Make TDP a hard requirement for Shadow Stacks, as there are no plans to
add Shadow Stack support to the Shadow MMU.  E.g. KVM hasn't been taught
to understand the magic Writable=0,Dirty=0 combination that is required
for Shadow Stack accesses, and so enabling Shadow Stacks when using
shadow paging will put the guest into an infinite #PF loop (KVM thinks the
shadow page tables have a valid mapping, hardware says otherwise).

Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/cpuid.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index 32fde9e80c28..499c86bd457e 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -955,6 +955,14 @@ void kvm_set_cpu_caps(void)
 	if (!tdp_enabled || !boot_cpu_has(X86_FEATURE_OSPKE))
 		kvm_cpu_cap_clear(X86_FEATURE_PKU);
 
+	/*
+	 * Shadow Stacks aren't implemented in the Shadow MMU.  Shadow Stack
+	 * accesses require "magic" Writable=0,Dirty=1 protection, which KVM
+	 * doesn't know how to emulate or map.
+	 */
+	if (!tdp_enabled)
+		kvm_cpu_cap_clear(X86_FEATURE_SHSTK);
+
 	kvm_cpu_cap_init(CPUID_7_EDX,
 		F(AVX512_4VNNIW),
 		F(AVX512_4FMAPS),
-- 
2.51.0.470.ga7dc726c21-goog

On 9/20/2025 6:32 AM, Sean Christopherson wrote:
> Make TDP a hard requirement for Shadow Stacks, as there are no plans to
> add Shadow Stack support to the Shadow MMU.  E.g. KVM hasn't been taught
> to understand the magic Writable=0,Dirty=0 combination that is required
> for Shadow Stack accesses, and so enabling Shadow Stacks when using
> shadow paging will put the guest into an infinite #PF loop (KVM thinks the
> shadow page tables have a valid mapping, hardware says otherwise).
> 
> Signed-off-by: Sean Christopherson <seanjc@google.com>

Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>

> ---
>   arch/x86/kvm/cpuid.c | 8 ++++++++
>   1 file changed, 8 insertions(+)
> 
> diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
> index 32fde9e80c28..499c86bd457e 100644
> --- a/arch/x86/kvm/cpuid.c
> +++ b/arch/x86/kvm/cpuid.c
> @@ -955,6 +955,14 @@ void kvm_set_cpu_caps(void)
>   	if (!tdp_enabled || !boot_cpu_has(X86_FEATURE_OSPKE))
>   		kvm_cpu_cap_clear(X86_FEATURE_PKU);
>   
> +	/*
> +	 * Shadow Stacks aren't implemented in the Shadow MMU.  Shadow Stack
> +	 * accesses require "magic" Writable=0,Dirty=1 protection, which KVM
> +	 * doesn't know how to emulate or map.
> +	 */
> +	if (!tdp_enabled)
> +		kvm_cpu_cap_clear(X86_FEATURE_SHSTK);
> +
>   	kvm_cpu_cap_init(CPUID_7_EDX,
>   		F(AVX512_4VNNIW),
>   		F(AVX512_4FMAPS),

On 9/20/2025 6:32 AM, Sean Christopherson wrote:
> Make TDP a hard requirement for Shadow Stacks, as there are no plans to
> add Shadow Stack support to the Shadow MMU.  E.g. KVM hasn't been taught
> to understand the magic Writable=0,Dirty=0 combination that is required

Writable=0,Dirty=0 -> Writable=0,Dirty=1

Otherwise,
Reviewed-by: Binbin Wu <binbin.wu@linux.intel.com>

> for Shadow Stack accesses, and so enabling Shadow Stacks when using
> shadow paging will put the guest into an infinite #PF loop (KVM thinks the
> shadow page tables have a valid mapping, hardware says otherwise).
>
> Signed-off-by: Sean Christopherson <seanjc@google.com>
> ---
>   arch/x86/kvm/cpuid.c | 8 ++++++++
>   1 file changed, 8 insertions(+)
>
> diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
> index 32fde9e80c28..499c86bd457e 100644
> --- a/arch/x86/kvm/cpuid.c
> +++ b/arch/x86/kvm/cpuid.c
> @@ -955,6 +955,14 @@ void kvm_set_cpu_caps(void)
>   	if (!tdp_enabled || !boot_cpu_has(X86_FEATURE_OSPKE))
>   		kvm_cpu_cap_clear(X86_FEATURE_PKU);
>   
> +	/*
> +	 * Shadow Stacks aren't implemented in the Shadow MMU.  Shadow Stack
> +	 * accesses require "magic" Writable=0,Dirty=1 protection, which KVM
> +	 * doesn't know how to emulate or map.
> +	 */
> +	if (!tdp_enabled)
> +		kvm_cpu_cap_clear(X86_FEATURE_SHSTK);
> +
>   	kvm_cpu_cap_init(CPUID_7_EDX,
>   		F(AVX512_4VNNIW),
>   		F(AVX512_4FMAPS),