From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wr1-f50.google.com (mail-wr1-f50.google.com [209.85.221.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5D435194C96 for ; Mon, 11 May 2026 05:04:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.50 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778475885; cv=none; b=a8CW2lxNIDdvpoIziB5xunMHH90+B056RT3dwo1hqg893/7PqTgbEchYjhV0gM8gzrYv5fxFNtCCVqzK1IhcFrJRK7StTeJEpLKlO7YdcrVT4/rl6WX3JXwYO1h3gUbUEvPgj5tjhGqd5q2bRucxgzfvCOihcEUIH9LrH0z1jpA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778475885; c=relaxed/simple; bh=4C8sIIzLNgiCIzEZb/UwO6AvQ5xynj7+XPdOzEWHyeo=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=qrVsAvD74mB64/ElcUbdbKcIX5HfCfvN+KMTZnzhO+Bt7TY7J7IZOJG8I6MH75bWHQ+42pGVLElaqgfGwSZ30HD2zOHkYBPdMuCQ3CEQGXMi66Qj681J0EJ9WSWOBoCfEVEr8cKd0kyjevdqaEoe33FjndS7TUxvIEJf7wvAAHk= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=grsecurity.net; spf=pass smtp.mailfrom=opensrcsec.com; dkim=pass (2048-bit key) header.d=grsecurity.net header.i=@grsecurity.net header.b=vzl9lcGd; arc=none smtp.client-ip=209.85.221.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=grsecurity.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=opensrcsec.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=grsecurity.net header.i=@grsecurity.net header.b="vzl9lcGd" Received: by mail-wr1-f50.google.com with SMTP id ffacd0b85a97d-43d75312379so3054200f8f.1 for ; Sun, 10 May 2026 22:04:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=grsecurity.net; s=grsec; t=1778475883; x=1779080683; darn=vger.kernel.org; h=content-transfer-encoding:in-reply-to:autocrypt:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:from:to:cc:subject:date:message-id:reply-to; bh=fQMWoG3gkFnRa1AU4M+rS1gqHIOOLQxEocF6bgVECWs=; b=vzl9lcGd9ng6K+naHsiz1OWxfF9EbZLONOcj5IVAw3OoWUNHAFOKfF/3pL85a4EJD2 QCXFPelOwUOf0FRis6WFOOjsluTk7/8XRJ9yJgN3ebUDcFrf9WioYk9RzaC7MuJGg+aT eWWCR0sKdjINSWiJ3EkmQfeY4Gre3BSQ3LNpU/3sKlQU+mtpG6WfrL/dNnVC/rLZbbdO tM0OyL0HnKNkS4DiCYgdYkUSueXDvyPq6phfC0UK+8S9f+9PzBRlbJ72XVv8yXGp3Dim nmJRzDzONG7qWjh1z4YtbbO7QhTJUImteejEkvyD1XD/MtBwa+dyvfAT5hvGs+95JRLB GoMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778475883; x=1779080683; h=content-transfer-encoding:in-reply-to:autocrypt:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=fQMWoG3gkFnRa1AU4M+rS1gqHIOOLQxEocF6bgVECWs=; b=cwd0Jx2OeBPb8Pbq2UK0LI/9EEKChJfXDcmsfYyGgifeMMSwtZJFPObP5PBWrP086y zNoMPow4VrV/hGBxAzVR1Y1ENNp44d5BaTD6ckpdwgQD2scwGgNY1lB2TFJzwN/9mxY4 00DYj7wf2fnpeL7hfqjxFlfPcjr1QPlvKM3VyB7WbSObO1lIklDGWCgYgGuXZrzX1RXZ zJdOoBoCrDOYB9l5cntKOG3COkEOIqX0eW4msNT5Qo9s00AYDuVzumJIcQvDkzqZeWMI E+24IVcXjcJSKFdb4iEMzMI26LW+YqPYl+3CQifItd10+cc74Leqcopv0O68AOp3/4wP x1QQ== X-Gm-Message-State: AOJu0YwTrv9lj4Fx4bTot8LB0Nkri7XIWQ/hfYFP8tjeJ89NG/EAW2+W 8QLbgCVjQ/meRo3DeKsnEzoefa8fL80uhLsN3Rnjl2b1Tdjp8WJ25g2VRW7/USh71GQiVVnRE+s lM7Zh X-Gm-Gg: Acq92OHNXukQnf4LHdHADJakdZZba6ma1Ym7YjZxT3TIgX2nCFs0IkaRsfsBW7RVxUV tRxOEAhtQDeZ1HGtIGHxAjmifxH2aQYgMsxVRx8UsasFcXBhGX2CpjZl95gouiQ8j2UlNtI/vto DalhqdL3m04+3tKy55FiSSh04h6RcYicN1R0RT8CwmAfdkzvhMjy314+cOgxm0ZtvMYRdGigSlE nmshCF3dM9vU+MzD4SiR6l39WCtULG3Rj5H0V0s3MJPVtoJRpuxyoMRSym1ja55UAt6da2JpxZi NB+/Yz7fsKK2VOyVYrmyd3Rxg92o4gAe3YLwWf/1zLBmuZ66AHKyOYohwDlqwA/Z+1r/H+hT0WI sa/TwaYB8xF/5eLRc1PQyBABDGoTZNHf4PsLmM0VEd3gUOeIDr9R5SUJDWlWLiG90DjVn2xumEp qXPUzWNgYTXB6L92Ve4msu4RHCHqnxX0YkwqJXPuRo5HIIOLVsfYgYXftrgcuY6bs5tVTA2Gm+D MZBa70Og58YWPiSa25k11tcmYXmUofvjLsTjvduebRU17wN+rm+HOADazURSjLkR/M= X-Received: by 2002:a05:6000:38f:b0:444:1fd4:a4ff with SMTP id ffacd0b85a97d-452e7e7e914mr25147711f8f.9.1778475882662; Sun, 10 May 2026 22:04:42 -0700 (PDT) Received: from ?IPV6:2003:fa:af26:200:51a:ef03:a698:a1fc? (p200300faaf260200051aef03a698a1fc.dip0.t-ipconnect.de. [2003:fa:af26:200:51a:ef03:a698:a1fc]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-45491304387sm22131606f8f.21.2026.05.10.22.04.41 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 10 May 2026 22:04:42 -0700 (PDT) Message-ID: <13936b8a-4684-48a4-91eb-de0e1c2913ee@grsecurity.net> Date: Mon, 11 May 2026 07:04:44 +0200 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v2] x86/shstk: Provide kernel command line knob to disable To: Dave Hansen , "Edgecombe, Rick P" , "bp@alien8.de" , "dave.hansen@linux.intel.com" , "peterz@infradead.org" , "x86@kernel.org" , "mingo@redhat.com" , "tglx@kernel.org" Cc: "linux-kernel@vger.kernel.org" , "Gao, Chao" References: <20260402173606.1096172-1-minipli@grsecurity.net> <3d7c8d26-558d-40ef-9ad9-3a5100eed9e5@grsecurity.net> <739e4dd0-84a3-4b37-8cc3-b7ec59737010@intel.com> <4cffee5d2886129e621d3011db1d00a236869d1d.camel@intel.com> <457a77eb-2a77-4873-b2a1-24f5110a0393@grsecurity.net> <5b605463-533f-46ae-833a-b6c8f9bcfae1@grsecurity.net> <85cb14e7-403b-46fa-9e7d-819fef8d5a6d@intel.com> Content-Language: en-US, de-DE From: Mathias Krause Autocrypt: addr=minipli@grsecurity.net; keydata= xsDNBF4u6F8BDAC1kCIyATzlCiDBMrbHoxLywJSUJT9pTbH9MIQIUW8K1m2Ney7a0MTKWQXp 64/YTQNzekOmta1eZFQ3jqv+iSzfPR/xrDrOKSPrw710nVLC8WL993DrCfG9tm4z3faBPHjp zfXBIOuVxObXqhFGvH12vUAAgbPvCp9wwynS1QD6RNUNjnnAxh3SNMxLJbMofyyq5bWK/FVX 897HLrg9bs12d9b48DkzAQYxcRUNfL9VZlKq1fRbMY9jAhXTV6lcgKxGEJAVqXqOxN8DgZdU aj7sMH8GKf3zqYLDvndTDgqqmQe/RF/hAYO+pg7yY1UXpXRlVWcWP7swp8OnfwcJ+PiuNc7E gyK2QEY3z5luqFfyQ7308bsawvQcFjiwg+0aPgWawJ422WG8bILV5ylC8y6xqYUeSKv/KTM1 4zq2vq3Wow63Cd/qyWo6S4IVaEdfdGKVkUFn6FihJD/GxnDJkYJThwBYJpFAqJLj7FtDEiFz LXAkv0VBedKwHeBaOAVH6QEAEQEAAc0nTWF0aGlhcyBLcmF1c2UgPG1pbmlwbGlAZ3JzZWN1 cml0eS5uZXQ+wsERBBMBCgA7AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEEd7J359B9 wKgGsB94J4hPxYYBGYYFAmBbH/cCGQEACgkQJ4hPxYYBGYaX/gv/WYhaehD88XjpEO+yC6x7 bNWQbk7ea+m82fU2x/x6A9L4DN/BXIxqlONzk3ehvW3wt1hcHeF43q1M/z6IthtxSRi059RO SarzX3xfXC1pc5YMgCozgE0VRkxH4KXcijLyFFjanXe0HzlnmpIJB6zTT2jgI70q0FvbRpgc rs3VKSFb+yud17KSSN/ir1W2LZPK6er6actK03L92A+jaw+F8fJ9kJZfhWDbXNtEE0+94bMa cdDWTaZfy6XJviO3ymVe3vBnSDakVE0HwLyIKvfAEok+YzuSYm1Nbd2T0UxgSUZHYlrUUH0y tVxjEFyA+iJRSdm0rbAvzpwau5FOgxRQDa9GXH6ie6/ke2EuZc3STNS6EBciJm1qJ7xb2DTf SNyOiWdvop+eQZoznJJte931pxkRaGwV+JXDM10jGTfyV7KT9751xdn6b6QjQANTgNnGP3qs TO5oU3KukRHgDcivzp6CWb0X/WtKy0Y/54bTJvI0e5KsAz/0iwH19IB0vpYLzsDNBF4u6F8B DADwcu4TPgD5aRHLuyGtNUdhP9fqhXxUBA7MMeQIY1kLYshkleBpuOpgTO/ikkQiFdg13yIv q69q/feicsjaveIEe7hUI9lbWcB9HKgVXW3SCLXBMjhCGCNLsWQsw26gRxDy62UXRCTCT3iR qHP82dxPdNwXuOFG7IzoGBMm3vZbBeKn0pYYWz2MbTeyRHn+ZubNHqM0cv5gh0FWsQxrg1ss pnhcd+qgoynfuWAhrPD2YtNB7s1Vyfk3OzmL7DkSDI4+SzS56cnl9Q4mmnsVh9eyae74pv5w kJXy3grazD1lLp+Fq60Iilc09FtWKOg/2JlGD6ZreSnECLrawMPTnHQZEIBHx/VLsoyCFMmO 5P6gU0a9sQWG3F2MLwjnQ5yDPS4IRvLB0aCu+zRfx6mz1zYbcVToVxQqWsz2HTqlP2ZE5cdy BGrQZUkKkNH7oQYXAQyZh42WJo6UFesaRAPc3KCOCFAsDXz19cc9l6uvHnSo/OAazf/RKtTE 0xGB6mQN34UAEQEAAcLA9gQYAQoAIAIbDBYhBHeyd+fQfcCoBrAfeCeIT8WGARmGBQJeORkW AAoJECeIT8WGARmGXtgL/jM4NXaPxaIptPG6XnVWxhAocjk4GyoUx14nhqxHmFi84DmHUpMz 8P0AEACQ8eJb3MwfkGIiauoBLGMX2NroXcBQTi8gwT/4u4Gsmtv6P27Isn0hrY7hu7AfgvnK owfBV796EQo4i26ZgfSPng6w7hzCR+6V2ypdzdW8xXZlvA1D+gLHr1VGFA/ZCXvVcN1lQvIo S9yXo17bgy+/Xxi2YZGXf9AZ9C+g/EvPgmKrUPuKi7ATNqloBaN7S2UBJH6nhv618bsPgPqR SV11brVF8s5yMiG67WsogYl/gC2XCj5qDVjQhs1uGgSc9LLVdiKHaTMuft5gSR9hS5sMb/cL zz3lozuC5nsm1nIbY62mR25Kikx7N6uL7TAZQWazURzVRe1xq2MqcF+18JTDdjzn53PEbg7L VeNDGqQ5lJk+rATW2VAy8zasP2/aqCPmSjlCogC6vgCot9mj+lmMkRUxspxCHDEms13K41tH RzDVkdgPJkL/NFTKZHo5foFXNi89kA== In-Reply-To: <85cb14e7-403b-46fa-9e7d-819fef8d5a6d@intel.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit On 08.05.26 18:34, Dave Hansen wrote: > On 5/8/26 00:23, Mathias Krause wrote: >> For *me*, 'clearcpuid=shstk,ibt' would be sufficient for my debugging >> needs. It's just a question if there's more demand beside some random >> kernel hacker needing a knob to disable potential problematic features, >> i.e. do we expect actual *end users* having a need to fully disable CET >> shadow stacks too? > > Last I checked, end users aren't frequently in the business of editing > the kernel command line to turn off CPU features. Maybe once in a blue > moon to work around bugs. But those folks can live with taint until they > get fixes. Ok, I'll drop this one and go for the 'clearcpuid=shstk' approach. Thanks, Mathias