Shadow stack is supported on newer AMD processors, but the kernel
implementation has not been tested on them. Prevent basic issues from
showing up for normal users by disabling shadow stack on all CPUs except
Intel until it has been tested. At which point the limitation should be
removed.
Signed-off-by: Rick Edgecombe <rick.p.edgecombe@xxxxxxxxx>
---
v1:
- New patch.
arch/x86/kernel/cpu/common.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 9ee339f5b8ca..7fbfe707a1db 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -517,6 +517,14 @@ __setup("nopku", setup_disable_pku);
static __always_inline void setup_cet(struct cpuinfo_x86 *c)
{
+ /*
+ * Shadow stack is supported on AMD processors, but has not been
+ * tested. Only support it on Intel processors until this is done.
+ * At which point, this vendor check should be removed.
+ */
+ if (c->x86_vendor != X86_VENDOR_INTEL)
+ setup_clear_cpu_cap(X86_FEATURE_SHSTK);
+
if (!cpu_feature_enabled(X86_FEATURE_SHSTK))
return;
--
2.17.1
