From nobody Mon Jun  8 22:54:20 2026
Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 183A43911A8;
	Tue, 26 May 2026 03:41:29 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=193.142.43.55
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1779766891; cv=none;
 b=uGQG/3UB4PJZFx1mzo/f1OvaDw7pl4oJHKXOGOdDMJAKsERRksXxRVHfs4DHXbI7ggtjzuXZRafzYv4U6vsxqDATnSTEsrA+zjrX+GlhavKwD5O3CoS7ebb84SgAW7FCFmAjUglgamHVHabFTOKXO1F45Bv0N+2tZBqw9dUNkiI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1779766891; c=relaxed/simple;
	bh=yJaKU8W+RxwDY73vgLkbdhX9K5WYO3603BjxiRAhW3c=;
	h=Date:From:To:Subject:Cc:In-Reply-To:References:MIME-Version:
	 Message-ID:Content-Type;
 b=nYz5cO1DdxcjAOA0MaJqicdbNEaOcRXMiUH+BgmvfoWVWgmmH9ThV3qsIZxH55VVI1xARTxNyYUW26r3QBKUlhGySXBjQkDxg8WhNpD4NPXPNoskog0ooDNKHX9HNUhOQB45cVcVBkz2biylNIN++Bzzem/p/mvsiGrHgj/X4TM=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linutronix.de;
 spf=pass smtp.mailfrom=linutronix.de;
 dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de
 header.b=2tj+FryJ;
 dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de
 header.b=o246wswn; arc=none smtp.client-ip=193.142.43.55
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linutronix.de
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=linutronix.de
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de
 header.b="2tj+FryJ";
	dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de
 header.b="o246wswn"
Date: Tue, 26 May 2026 03:41:20 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de;
	s=2020; t=1779766881;
	h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=0YaUV88dZmEVQo6OWQOvVurfWUONzK8HsCionoO7dRU=;
	b=2tj+FryJfB9fKpd24GqI2it4TxnuFyna/c879MT32Ev6FC0qhqe5H+heZVB37haGxZ1YHy
	cyzhDfverNipF49Px0Vpcp95EGGF22UvNR2jBlSTDblrsWKlXEUlzrxzkUI5XoI+w02fZt
	pWGAHYPa6848aeuDeb75Zb6SBcm5n4kslOoMOSLSGPbupu2sFprpb+ZsJVXm92NOazUuUr
	EA5amy0RtT3+bykgLpHD8gDqM53SXBNfkLXUCZ3yb0KoFx86U0wFXP1ow531eXyPBgQ9HN
	J8YkZQWJKJXdSRayIbKGONw/BkPnjiUyERJXSG1fumlnuX8oei8kwMxVpB0JpA==
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de;
	s=2020e; t=1779766881;
	h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=0YaUV88dZmEVQo6OWQOvVurfWUONzK8HsCionoO7dRU=;
	b=o246wswngglO3rOrArewvSi7FJzCINzSfRWalrysvnpElm7Y4whytgbWoPiqSblCu5bZA2
	S8IZX/B6anPY1YAA==
From: "tip-bot2 for Borislav Petkov (AMD)" <tip-bot2@linutronix.de>
Sender: tip-bot2@linutronix.de
Reply-to: linux-kernel@vger.kernel.org
To: linux-tip-commits@vger.kernel.org
Subject: [tip: x86/urgent] Documentation/arch/x86: Hide clearcpuid=
Cc: "Borislav Petkov (AMD)" <bp@alien8.de>, Ingo Molnar <mingo@kernel.org>,
 Mathias Krause <minipli@grsecurity.net>,
 Linus Torvalds <torvalds@linux-foundation.org>, x86@kernel.org,
 linux-kernel@vger.kernel.org
In-Reply-To: <20260520202508.160112-1-bp@kernel.org>
References: <20260520202508.160112-1-bp@kernel.org>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Message-ID: <177976688016.1039918.4869138904784937931.tip-bot2@tip-bot2>
Robot-ID: <tip-bot2@linutronix.de>
Robot-Unsubscribe: 
 Contact <mailto:tglx@kernel.org> to get blacklisted from these emails
Precedence: bulk
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

The following commit has been merged into the x86/urgent branch of tip:

Commit-ID:     80501dff814eeccebf44a59340c3fe3a205eb120
Gitweb:        https://git.kernel.org/tip/80501dff814eeccebf44a59340c3fe3a2=
05eb120
Author:        Borislav Petkov (AMD) <bp@alien8.de>
AuthorDate:    Wed, 20 May 2026 13:25:07 -07:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Tue, 26 May 2026 05:37:20 +02:00

Documentation/arch/x86: Hide clearcpuid=3D

This option was never meant to be used in production because it solely
clears the X86_FEATURE kernel-internal representation of what CPUID bits
it has detected and doesn't do any *proper* feature disablement like
clearing CR4.CET in the user shadow stack case, for example.

So remove its documentation so that it doesn't get used in production
and people get silly ideas. It is meant strictly for debugging; and if
a chicken bit for properly disabling a feature is warranted, then that
would need proper enablement.

No functional changes.

Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: Mathias Krause <minipli@grsecurity.net>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Link: https://patch.msgid.link/20260520202508.160112-1-bp@kernel.org
---
 Documentation/admin-guide/kernel-parameters.txt | 18 +----------------
 Documentation/arch/x86/cpuinfo.rst              |  4 ++++-
 2 files changed, 4 insertions(+), 18 deletions(-)

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentatio=
n/admin-guide/kernel-parameters.txt
index 4d0f545..97007f4 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -789,24 +789,6 @@ Kernel parameters
 	cio_ignore=3D	[S390]
 			See Documentation/arch/s390/common_io.rst for details.
=20
-	clearcpuid=3DX[,X...] [X86]
-			Disable CPUID feature X for the kernel. See
-			arch/x86/include/asm/cpufeatures.h for the valid bit
-			numbers X. Note the Linux-specific bits are not necessarily
-			stable over kernel options, but the vendor-specific
-			ones should be.
-			X can also be a string as appearing in the flags: line
-			in /proc/cpuinfo which does not have the above
-			instability issue. However, not all features have names
-			in /proc/cpuinfo.
-			Note that using this option will taint your kernel.
-			Also note that user programs calling CPUID directly
-			or using the feature without checking anything
-			will still see it. This just prevents it from
-			being used by the kernel or shown in /proc/cpuinfo.
-			Also note the kernel might malfunction if you disable
-			some critical bits.
-
 	clk_ignore_unused
 			[CLK]
 			Prevents the clock framework from automatically gating
diff --git a/Documentation/arch/x86/cpuinfo.rst b/Documentation/arch/x86/cp=
uinfo.rst
index 9f2e47c..17fce95 100644
--- a/Documentation/arch/x86/cpuinfo.rst
+++ b/Documentation/arch/x86/cpuinfo.rst
@@ -187,6 +187,10 @@ to disable features using the feature number as define=
d in
 Protection can be disabled using clearcpuid=3D514. The number 514 is calcu=
lated
 from #define X86_FEATURE_UMIP (16*32 + 2).
=20
+DO NOT USE this cmdline option in production - it is meant to be used only=
 as
+a quick'n'dirty debugging aid to rule out a feature-enabling code is the
+culprit. If you use it, it'll taint the kernel.
+
 In addition, there exists a variety of custom command-line parameters that
 disable specific features. The list of parameters includes, but is not lim=
ited
 to, nofsgsbase, nosgx, noxsave, etc. 5-level paging can also be disabled u=
sing