From nobody Fri Apr 3 12:26:41 2026 Received: from mail-244123.protonmail.ch (mail-244123.protonmail.ch [109.224.244.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5A28E344054 for ; Fri, 20 Feb 2026 12:44:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=109.224.244.123 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771591494; cv=none; b=bSZFNUKXLE9Fo0LaO7ohBHQrpHx8RFZzj+jpqsy/GRRD0lJDAaTt7vyjfs8dXTqzFlI9PFw2v63wASflMTo7VlaNLjCJ4byF3J0hzjLo0ikta/FGZ8XjDnntcO2PZ7Lus5yZ3WfOouKgc5qeBi3/P1Te4W0m/nsAP7vHZ/SD5bU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771591494; c=relaxed/simple; bh=6u5IeIgvjbDjaxjJTuRXTmR6NGkknxCa5fR2Rwz+LWc=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=tFnkNXS2uzMQRFWK+TdMYd1QlJDAJNA2q4/yWCCRVqrco/JpX1vzGvN+BotqXHl288cRG+MMrzy50LpCAoBSOyzYIjfuYmDYJLdaPkm84mtwEiKfkMg2chuTcu5rssjl4A4BFWcJNAUWk/6ZhmDsPQVXr+IXfMxcJowZZLtzq/A= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=pm.me; spf=pass smtp.mailfrom=pm.me; dkim=pass (2048-bit key) header.d=pm.me header.i=@pm.me header.b=duPk0HQC; arc=none smtp.client-ip=109.224.244.123 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=pm.me Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=pm.me Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=pm.me header.i=@pm.me header.b="duPk0HQC" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pm.me; s=protonmail3; t=1771591485; x=1771850685; bh=8dY8pcaRxOZ1sCdxB4dipkfHn87abpoNsKCXX3e6sA4=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=duPk0HQCa7RpiMdt1qbkfvCrZxOHkzMtmT0R8vqy0qM/+st/6I+LVd+FcDxuflMdh emSSnWcd5+85uiNTmMbix8W35Dzz+/FJNz1zmdtQM2WiPTutPZUVJKjupy8DY4Q304 HuL2+GZjXiApd50GvOQr+D8MTqG/hpZcyRbw+NqYBYz4+s2ydhJ9poWY9iWcNfY3CG N6+vylw7tsSnFLPswizHrJ/1tBlyQzoQPwGQ8gHsvL2TWhp0KjwBs5jX2gNtR6EDF5 ucWNe7XGMRij5ZOq1HUHtCMSplUb/BaxeY80moFCAONYFQKQhJUOgAnS8PPMhZYbVI LFuLGtFtd95mQ== Date: Fri, 20 Feb 2026 12:44:41 +0000 To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" From: Maciej Wieczor-Retman Cc: m.wieczorretman@pm.me, Farrah Chen , Maciej Wieczor-Retman , stable@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v6 1/3] x86/cpu: Clear feature bits disabled at compile-time Message-ID: In-Reply-To: References: Feedback-ID: 164464600:user:proton X-Pm-Message-ID: f321113ee7ba66fe27866265a4af1d7666746fec Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Maciej Wieczor-Retman If some config options are disabled during compile time, they still are enumerated in macros that use the x86_capability bitmask - cpu_has() or this_cpu_has(). The features are also visible in /proc/cpuinfo even though they are not enabled - which is contrary to what the documentation states about the file. Examples of such feature flags are lam, fred, sgx, ibrs_enhanced, split_lock_detect, user_shstk, avx_vnni and enqcmd. Once the cpu_caps_cleared array is initialized with the autogenerated disabled bitmask apply_forced_caps() will clear the corresponding bits in boot_cpu_data.x86_capability[] and other secondary cpus' cpu_data.x86_capability[]. Thus features disabled at compile time won't show up in /proc/cpuinfo. Reported-by: Farrah Chen Closes: https://bugzilla.kernel.org/show_bug.cgi?id=3D220348 Signed-off-by: Maciej Wieczor-Retman Cc: # 6.18.x --- Changelog v6: - Remove patch message portions that are not just describing the diff. arch/x86/kernel/cpu/common.c | 3 ++- arch/x86/tools/cpufeaturemasks.awk | 6 ++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index e7ab22fce3b5..8d12c5722245 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -732,7 +732,8 @@ static const char *table_lookup_model(struct cpuinfo_x8= 6 *c) } =20 /* Aligned to unsigned long to avoid split lock in atomic bitmap ops */ -__u32 cpu_caps_cleared[NCAPINTS + NBUGINTS] __aligned(sizeof(unsigned long= )); +__u32 cpu_caps_cleared[NCAPINTS + NBUGINTS] __aligned(sizeof(unsigned long= )) =3D + DISABLED_MASK_INITIALIZER; __u32 cpu_caps_set[NCAPINTS + NBUGINTS] __aligned(sizeof(unsigned long)); =20 #ifdef CONFIG_X86_32 diff --git a/arch/x86/tools/cpufeaturemasks.awk b/arch/x86/tools/cpufeature= masks.awk index 173d5bf2d999..b7f4e775a365 100755 --- a/arch/x86/tools/cpufeaturemasks.awk +++ b/arch/x86/tools/cpufeaturemasks.awk @@ -82,6 +82,12 @@ END { } printf " 0\t\\\n"; printf "\t) & (1U << ((x) & 31)))\n\n"; + + printf "\n#define %s_MASK_INITIALIZER\t\t\t\\", s; + printf "\n\t{\t\t\t\t\t\t\\"; + for (i =3D 0; i < ncapints; i++) + printf "\n\t\t%s_MASK%d,\t\t\t\\", s, i; + printf "\n\t}\n\n"; } =20 printf "#endif /* _ASM_X86_CPUFEATUREMASKS_H */\n"; --=20 2.53.0 From nobody Fri Apr 3 12:26:41 2026 Received: from mail-106120.protonmail.ch (mail-106120.protonmail.ch [79.135.106.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3EC513446DE for ; Fri, 20 Feb 2026 12:44:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=79.135.106.120 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771591504; cv=none; b=HHE6dBSCl/2bG/UlQcT7BRft06dQtTsvcI9pDp29j6rbdV6NKwNFGyllSfock4qUEUcIEX38bR969hSZTQzSq6g66qCe+DeGfwMhL9pnty8ZYbNhe+6LSMax0CNIbT9nAdAX3ilOdOdIjYenIEU+mLIJ5IdFHCszhtDFT3tPY0k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771591504; c=relaxed/simple; bh=SnYYqYLvanlR+WoEHY4YZxCbr7GGiRUBqbCKaSNdHp8=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=KkMvjOwV7FzP3P+fofkf8Nt7e2TEQ0JDGfftVnqg/pWTivbMRNm/fHZsVctkZYbL0KuYdQIhmbJFaWEdEWe7Hu0zNMyfI4E6EAZAOMiRIM8rWifLXW22j3ptAB5ehK43hzaXuRH3RaUV2L4yZ+s+48IDOLQPc+bzjl2RTJcVxL4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=pm.me; spf=pass smtp.mailfrom=pm.me; dkim=pass (2048-bit key) header.d=pm.me header.i=@pm.me header.b=csTFGOBh; arc=none smtp.client-ip=79.135.106.120 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=pm.me Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=pm.me Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=pm.me header.i=@pm.me header.b="csTFGOBh" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pm.me; s=protonmail3; t=1771591491; x=1771850691; bh=zSS9i65tCPoxZMt75pB/krRlarbbjIZ+KDWjsDSZDRA=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=csTFGOBhxV34p8yn/8d3fo2gN9rOC4xSZjNkSWX5MGqeMi1txrK5MEo0FfOgqtcle YkBDSLO+pNMqWf8LNFosOQVh+q2C56fAycfFqDXxatyLvXjFPJtbmTS0Os+C+10rHI ALyeAk+aY/gfCgoQVs9wNt2RjGabzaJenORxLCfEsb5yzwj8y5rgzMU56qlJ34fXOJ n/RPJCg0MJkoWQebmNx+tkaS9B7KDf4K9dDq7pXWiPIcbpvbODIdmlgB8sD7w5YFwZ DTbmuHYVHEXUkrnRbCwKCPVP+qn9CDZqfnDw4AMD3UPG1Xp9der6LZmpT3D7QV255B avAQdSCkEX+7Q== Date: Fri, 20 Feb 2026 12:44:47 +0000 To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Peter Zijlstra From: Maciej Wieczor-Retman Cc: m.wieczorretman@pm.me, Maciej Wieczor-Retman , linux-kernel@vger.kernel.org Subject: [PATCH v6 2/3] x86/cpu: Check if feature string is non-zero Message-ID: In-Reply-To: References: Feedback-ID: 164464600:user:proton X-Pm-Message-ID: 56a91d580c6d07c71ec193bc98bbc173bed1045b Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Maciej Wieczor-Retman In filter_cpuid_features, x86_cap_flags[] is read, but it's not verified whether the string is non-zero which could lead to unwanted output. In two more places there are open coded paths that try to retrieve a feature string, and if there isn't one, the feature word and bit are returned instead. While correcting filter_cpuid_features() with a helper it's trivial to also clean up these open coded cases. Signed-off-by: Maciej Wieczor-Retman --- Changelog v6: - Remove parts of the patch message that are redundant and just copy what's visible in the diff. - Redo the helper to use an external char buffer instead of a local static string. arch/x86/kernel/cpu/common.c | 26 +++++++++++++++++++++----- arch/x86/kernel/cpu/cpuid-deps.c | 20 +++----------------- include/linux/cpu.h | 2 ++ 3 files changed, 26 insertions(+), 22 deletions(-) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 8d12c5722245..44ae2f936395 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -675,6 +675,7 @@ cpuid_dependent_features[] =3D { static void filter_cpuid_features(struct cpuinfo_x86 *c, bool warn) { const struct cpuid_dependent_feature *df; + char feature_buf[16]; =20 for (df =3D cpuid_dependent_features; df->feature; df++) { =20 @@ -697,7 +698,7 @@ static void filter_cpuid_features(struct cpuinfo_x86 *c= , bool warn) continue; =20 pr_warn("CPU: CPU feature %s disabled, no CPUID level 0x%x\n", - x86_cap_flags[df->feature], df->level); + x86_cap_name(df->feature, feature_buf), df->level); } } =20 @@ -1631,6 +1632,7 @@ static inline bool parse_set_clear_cpuid(char *arg, b= ool set) =20 while (arg) { bool found __maybe_unused =3D false; + char name_buf[16]; unsigned int bit; =20 opt =3D strsep(&arg, ","); @@ -1651,10 +1653,7 @@ static inline bool parse_set_clear_cpuid(char *arg, = bool set) setup_clear_cpu_cap(bit); } /* empty-string, i.e., ""-defined feature flags */ - if (!x86_cap_flags[bit]) - pr_cont(" %d:%d\n", bit >> 5, bit & 31); - else - pr_cont(" %s\n", x86_cap_flags[bit]); + pr_cont(" %s\n", x86_cap_name(bit, name_buf)); =20 taint++; } @@ -1972,6 +1971,23 @@ static void generic_identify(struct cpuinfo_x86 *c) #endif } =20 +const char *x86_cap_name(unsigned int bit, char *buf) +{ + unsigned int word =3D bit >> 5; + const char *name =3D NULL; + + if (likely(word < NCAPINTS)) + name =3D x86_cap_flags[bit]; + else if (likely(word < NCAPINTS + NBUGINTS)) + name =3D x86_bug_flags[bit - 32 * NCAPINTS]; + + if (name) + return name; + + snprintf(buf, sizeof(buf), "%u:%u", word, bit & 31); + return buf; +} + /* * This does the hard work of actually picking apart the CPU stuff... */ diff --git a/arch/x86/kernel/cpu/cpuid-deps.c b/arch/x86/kernel/cpu/cpuid-d= eps.c index 146f6f8b0650..7fad18e7d2eb 100644 --- a/arch/x86/kernel/cpu/cpuid-deps.c +++ b/arch/x86/kernel/cpu/cpuid-deps.c @@ -2,6 +2,7 @@ #include #include #include +#include #include =20 struct cpuid_dep { @@ -156,21 +157,6 @@ void setup_clear_cpu_cap(unsigned int feature) do_clear_cpu_cap(NULL, feature); } =20 -/* - * Return the feature "name" if available, otherwise return - * the X86_FEATURE_* numerals to make it easier to identify - * the feature. - */ -static const char *x86_feature_name(unsigned int feature, char *buf) -{ - if (x86_cap_flags[feature]) - return x86_cap_flags[feature]; - - snprintf(buf, 16, "%d*32+%2d", feature / 32, feature % 32); - - return buf; -} - void check_cpufeature_deps(struct cpuinfo_x86 *c) { char feature_buf[16], depends_buf[16]; @@ -185,8 +171,8 @@ void check_cpufeature_deps(struct cpuinfo_x86 *c) */ pr_warn_once("x86 CPU feature dependency check failure: CPU%d has '%s' = enabled but '%s' disabled. Kernel might be fine, but no guarantees.\n", smp_processor_id(), - x86_feature_name(d->feature, feature_buf), - x86_feature_name(d->depends, depends_buf)); + x86_cap_name(d->feature, feature_buf), + x86_cap_name(d->depends, depends_buf)); } } } diff --git a/include/linux/cpu.h b/include/linux/cpu.h index 487b3bf2e1ea..30e5a92430da 100644 --- a/include/linux/cpu.h +++ b/include/linux/cpu.h @@ -229,4 +229,6 @@ static inline bool cpu_attack_vector_mitigated(enum cpu= _attack_vectors v) #define smt_mitigations SMT_MITIGATIONS_OFF #endif =20 +const char *x86_cap_name(unsigned int bit, char *buf); + #endif /* _LINUX_CPU_H_ */ --=20 2.53.0 From nobody Fri Apr 3 12:26:41 2026 Received: from mail-4322.protonmail.ch (mail-4322.protonmail.ch [185.70.43.22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 048E9344025 for ; Fri, 20 Feb 2026 12:44:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.70.43.22 