Re: [PATCH v3] x86/cpufeatures: Make X86_FEATURE_SHSTK clearcpuid-able

Next message: Heiko Carstens: "Re: [PATCH v2 1/3] Doc: deprecated.rst: add strlcat()"
Previous message: Dmitry Baryshkov: "Re: [PATCH] drm/msm/dpu: fix UV scanlines calculation for YUV UBWC formats"
Next in thread: Mathias Krause: "Re: [PATCH v3] x86/cpufeatures: Make X86_FEATURE_SHSTK clearcpuid-able"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Borislav Petkov

Date: Sat May 16 2026 - 11:28:32 EST

On Fri, May 15, 2026 at 06:11:46PM +0200, Mathias Krause wrote:
> Funny to see how x86 maintainer options completely disagree on this, see
> https://lore.kernel.org/lkml/739e4dd0-84a3-4b37-8cc3-b7ec59737010@xxxxxxxxx/

You mean we should have an internal meeting first to agree on maintainer
policy so that we can have a common, unified messaging to the rest of the
community...?

Or are we allowed to disagree and find the most optimal solution in the
process?

Pfff.

> No, it should not, as that's only for the user portion
> (X86_FEATURE_USER_SHSTK != X86_FEATURE_SHSTK).
>
> Even though there is (currently) no kernel level shadow stack support,
> KVM may still want to pass it down to guests for their usage -- even if
> the host *userland* shouldn't make use of it because of "nousershstk".

So do a global "disable control-flow enforcement" thing which disables all
related features, as Rick points out.

That one should dump a warning saying what also it disables and that it should
be a debugging option. And I'm thinking it probably should taint the kernel
too because we don't want people left'n'right to turn off shadow stacks and
then complain...

Btw, this is my own opinion and just a suggestion - not a x86 maintainer
stance. I'm throwing this out so that someone else can propose a better one
and we arrive at the proper solution eventually. I.e., as we have always done
it on the mailing list...

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette