid-able"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Edgecombe, Rick P

Date: Fri May 15 2026 - 13:00:49 EST

On Fri, 2026-05-15 at 18:11 +0200, Mathias Krause wrote:
> >
> > Anyway, "nousershstk" should disable the CR4 bit too.
> >
>
> No, it should not, as that's only for the user portion
> (X86_FEATURE_USER_SHSTK != X86_FEATURE_SHSTK).
>
> Even though there is (currently) no kernel level shadow stack support,
> KVM may still want to pass it down to guests for their usage -- even if
> the host *userland* shouldn't make use of it because of "nousershstk".

Yea, I was thinking on how we would implement this and wondering along these
same lines. We would need to set CR4.CET if we have kernel ibt, user shadow
stack or KVM configured (and also with HW support).