From nobody Tue Apr 7 12:37:02 2026 Received: from CH1PR05CU001.outbound.protection.outlook.com (mail-northcentralusazon11010048.outbound.protection.outlook.com [52.101.193.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4C852307AC7 for ; Fri, 3 Apr 2026 15:49:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.193.48 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775231384; cv=fail; b=t+UsnOA2qyqA5ygmpAIhLUUhzCTwuA0cvEpv82QBXHyh8noGhRP6YSQ25pmsmnwmcM92bOJP5wxyTIam0fGJ3qkDwTQUtqluYedaP2HKPe8NTbzVGR3Hru7/SAR9cK8/WU29ih21EtKyWWjWQtqUXg7DMKjxLd/sJ452VT3WtVo= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775231384; c=relaxed/simple; bh=1x+LJrZakT4J1AJ3bNSjz+Y+dcFm/e6SklzY8UEct4I=; h=From:To:CC:Subject:Date:Message-ID:MIME-Version:Content-Type; b=nzw6ErU0vVQMFH3HErdZAF7I2LJr6CWCFgoDk5aNsh1TpcSsVCZJsJo09VqwRvvgrV5URMOYRqx3BNh3LO9QOuozPtM59l7AgEZ4GXHfESIeVoO1i8IXA8oeS7rVYj77NJQYBU7DJPwZ0gtzSo7oL763Jgx3mp0pHhNSAFKbgSU= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=dkyuOHhW; arc=fail smtp.client-ip=52.101.193.48 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="dkyuOHhW" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=DnO8sQAxJFFkJsSbKkSyVHVVR5W60JcDxH0eD1qykZN/rvPaxySFxytZp1IzPgNzIVMGyKj7fMvU9apxTjxZ044uUib+my+S045aaJPFvy1M1sdnU6tcfLP3LTmUdQLieoab3hSFQoq0KmGmB1bzwdGDTGstPhh4AnOaFVuP1+uzLMemXPZOr93rhm/ierbtDgPrNL9z1bPWLC2xva7r0roZs1QPTu3+cbPb79zisN2hFZhWfXWKUEX7MGkYh/oRHRqmxcSU8LDpUWYrL0TtYOuck4nLYpRwIztiDoeoW7PpbFUQrNRx5vIoODH9XvvBmhPBQOtD9xlnMQkIhTw5Fw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=FBChuaZglHxZaW8O9PeQZh9+1t9yIXOa5EYaAoVzUpA=; b=zJnY9bPIrjVQJQq5nkCXgk5ZQkSFvdlpNU64mnwlxzTTvqCLCWj+TbP7fiRd5j3v5+Uqdn8NX9LkqdbkB7rYmzK+gDARpUw/b90Lt42PQUAz3pM0JnBOYu4XYJ7QlTSY5Q3EM3adpPWA2GLTnmDSu1r2ulwPLGNTIe6PXuRTSEBBwdY4b3mc3HJdCNnmZHnBmIyGMBvtcEDoi/jXGqD85vCrdcWaOq5Q2UJizAahomrsF3y7ftImpbX2XG6D2L4pw11NfefOmlu4MAuQFYEPSPzIKIz1iS5TAHZ0XeRpfn4tuBxPhcyuzFH3XZhUc2d/N4hPr3XqhbJ05q4NlFE06w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FBChuaZglHxZaW8O9PeQZh9+1t9yIXOa5EYaAoVzUpA=; b=dkyuOHhWmFQTO7nu28S6UN9fhnDc+a5+cACV9o528aoxnh3yKYoLMS4+dF2Wb3okh26qAtPazPc8Hnb7q6CJNqtNIs99xy1GuqUCNDZfENCZiwUQyiLJaJFymMrQYlmPCH929cfuqBeAZGszKxmsq1lmWSaFsWjp6zzOv1TlG/k= Received: from DM6PR02CA0086.namprd02.prod.outlook.com (2603:10b6:5:1f4::27) by MW4PR12MB6851.namprd12.prod.outlook.com (2603:10b6:303:20b::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.19; Fri, 3 Apr 2026 15:49:36 +0000 Received: from CY4PEPF0000E9D4.namprd03.prod.outlook.com (2603:10b6:5:1f4:cafe::ac) by DM6PR02CA0086.outlook.office365.com (2603:10b6:5:1f4::27) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9769.20 via Frontend Transport; Fri, 3 Apr 2026 15:49:35 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=satlexmb07.amd.com; pr=C Received: from satlexmb07.amd.com (165.204.84.17) by CY4PEPF0000E9D4.mail.protection.outlook.com (10.167.241.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.17 via Frontend Transport; Fri, 3 Apr 2026 15:49:36 +0000 Received: from pso-dkaplan.amd.com (10.180.168.240) by satlexmb07.amd.com (10.181.42.216) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Fri, 3 Apr 2026 10:49:35 -0500 From: David Kaplan To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , , "H. Peter Anvin" CC: Subject: [PATCH] x86/fpu: Disable shstk if no CET_USER state Date: Fri, 3 Apr 2026 10:49:14 -0500 Message-ID: <20260403154915.2285621-1-david.kaplan@amd.com> X-Mailer: git-send-email 2.53.