From nobody Sun Jun 14 16:15:51 2026
Received: from MW6PR02CU001.outbound.protection.outlook.com
 (mail-westus2azon11012067.outbound.protection.outlook.com [52.101.48.67])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 813583AF653
	for <linux-kernel@vger.kernel.org>; Wed,  8 Apr 2026 14:31:04 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=fail smtp.client-ip=52.101.48.67
ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1775658665; cv=fail;
 b=kQ6AklBtPzcBs8+NIZf1jfu2IEvLFYMIDn7n4JM4uIOWcs8XZVWEvdxgdD1/naE0ErfkgPffAks0lfgZQS2135b5qMyqwbhUMrQypehKJMwPv0WWJnSfLsP9mKhm2GcIpARE+WYOY68C2RmtT+Y8F++9htbWDCQrpi0kptafef4=
ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1775658665; c=relaxed/simple;
	bh=PALNjyG39N87YHXv6sWr+UOCV+xObPEoqAdm5VrIzLI=;
	h=From:To:CC:Subject:Date:Message-ID:MIME-Version:Content-Type;
 b=DmUu+BCJ6WbYrcS43WyGDeTDW2O9xxiWljtawJwyIQxDD6hkp54ux4qrHVJloBQjhtkASUl5z1sck+nbn4DLMsEBvBI2oefF3ATLmPlC7ET8lcZ2+J9FLmkIIeeuZw0ozOMWRc0OStHuQGgvZhfYoZ5m+nBZb4A1POxG9F4rtZ0=
ARC-Authentication-Results: i=2; smtp.subspace.kernel.org;
 dmarc=pass (p=quarantine dis=none) header.from=amd.com;
 spf=fail smtp.mailfrom=amd.com;
 dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
 header.b=Notc4wkv; arc=fail smtp.client-ip=52.101.48.67
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=quarantine dis=none) header.from=amd.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=fail smtp.mailfrom=amd.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
 header.b="Notc4wkv"
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=AMKASKlEXMPH4ul2y2N6UpOlOrLaYVkYIXFcJNgioiQxCoZ3RJl9jzVUaLuiW8N9C8ics74CWh0htpvJpB2GoLpDOmOFIek3nVCbm9jKpChhtVtGhhJ3O/8xV+/2QJ6+ReNYs3WPvXbVd6VdoEjM5lJZfrtrzObwBO3a0/yL4FpvkzHAEOxbZx5SzoOIJsUIXxU3PXCEpgWzxkOgG5p/aberwMx5CVmwqnShCy0KxR/Il+g9hjb2qXXVdY5FAJ1l7l2lEBjLKEGvkZW1B1pYjgT92UBcd7Nit0E/B1+3zDE6HhnSmo2qJiDLS5Xkc/BOPFLwwyZgvgzippGuCim1MQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=Y77h9BXDn2WzaD5UI176rA4gT4L1KSd+rO2L1MCp7QE=;
 b=p45jaEPsZWeQeznvNhRRqQtuDqTbqfb2smEXhsr8ud2AXse7EyqQBqWRRw7p2+YUnK2qQgd0C9b19RvYBqTJICjbhubNlyLHXIkM056EeDiv0184GhhotTD277OpDSPYbqUtTQUN3/3/J8P0S3m0LeBbA0mcnUPhUpA7CzGgl1IoXEIz5Y/uXvFFUfRRfZJfLknzLWnjjB261QWT9RQML1XAM72jhKcMGfPyCDU5tE46LKF/kF2MLvQFc7BY4TX72xa78Ia5ZqlmBUjt8L24e7A+sMdrLbDwZF6ThKcpnmjIaLo8ZFVtkl2P1edilCI/ZC72LDmqqzjPpRQVWwnv8g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 165.204.84.17) smtp.rcpttodomain=kernel.org smtp.mailfrom=amd.com; dmarc=pass
 (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com;
 dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=Y77h9BXDn2WzaD5UI176rA4gT4L1KSd+rO2L1MCp7QE=;
 b=Notc4wkvBdeLwwQs960veCuIvMB5P08UaTQJjJ/8pNol30cFKXdz1SgXIQ/rM/hAcz7jLj90Tq/N4zgGCHr4EJf1Yr2QMlkRlsJCy8IJKymbcLlftMb/gTvCY27Tv5AUuo7TAyNmM/T7cGmP9dTUpU1QX/eoDAFgK+C5d0P81q4=
Received: from MN2PR03CA0013.namprd03.prod.outlook.com (2603:10b6:208:23a::18)
 by MN0PR12MB5882.namprd12.prod.outlook.com (2603:10b6:208:37a::21) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.17; Wed, 8 Apr
 2026 14:30:58 +0000
Received: from MN1PEPF0000ECD5.namprd02.prod.outlook.com
 (2603:10b6:208:23a:cafe::2) by MN2PR03CA0013.outlook.office365.com
 (2603:10b6:208:23a::18) with Microsoft SMTP Server (version=TLS1_3,
 cipher=TLS_AES_256_GCM_SHA384) id 15.20.9769.38 via Frontend Transport; Wed,
 8 Apr 2026 14:30:58 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
