From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 61B03330D29 for ; Thu, 2 Apr 2026 15:55:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=90.155.92.199 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775145303; cv=none; b=JiT/4zxJCGl4GhlCxaNm9L75gPbf8Bwfto5H26pfpMDoriu9P6W2wjRBLTdDQhWhdW9iFG/3ih2gWzf03CTNX43+V4Lj8NrS3j3XOETI8WVt0q+WihseBpoa0DRibz11ByFw8Z5bNPqHawZfyqDH47GJe3tmY9eR7NMTuMwLpWI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775145303; c=relaxed/simple; bh=/DiTHvQWQhL48lWAFEr0bLuy91ZI1Hs+W7OcGCtChCs=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=eE6BTLeHosq3is3XPDSZw4IDlyihMs/4+vOKgQFgg5WZMbIqXMmG6T/AnqRsIy/KM6tyBUn/BdyVkE8LHGGEdKhNuwtJxQTvwkx9JBG4qMVYUofBZs1fr9sbFGN/OZ258/7oHLRV3mP5pq5XisgDENn3Vx72sk4qHWREf5M+C9o= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=infradead.org; spf=none smtp.mailfrom=infradead.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b=Q4UPtYiV; arc=none smtp.client-ip=90.155.92.199 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=infradead.org Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=infradead.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="Q4UPtYiV" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=desiato.20200630; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=peE8h8tFerjkxyBGoNh63sI7q6HIPQu/sffp/54xXu8=; b=Q4UPtYiVnBsLAjShkI1r1o0g5l 0j+vBpIX8bAooifL8YFS90S9mFfR2tdmg9qCswo/DegCQmBfJ/Agb8zsttNfCK19QSBm9MN6Uc3T2 kTmm7MSIwSFdot21aJ/RFAueW0Za6z747mmPWZWoZ/nfSmUgVo1FVNRAe/C4B5ItkXNuKRwOZGcc4 LqEu6k2+oWR5r020HCsNZwfdpKWyVlDsV0NUMJTLPxByjzJ/YkTKmc2E0pfQiyHykXoWqGY1adFqQ xRqNlqbYJvmhfylvqkBllDdC3FwcjRmTVR2xwwklYIKYAL+7VbSDh6L+SopzlVZULWfCEAccNMWU8 QANUMvyQ==; Received: from 77-249-17-252.cable.dynamic.v4.ziggo.nl ([77.249.17.252] helo=noisy.programming.kicks-ass.net) by desiato.infradead.org with esmtpsa (Exim 4.98.2 #2 (Red Hat Linux)) id 1w8KNi-00000002pLh-0Nif; Thu, 02 Apr 2026 15:54:54 +0000 Received: by noisy.programming.kicks-ass.net (Postfix, from userid 1000) id D8A5030301D; Thu, 02 Apr 2026 17:54:52 +0200 (CEST) Date: Thu, 2 Apr 2026 17:54:52 +0200 From: Peter Zijlstra To: Mathias Krause Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, Rick Edgecombe , linux-kernel@vger.kernel.org Subject: Re: [PATCH] x86/shstk: Provide kernel command line knob to disable Message-ID: <20260402155452.GD3739027@noisy.programming.kicks-ass.net> References: <20260402154405.1090935-1-minipli@grsecurity.net> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20260402154405.1090935-1-minipli@grsecurity.net> On Thu, Apr 02, 2026 at 05:44:05PM +0200, Mathias Krause wrote: > Provide a kernel command line option 'shstk=off' to disable CET shadow > stacks, much like 'ibt=off' can be used to disable CET IBT. > > With both set to off, it avoids setting CR4.CET on capable hardware to > allow debugging related issues during early boot. Why though?