On 28.02.2026 00:16, Andrew Cooper wrote: > FRED doesn't use Supervisor Shadow Stack tokens. This means that: > > 1) memguard_guard_stack() should not write Supervisor Shadow Stack Tokens. > 2) cpu_has_bug_shstk_fracture is no longer relevant when deciding whether or > not to enable Shadow Stacks in the first place. > > Signed-off-by: Andrew Cooper <[email protected]>
Reviewed-by: Jan Beulich <[email protected]> > The SDM explicitly points out the shstk fracture vs FRED case, yet PTL > enumerates CET-SSS (immunity to shstk fracture). I can only assume that there > are other Intel CPUs with FRED but without CET-SSS. Isn't CET-SSS still relevant to OSes not using FRED (much like you do for the fred=no case)? Jan