 smtp.mailfrom=amd.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=satlexmb07.amd.com; pr=C
Received: from satlexmb07.amd.com (165.204.84.17) by
 MN1PEPF0000ECD5.mail.protection.outlook.com (10.167.242.133) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.9769.17 via Frontend Transport; Wed, 8 Apr 2026 14:30:57 +0000
Received: from pso-dkaplan.amd.com (10.180.168.240) by satlexmb07.amd.com
 (10.181.42.216) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Wed, 8 Apr
 2026 09:30:57 -0500
From: David Kaplan <david.kaplan@amd.com>
To: Thomas Gleixner <tglx@kernel.org>, Ingo Molnar <mingo@redhat.com>,
	Borislav Petkov <bp@alien8.de>, Dave Hansen <dave.hansen@linux.intel.com>,
	<x86@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>
CC: <linux-kernel@vger.kernel.org>
Subject: [PATCH v2] x86/fpu: Disable shstk if no CET_USER state
Date: Wed, 8 Apr 2026 09:30:44 -0500
Message-ID: <20260408143044.96605-1-david.kaplan@amd.com>
X-Mailer: git-send-email 2.53.0
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-ClientProxiedBy: satlexmb08.amd.com (10.181.42.217) To satlexmb07.amd.com
 (10.181.42.216)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: MN1PEPF0000ECD5:EE_|MN0PR12MB5882:EE_
X-MS-Office365-Filtering-Correlation-Id: 8f3396eb-0037-49fe-f496-08de957b733b
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: 
	BCL:0;ARA:13230040|36860700016|82310400026|1800799024|376014|18002099003|56012099003;
X-Microsoft-Antispam-Message-Info: 
	6KU92Dc1MkAzBguBH9jbX6E2np4ghKfzeVptJVuo1smaxaYI5h6QZZ7sIanFJ0c94IAd7E0T990vMJ0Y8mn5fz5TKKJjTsdCNQpFGnsFqISLYyr2VxUdTN+CuGE3AFnJlUYXTserbkiWFUi3faGl68FmdDAsRznfs58U2fdS9YZJhgRTHMnDLAkL6WVEcW2hjlQLiusNTL9A0LGgvXRNWsFlGj+wFYTqDGCWokBJ4zynHaGW21Z5oWmqALiYuM+4zHlwFL0iP7AxIB14G9b4jMWcfJRywafq+UKwvbKLfmQKgdLFMuJYhzeQI6nYGxbCBWrpyA9Cborj/+P0GeSgw1LwqaqIv3R1UpyGysmp0ApPezSldqOq/lIrLB4ZikLrUSb1oMR7Iurdq/3VDUjO9RB+pmDlRlXbL3fL5dSLb+Z1XNfnBisQfhQl9I7eJE4Ls46lKAIEVLG6t6vAXxlERJ5g639wQdnMqxZ/ELhmLD3qTairayF4JALWfZ2oilT2ontJFRAtdYgS/3CKNcFAx47d+op+j+OxGfMI7tGLqbA4mmMc+z80uBbH/O4K8l3kJGoRQid0y7ur2tdSGVIY1aLSJ9Ih63qyduevAb1sTSqx909ysQfyuCgwWJjz3X8p8WB/0lBExqyQxHhoAJjROvpVgB0W6Pb4K0bjAG2cKu5P27wsy1KYxdE1vbzDlfImSmHNteyS1pDJZsD9MJ5Hey069Z4aB6mEqgEFZGfYOxwwXO1jQZX9pHmUPjlQDgNlCJDBQ0ZJYrKu9DF/I/l01A==
X-Forefront-Antispam-Report: 
	CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:satlexmb07.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700016)(82310400026)(1800799024)(376014)(18002099003)(56012099003);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
	jKDA5VOjcpuX50SGit/gjcgPG7pDVKMOUsgjjz47MQRpsviMZ8f6UL/T4dS3rVe1YHGuRRJ00eJfcSFEOsAgZi/WqiZ7d9NOAgP34lCYDd8S/k16ALbhr+UtYmNnQjQD+WA6uQOTDzvOcRVXG4TEaA5xrcuYo/Pfkax9mR4yzaRWuZ/W+Akaqc3FNabEaAVxg3s+/kE5VsTitS/l7p4VzH8030y/GeIU47jxIbCWjxHpy/pJz0h5ZAQo9nddsoOAYnjMJuWXoj8Zjp9nYU56CqcsSTtkC1bmQU67Ye5C4T14Xezvf88UycZRjtg0xZpigEpd7zvOrNgIEvLK40FsMYUkEIHcpwYtZjzq1pCtGnyWG0bjWi9byAK4MRARF9dFF8BPGliECAX9ckSKutrMvScK1Is+xN4txbBKBWjs6MVPfo8mRkq989qXE53UCdj9
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Apr 2026 14:30:57.9569
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 8f3396eb-0037-49fe-f496-08de957b733b
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[satlexmb07.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	MN1PEPF0000ECD5.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN0PR12MB5882
Content-Type: text/plain; charset="utf-8"

