[PATCH] x86/shstk: Provide kernel command line knob to disable

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] x86/shstk: Provide kernel command line knob to disable
@ 2026-04-02 15:44 Mathias Krause
  2026-04-02 15:54 ` Peter Zijlstra
  0 siblings, 1 reply; 8+ messages in thread
From: Mathias Krause @ 2026-04-02 15:44 UTC (permalink / raw)
  To: Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen, x86
  Cc: Rick Edgecombe, Peter Zijlstra, linux-kernel, Mathias Krause

Provide a kernel command line option 'shstk=off' to disable CET shadow
stacks, much like 'ibt=off' can be used to disable CET IBT.

With both set to off, it avoids setting CR4.CET on capable hardware to
allow debugging related issues during early boot.

Signed-off-by: Mathias Krause <minipli@grsecurity.net>
---
 arch/x86/kernel/shstk.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/arch/x86/kernel/shstk.c b/arch/x86/kernel/shstk.c
index 978232b6d48d..68b46bf1540b 100644
--- a/arch/x86/kernel/shstk.c
+++ b/arch/x86/kernel/shstk.c
@@ -542,6 +542,15 @@ static int shstk_disable(void)
 	return 0;
 }
 
+static int __init shstk_configure(char *str)
+{
+	if (!strcmp(str, "off"))
+		setup_clear_cpu_cap(X86_FEATURE_SHSTK);
+
+	return 1;
+}
+__setup("shstk=", shstk_configure);
+
 SYSCALL_DEFINE3(map_shadow_stack, unsigned long, addr, unsigned long, size, unsigned int, flags)
 {
 	bool set_tok = flags & SHADOW_STACK_SET_TOKEN;
-- 
2.47.3


^ permalink raw reply related	[flat|nested] 8+ messages in thread

* Re: [PATCH] x86/shstk: Provide kernel command line knob to disable
  2026-04-02 15:44 [PATCH] x86/shstk: Provide kernel command line knob to disable Mathias Krause
@ 2026-04-02 15:54 ` Peter Zijlstra
  2026-04-02 15:59   ` Mathias Krause
  0 siblings, 1 reply; 8+ messages in thread
From: Peter Zijlstra @ 2026-04-02 15:54 UTC (permalink / raw)
  To: Mathias Krause
  Cc: Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen, x86,
	Rick Edgecombe, linux-kernel

On Thu, Apr 02, 2026 at 05:44:05PM +0200, Mathias Krause wrote:
> Provide a kernel command line option 'shstk=off' to disable CET shadow
> stacks, much like 'ibt=off' can be used to disable CET IBT.
> 
> With both set to off, it avoids setting CR4.CET on capable hardware to
> allow debugging related issues during early boot.

Why though?

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH] x86/shstk: Provide kernel command line knob to disable
  2026-04-02 15:54 ` Peter Zijlstra
@ 2026-04-02 15:59   ` Mathias Krause
  2026-04-02 16:04     ` Peter Zijlstra
  0 siblings, 1 reply; 8+ messages in thread
From: Mathias Krause @ 2026-04-02 15:59 UTC (permalink / raw)
  To: Peter Zijlstra
  Cc: Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen, x86,
	Rick Edgecombe, linux-kernel

On 02.04.26 17:54, Peter Zijlstra wrote:
> On Thu, Apr 02, 2026 at 05:44:05PM +0200, Mathias Krause wrote:
>> Provide a kernel command line option 'shstk=off' to disable CET shadow
>> stacks, much like 'ibt=off' can be used to disable CET IBT.
>>
>> With both set to off, it avoids setting CR4.CET on capable hardware to
>> allow debugging related issues during early boot.
> 
> Why though?

I ran into related issues three times in the past now, where the lack of
early exception handling and the lack of a knob to disable CR4.CET=1
enabling made debugging this a real PITA. Now, with QEMU having gained
CET virtualization support, that may be less of an issue. However, in at
least one case the UEFI firmware was involved and I had to test&debug on
bare metal. Having such a knob allows ruling out or pin-pointing CET as
the cause more easily.

Thanks,
Mathias

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH] x86/shstk: Provide kernel command line knob to disable
  2026-04-02 15:59   ` Mathias Krause
@ 2026-04-02 16:04     ` Peter Zijlstra
  2026-04-02 16:53       ` Edgecombe, Rick P
  0 siblings, 1 reply; 8+ messages in thread
From: Peter Zijlstra @ 2026-04-02 16:04 UTC (permalink / raw)
  To: Mathias Krause
  Cc: Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen, x86,
	Rick Edgecombe, linux-kernel

On Thu, Apr 02, 2026 at 05:59:46PM +0200, Mathias Krause wrote:
> On 02.04.26 17:54, Peter Zijlstra wrote:
> > On Thu, Apr 02, 2026 at 05:44:05PM +0200, Mathias Krause wrote:
> >> Provide a kernel command line option 'shstk=off' to disable CET shadow
> >> stacks, much like 'ibt=off' can be used to disable CET IBT.
> >>
> >> With both set to off, it avoids setting CR4.CET on capable hardware to
> >> allow debugging related issues during early boot.
> > 
> > Why though?
> 
> I ran into related issues three times in the past now, where the lack of
> early exception handling and the lack of a knob to disable CR4.CET=1
> enabling made debugging this a real PITA. Now, with QEMU having gained
> CET virtualization support, that may be less of an issue. 

Ah, I wrote the kernel IBT code using a host/qemu patched with very
early versions of those patches. It did indeed take ages for that stuff
to land upstream.

> However, in at least one case the UEFI firmware was involved and I had
> to test&debug on bare metal. Having such a knob allows ruling out or
> pin-pointing CET as the cause more easily.

Fair enough, although this should probably have made it in the
Changelog.