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771591498; cv=none; b=SsU58QdHk+o7wfM/3JzfybDttqSgaaqPM8IeDqI85vscLSBSlE+yhtHLHadrPAP9B+a0bkurAMJEwDXAlsU4QerGCtGGXJ1Q2prEHXSUh5NrJ/F23UR3kSu0qB/9cjFmgPcy+KdhLbH2PNo04XExYhDuFNV00GDnjaeZcQA2ybw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771591498; c=relaxed/simple; bh=dbjZTnfZRabrqXMuDiYj7pgwuLM+EfqyVTQdUldYx7g=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=LVQNxoB+5hgNSWLB2Hu5S5k/gJhwlh7K0deRBjsnO7xMfsPJjTdKCFytbU8x1gTfGuKBCg4NDDm4uwnPxmhxdCUES1878ogzT9ioDiwF1J+3ugiQLC3uM1OaH3kw9XF/jvVonxov501by3ViVIXGarZGIWwAO0YujzyTsald5w8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=pm.me; spf=pass smtp.mailfrom=pm.me; dkim=pass (2048-bit key) header.d=pm.me header.i=@pm.me header.b=mE4I9xV2; arc=none smtp.client-ip=185.70.43.22 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=pm.me Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=pm.me Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=pm.me header.i=@pm.me header.b="mE4I9xV2" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pm.me; s=protonmail3; t=1771591494; x=1771850694; bh=4ljThCglF/lbdPGhFUHkatPf+49DQpPk0pS/0ohUeDc=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=mE4I9xV2KytWku1+AlNiDyIh5O/hmLLq6elukT/6EuUT65yqdJ2rI+pUHJclr/btk 9oCSmZzRE0doIgJym2GXyJw+vcHZbusu3tOlLoCkn7PWgoyumGdBsX7linKbm7r8GN Il8Sm0CRjFxbDtDVQH/Qt/JJBlws0LCWlw2gmwQ0TUeOivkunb5LdJWevi/Dg+wtCs m1kG0ZHMfOR1V/4XhjCvhAG0m2e071ewhmtV9GM5tAwhvh/J4R8iVqhszCVeiFyMVU ISOqvbWBLeJYHP5cp+muDOXKD7/dWs5K1J0FeDSQprXvvads656ZuXbKYAQCTynXUX viJKlGUEye6Ew== Date: Fri, 20 Feb 2026 12:44:53 +0000 To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" From: Maciej Wieczor-Retman Cc: m.wieczorretman@pm.me, Maciej Wieczor-Retman , linux-kernel@vger.kernel.org Subject: [PATCH v6 3/3] x86/cpu: Do a sanity check on required feature bits Message-ID: <522f333abb9d66af9afcad7d3e1836dd33dc3046.1771590895.git.m.wieczorretman@pm.me> In-Reply-To: References: Feedback-ID: 164464600:user:proton X-Pm-Message-ID: a72699783a20f32bbccad767051298b063d90c4d Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Maciej Wieczor-Retman After cpu identification concludes, do a sanity check by comparing the final x86_capability bitmask with the pre-defined required feature bits. Signed-off-by: Maciej Wieczor-Retman Acked-by: H. Peter Anvin (Intel) --- Changelog v6: - Add Peter's acked-by tag. - Rename patch subject to imperative form. - Add a char buffer to the x86_cap_name() call. arch/x86/kernel/cpu/common.c | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 44ae2f936395..f4d4a4c17106 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -1988,6 +1988,37 @@ const char *x86_cap_name(unsigned int bit, char *buf) return buf; } =20 +/* + * As a sanity check compare the final x86_capability bitmask with the ini= tial + * predefined required feature bits. In case of a mismatch emit a warning = with + * the faulty bitmask value. + */ +static void verify_required_features(const struct cpuinfo_x86 *c) +{ + u32 missing[NCAPINTS] =3D REQUIRED_MASK_INITIALIZER; + char cap_buf[16]; + u32 error =3D 0; + unsigned int i; + + for (i =3D 0; i < NCAPINTS; i++) { + missing[i] &=3D ~c->x86_capability[i]; + error |=3D missing[i]; + } + + if (!error) + return; /* All good */ + + /* + * At least one required feature is missing. Print a warning, + * and taint the kernel. + */ + pr_warn("cpu %d: missing required feature(s):", c->cpu_index); + for_each_set_bit(i, (void *)missing, NCAPINTS << 5) + pr_cont(" %s", x86_cap_name(i, cap_buf)); + pr_cont("\n"); + add_taint(TAINT_CPU_OUT_OF_SPEC, LOCKDEP_STILL_OK); +} + /* * This does the hard work of actually picking apart the CPU stuff... */ @@ -2117,6 +2148,8 @@ static void identify_cpu(struct cpuinfo_x86 *c) mcheck_cpu_init(c); =20 numa_add_cpu(smp_processor_id()); + + verify_required_features(c); } =20 /* --=20 2.53.0