Re: [PATCH] x86/fpu: Disable shstk if no CET_USER state

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Sean Christopherson <seanjc@google.com>
To: David Kaplan <David.Kaplan@amd.com>
Cc: Thomas Gleixner <tglx@kernel.org>, Ingo Molnar <mingo@redhat.com>,
	Borislav Petkov <bp@alien8.de>,
	 Dave Hansen <dave.hansen@linux.intel.com>,
	"x86@kernel.org" <x86@kernel.org>,
	 "H. Peter Anvin" <hpa@zytor.com>,
	 "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] x86/fpu: Disable shstk if no CET_USER state
Date: Mon, 6 Apr 2026 07:26:48 -0700	[thread overview]
Message-ID: <adPCqGMF-eV2ZUuV@google.com> (raw)
In-Reply-To: <DS7PR12MB82013EBE3FEDDDB2EAD6BA90945EA@DS7PR12MB8201.namprd12.prod.outlook.com>

On Fri, Apr 03, 2026, David Kaplan wrote:
> > From: Kaplan, David
> > > > ---
> > > >  arch/x86/kernel/fpu/xstate.c | 11 +++++++++++
> > > >  1 file changed, 11 insertions(+)
> > > >
> > > > diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c
> > > > index 76153dfb58c9..188323442b4d 100644
> > > > --- a/arch/x86/kernel/fpu/xstate.c
> > > > +++ b/arch/x86/kernel/fpu/xstate.c
> > > > @@ -855,6 +855,17 @@ void __init fpu__init_system_xstate(unsigned int
> > > legacy_size)
> > > >               goto out_disable;
> > > >       }
> > > >
> > > > +     if (boot_cpu_has(X86_FEATURE_USER_SHSTK) &&
> > > > +         !(fpu_kernel_cfg.max_features & XFEATURE_MASK_CET_USER)) {
> > > > +             /*
> > > > +              * The kernel relies on XSAVES/XRSTORS to context switch shadow
> > > > +              * stack state.  If this isn't present, disable user shadow
> > > > +              * stacks.
> > > > +              */
> > > > +             pr_err("x86/fpu: CET_USER not supported in xstate when CET is
> > > supported.  Disabling shadow stacks.\n");
> > > > +             setup_clear_cpu_cap(X86_FEATURE_USER_SHSTK);
> > >
> > > Doesn't this apply to IBT as well?  This code is also misplaced, as it needs to
> > > live after at least this code:
> >
> > Good point, it likely does.  I can't confirm that as I don't have IBT hardware,
> > but assuming that a guest can see CET_IBT=1 this same problem would exist.
> 
> Actually, I don't think this does apply to IBT as well.  Per
> Documentation/arch/x86/shstk.rst, only kernel IBT is currently supported by
> Linux.  And kernel IBT does not require either CET_USER or CET_KERNEL XSS
> support from what I see.  (CET_KERNEL is only for the shadow stack related
> MSRs)

KVM virtualizes IBT and SHSTK, for both user and kernel, and relies on the host
kernel to save/restore IA32_U_CET.

Note, I think xsave_cpuid_features[] is also flawed.  Per the SDM, {U,S}_CET also
exist if IBT is supported:

  Bit 20: CET_IBT. Supports CET indirect branch tracking features if 1. Processors
  that set this bit define bits 5:2 and bits 63:10 of the IA32_U_CET and IA32_S_CET
  MSRs.

The current code likely works because all "real" CPUs that support IBT also support
SHSTK.

next prev parent reply	other threads:[~2026-04-06 14:26 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-03 15:49 [PATCH] x86/fpu: Disable shstk if no CET_USER state David Kaplan
2026-04-03 19:36 ` Sean Christopherson
2026-04-03 19:52   ` Kaplan, David
2026-04-03 20:10     ` Kaplan, David
2026-04-06 14:26       ` Sean Christopherson [this message]
2026-04-06 15:04         ` Kaplan, David
2026-04-06 15:32           ` Sean Christopherson
2026-04-07 21:30             ` Kaplan, David

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=adPCqGMF-eV2ZUuV@google.com \
    --to=seanjc@google.com \
    --cc=David.Kaplan@amd.com \
    --cc=bp@alien8.de \
    --cc=dave.hansen@linux.intel.com \
    --cc=hpa@zytor.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=tglx@kernel.org \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox