From: Sean Christopherson <seanjc@google.com>
To: David Kaplan <David.Kaplan@amd.com>
Cc: Thomas Gleixner <tglx@kernel.org>, Ingo Molnar <mingo@redhat.com>,
Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"x86@kernel.org" <x86@kernel.org>,
"H. Peter Anvin" <hpa@zytor.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] x86/fpu: Disable shstk if no CET_USER state
Date: Mon, 6 Apr 2026 07:26:48 -0700 [thread overview]
Message-ID: <adPCqGMF-eV2ZUuV@google.com> (raw)
In-Reply-To: <DS7PR12MB82013EBE3FEDDDB2EAD6BA90945EA@DS7PR12MB8201.namprd12.prod.outlook.com>
On Fri, Apr 03, 2026, David Kaplan wrote:
> > From: Kaplan, David
> > > > ---
> > > > arch/x86/kernel/fpu/xstate.c | 11 +++++++++++
> > > > 1 file changed, 11 insertions(+)
> > > >
> > > > diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c
> > > > index 76153dfb58c9..188323442b4d 100644
> > > > --- a/arch/x86/kernel/fpu/xstate.c
> > > > +++ b/arch/x86/kernel/fpu/xstate.c
> > > > @@ -855,6 +855,17 @@ void __init fpu__init_system_xstate(unsigned int
> > > legacy_size)
> > > > goto out_disable;
> > > > }
> > > >
> > > > + if (boot_cpu_has(X86_FEATURE_USER_SHSTK) &&
> > > > + !(fpu_kernel_cfg.max_features & XFEATURE_MASK_CET_USER)) {
> > > > + /*
> > > > + * The kernel relies on XSAVES/XRSTORS to context switch shadow
> > > > + * stack state. If this isn't present, disable user shadow
> > > > + * stacks.
> > > > + */
> > > > + pr_err("x86/fpu: CET_USER not supported in xstate when CET is
> > > supported. Disabling shadow stacks.\n");
> > > > + setup_clear_cpu_cap(X86_FEATURE_USER_SHSTK);
> > >
> > > Doesn't this apply to IBT as well? This code is also misplaced, as it needs to
> > > live after at least this code:
> >
> > Good point, it likely does. I can't confirm that as I don't have IBT hardware,
> > but assuming that a guest can see CET_IBT=1 this same problem would exist.
>
> Actually, I don't think this does apply to IBT as well. Per
> Documentation/arch/x86/shstk.rst, only kernel IBT is currently supported by
> Linux. And kernel IBT does not require either CET_USER or CET_KERNEL XSS
> support from what I see. (CET_KERNEL is only for the shadow stack related
> MSRs)
KVM virtualizes IBT and SHSTK, for both user and kernel, and relies on the host
kernel to save/restore IA32_U_CET.
Note, I think xsave_cpuid_features[] is also flawed. Per the SDM, {U,S}_CET also
exist if IBT is supported:
Bit 20: CET_IBT. Supports CET indirect branch tracking features if 1. Processors
that set this bit define bits 5:2 and bits 63:10 of the IA32_U_CET and IA32_S_CET
MSRs.
The current code likely works because all "real" CPUs that support IBT also support
SHSTK.
next prev parent reply other threads:[~2026-04-06 14:26 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-03 15:49 [PATCH] x86/fpu: Disable shstk if no CET_USER state David Kaplan
2026-04-03 19:36 ` Sean Christopherson
2026-04-03 19:52 ` Kaplan, David
2026-04-03 20:10 ` Kaplan, David
2026-04-06 14:26 ` Sean Christopherson [this message]
2026-04-06 15:04 ` Kaplan, David
2026-04-06 15:32 ` Sean Christopherson
2026-04-07 21:30 ` Kaplan, David
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=adPCqGMF-eV2ZUuV@google.com \
--to=seanjc@google.com \
--cc=David.Kaplan@amd.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=tglx@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.