Some hypervisors (including QEMU 10.1.5) may report CET_SS support in
CPUID Fn7 but fail to report that CET_USER state is supported in
supervisor xstate.  Linux relies on XSAVES/XRSTORS to swap CET state
during context switch and assumes it is supported when CET_SS is
present.

As a result, if a user process is run with shadow stacks enabled and
then is switched away from, the system may crash because the new process
may be incorrectly run with shadow stacks enabled.

Detect this broken configuration and disable user shadow stacks unless
CET_USER is supported in xstate.

v2:
 - Moved check to later location after fpu_kernel_cfg.max_features is
   finalized.

Signed-off-by: David Kaplan <david.kaplan@amd.com>
---
 arch/x86/kernel/fpu/xstate.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c
index 76153dfb58c9..fb0412224005 100644
--- a/arch/x86/kernel/fpu/xstate.c
+++ b/arch/x86/kernel/fpu/xstate.c
@@ -878,6 +878,17 @@ void __init fpu__init_system_xstate(unsigned int legac=
y_size)
 		fpu_kernel_cfg.max_features &=3D XFEATURE_MASK_USER_SUPPORTED |
 					XFEATURE_MASK_SUPERVISOR_SUPPORTED;
=20
+	if (boot_cpu_has(X86_FEATURE_USER_SHSTK) &&
+	    !(fpu_kernel_cfg.max_features & XFEATURE_MASK_CET_USER)) {
+		/*
+		 * The kernel relies on XSAVES/XRSTORS to context switch shadow
+		 * stack state.  If this isn't present, disable user shadow
+		 * stacks.
+		 */
+		pr_err("x86/fpu: CET_USER not supported in xstate when CET is supported.=
  Disabling shadow stacks.\n");
+		setup_clear_cpu_cap(X86_FEATURE_USER_SHSTK);
+	}
+
 	fpu_user_cfg.max_features =3D fpu_kernel_cfg.max_features;
 	fpu_user_cfg.max_features &=3D XFEATURE_MASK_USER_SUPPORTED;
=20

base-commit: 6c927e5ca9d238f8ae40b453a8382eb9cf4ee855
--=20
2.53.0