Other than that, 

Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH] x86/shstk: Provide kernel command line knob to disable
  2026-04-02 16:04     ` Peter Zijlstra
@ 2026-04-02 16:53       ` Edgecombe, Rick P
  2026-04-02 16:57         ` Dave Hansen
  2026-04-02 17:01         ` Mathias Krause
  0 siblings, 2 replies; 8+ messages in thread
From: Edgecombe, Rick P @ 2026-04-02 16:53 UTC (permalink / raw)
  To: peterz@infradead.org, minipli@grsecurity.net
  Cc: x86@kernel.org, mingo@redhat.com, tglx@kernel.org,
	linux-kernel@vger.kernel.org, bp@alien8.de,
	dave.hansen@linux.intel.com

On Thu, 2026-04-02 at 18:04 +0200, Peter Zijlstra wrote:
> > However, in at least one case the UEFI firmware was involved and I
> > had to test&debug on bare metal. Having such a knob allows ruling
> > out or pin-pointing CET as the cause more easily.
> 
> Fair enough, although this should probably have made it in the
> Changelog.
> 
> Other than that, 

Some firmwares use supervisor shadow stack in SMM and have had issues
with CR4.CET set. But these were BIOS crashes.

The other usefulness could be recovering from shadow stack crashes in
early userspace that block boot.

Acked-by: Rick Edgecombe <rick.p.edgecombe@intel.com>

Could we add something to the docs though?

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH] x86/shstk: Provide kernel command line knob to disable
  2026-04-02 16:53       ` Edgecombe, Rick P
@ 2026-04-02 16:57         ` Dave Hansen
  2026-04-02 17:38           ` Mathias Krause
  2026-04-02 17:01         ` Mathias Krause
  1 sibling, 1 reply; 8+ messages in thread
From: Dave Hansen @ 2026-04-02 16:57 UTC (permalink / raw)
  To: Edgecombe, Rick P, peterz@infradead.org, minipli@grsecurity.net
  Cc: x86@kernel.org, mingo@redhat.com, tglx@kernel.org,
	linux-kernel@vger.kernel.org, bp@alien8.de,
	dave.hansen@linux.intel.com

On 4/2/26 09:53, Edgecombe, Rick P wrote:
> Could we add something to the docs though?

Yes, an update to Documentation/admin-guide/kernel-parameters.txt is in
order. Bonus points if the missing ibt=off gets added too.

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH] x86/shstk: Provide kernel command line knob to disable
  2026-04-02 16:57         ` Dave Hansen
@ 2026-04-02 17:38           ` Mathias Krause
  0 siblings, 0 replies; 8+ messages in thread
From: Mathias Krause @ 2026-04-02 17:38 UTC (permalink / raw)
  To: Dave Hansen
  Cc: x86@kernel.org, mingo@redhat.com, Edgecombe, Rick P,
	tglx@kernel.org, linux-kernel@vger.kernel.org, bp@alien8.de,
	dave.hansen@linux.intel.com, peterz@infradead.org

On 02.04.26 18:57, Dave Hansen wrote:
> On 4/2/26 09:53, Edgecombe, Rick P wrote:
>> Could we add something to the docs though?
> 
> Yes, an update to Documentation/admin-guide/kernel-parameters.txt is in
> order. Bonus points if the missing ibt=off gets added too.

Ready to pick up my bonus points: :D
https://lore.kernel.org/lkml/20260402173606.1096172-1-minipli@grsecurity.net/

Cheers,
Mathias

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH] x86/shstk: Provide kernel command line knob to disable
  2026-04-02 16:53       ` Edgecombe, Rick P
  2026-04-02 16:57         ` Dave Hansen
@ 2026-04-02 17:01         ` Mathias Krause
  1 sibling, 0 replies; 8+ messages in thread
From: Mathias Krause @ 2026-04-02 17:01 UTC (permalink / raw)
  To: Edgecombe, Rick P, peterz@infradead.org
  Cc: x86@kernel.org, mingo@redhat.com, tglx@kernel.org,
	linux-kernel@vger.kernel.org, bp@alien8.de,
	dave.hansen@linux.intel.com

On 02.04.26 18:53, Edgecombe, Rick P wrote:
> On Thu, 2026-04-02 at 18:04 +0200, Peter Zijlstra wrote:
>>> However, in at least one case the UEFI firmware was involved and I
>>> had to test&debug on bare metal. Having such a knob allows ruling
>>> out or pin-pointing CET as the cause more easily.
>>
>> Fair enough, although this should probably have made it in the
>> Changelog.
>>
>> Other than that, 
> 
> Some firmwares use supervisor shadow stack in SMM and have had issues
> with CR4.CET set. But these were BIOS crashes.

TIL! :D

> 
> The other usefulness could be recovering from shadow stack crashes in
> early userspace that block boot.

Jepp. A chicken-bit is always nice to have, IMHO.

> 
> Acked-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
> 
> Could we add something to the docs though?

As the 'ibt=off' commandline option lacks documentation as well, I don't
think it's needed.

There are other parameters, e.g. "debug-alternative", that are useful
debugging tools but also lack documentation. The reason for that is
likely that these switches are meant for developers and these can 'git
grep -w __setup' easily to hunt for these.

Thanks,
Mathias


^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2026-04-02 17:38 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-02 15:44 [PATCH] x86/shstk: Provide kernel command line knob to disable Mathias Krause
2026-04-02 15:54 ` Peter Zijlstra
2026-04-02 15:59   ` Mathias Krause
2026-04-02 16:04     ` Peter Zijlstra
2026-04-02 16:53       ` Edgecombe, Rick P
2026-04-02 16:57         ` Dave Hansen
2026-04-02 17:38           ` Mathias Krause
2026-04-02 17:01         ` Mathias Krause

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.