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: satlexmb08.amd.com (10.181.42.217) To satlexmb07.amd.com (10.181.42.216) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000E9D4:EE_|MW4PR12MB6851:EE_ X-MS-Office365-Filtering-Correlation-Id: 15ae4e13-52a0-4449-fd25-08de91989ba2 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|1800799024|36860700016|376014|18002099003|56012099003; X-Microsoft-Antispam-Message-Info: hsOFH8KVJUt8fZXewaE3DqwBq1llF9RqtrWDSwojoVuzRwvCGJgp1Il1zoTJvf9OsfwLdYVVquT0svPX8lhmYPpJJpRQFOrYrUNqh1sYO9KB1nBRHW2LEpwKqY1bGJsUd6osg9iiuArjsONOCIRSVuaUPZiTuL6ngTivNQzz05gg5mAv8WbThyaT0hk66KQswdWC9QDpuORpbbbFrMLq2MXAEYWI+PmI6b68oCx7z0G54TYI+GAUQuUXY/VdfdXQ17fKMXuxNg3CeGFTSp4mTi4lXiXsbt7mqm6haJa29/iRtg082KaUFN9STiOWF6U0b3jJV1f239RTKObrR/iLloje25QBd3fn3qZeDhEXryLNggY1reE0dD2Ozi3EGRhsB0q0PBeG056IReN7LHbT37ZXeotyRy+FWWKljA54tedyS+hMLGuHidue5kI9op5U4PTaBQM55saeNs49C60tzLhlbmXVhhQPTUrRryHgV6fAieivIDCfRihVMVKiFm0mUbhH3Nr3gZKDCbLA4Z0zvixpuIVtYgU3W1sZFBXg1Jei9/wZcQBhlhtIrmTttwOBjlbJZb6vEjLOm1tma9l9C+nbc7Q/zd8KMrQgTIakjYUpUcWC7WqPYhJjhCQHLHbZjyISoUCHQmcGU2jw9A3LA03zNFXeeR7Y3C+GoUcigxXRg3azi0QP23fBcaEesxSeDru1JxL6wH41ySm1SJdgnAUcVSsiV6GV5AlsCv4VVUhh9v082/FMIgHq5NW+HLQU2gXxsogX+aiixcWH/KZaww== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:satlexmb07.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(1800799024)(36860700016)(376014)(18002099003)(56012099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: mNj5shs4dlAcFK5t+9VyLnWxsKdBu8Ob2zjq/slFUGiW+/vIaoiKgdpxKGklYje1MZ0Kz+rKy9oyvTXvrsRP0dDljP/n8fhoZJWwkVFOX5/b71XN2SzgK9q5490iuAM3xfq3UoKFD0pWU9y0BfJ0ZiwewT8z47eWn324gcgwo8lHZOvXNW3SUSIDDSPiqLVVEnoZVaqjYe/uQnN2Qra7eC+qOWsUipRjjGUX6F8YugIKe5weUj9k5th5AGiVv6PaDP3nTKoteOpMIFAcR1WoFwCdknHWkzCfhfL5nZpIjFpYz9IEJSHUakcbQETX57URdcS+Be7IlkDCnANcYSG4HkTvjurgWv1UDou/SdrBpr8JS4yOPlicNALRYmdzKcG/+xmRZVy25V3zBmAXFHW7Z2BQT60eT1jfeDhOI6V54N05kcT0lid2PJj4FaY3KlVf X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Apr 2026 15:49:36.4525 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 15ae4e13-52a0-4449-fd25-08de91989ba2 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[satlexmb07.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000E9D4.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR12MB6851 Content-Type: text/plain; charset="utf-8" Some hypervisors (including QEMU 10.1.5) may report CET_SS support in CPUID Fn7 but fail to report that CET_USER state is supported in supervisor xstate. Linux relies on XSAVES/XRSTORS to swap CET state during context switch and assumes it is supported when CET_SS is present. As a result, if a user process is run with shadow stacks enabled and then is switched away from, the system may crash because the new process may be incorrectly run with shadow stacks enabled. Detect this broken configuration and disable user shadow stacks unless CET_USER is supported in xstate. Signed-off-by: David Kaplan --- arch/x86/kernel/fpu/xstate.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index 76153dfb58c9..188323442b4d 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -855,6 +855,17 @@ void __init fpu__init_system_xstate(unsigned int legac= y_size) goto out_disable; } =20 + if (boot_cpu_has(X86_FEATURE_USER_SHSTK) && + !(fpu_kernel_cfg.max_features & XFEATURE_MASK_CET_USER)) { + /* + * The kernel relies on XSAVES/XRSTORS to context switch shadow + * stack state. If this isn't present, disable user shadow + * stacks. + */ + pr_err("x86/fpu: CET_USER not supported in xstate when CET is supported.= Disabling shadow stacks.\n"); + setup_clear_cpu_cap(X86_FEATURE_USER_SHSTK); + } + fpu_kernel_cfg.independent_features =3D fpu_kernel_cfg.max_features & XFEATURE_MASK_INDEPENDENT; =20 base-commit: d998c62f267213aeb815cf654908608eb7c00db2 --=20 2.53.0